Analysis Report systemupdate_ProtectedAUS.exe
Overview
General Information |
---|
Joe Sandbox Version: | 26.0.0 Aquamarine |
Analysis ID: | 934785 |
Start date: | 12.08.2019 |
Start time: | 21:25:35 |
Joe Sandbox Product: | Cloud |
Overall analysis duration: | 0h 8m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | systemupdate_ProtectedAUS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 7 (Office 2010 SP2, Java 1.8.0_40 1.8.0_191, Flash 16.0.0.305, Acrobat Reader 11.0.08, Internet Explorer 11, Chrome 55, Firefox 43) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.evad.winEXE@5/5@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Whitelisted | Threat | Detection | |
---|---|---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN | false | njRat |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control |
---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Remote Management | Registry Run Keys / Startup Folder1 | Access Token Manipulation1 | Software Packing22 | Credential Dumping3 | System Time Discovery12 | Application Deployment Software | Input Capture1 | Data Encrypted1 | Uncommonly Used Port1 |
Replication Through Removable Media | Service Execution | Port Monitors | Process Injection21 | Disabling Security Tools1 | Input Capture1 | Query Registry1 | Remote Services | Data from Local System2 | Exfiltration Over Other Network Medium | Standard Cryptographic Protocol2 |
Drive-by Compromise | Windows Management Instrumentation | Accessibility Features | Path Interception | Modify Registry1 | Credentials in Registry1 | Process Discovery2 | Windows Remote Management | Data from Network Shared Drive | Automated Exfiltration | Custom Cryptographic Protocol |
Exploit Public-Facing Application | Scheduled Task | System Firmware | DLL Search Order Hijacking | Access Token Manipulation1 | Credentials in Files2 | Application Window Discovery1 | Logon Scripts | Input Capture | Data Encrypted | Multiband Communication |
Spearphishing Link | Command-Line Interface | Shortcut Modification | File System Permissions Weakness | Process Injection21 | Account Manipulation | Security Software Discovery251 | Shared Webroot | Data Staged | Scheduled Transfer | Standard Cryptographic Protocol |
Spearphishing Attachment | Graphical User Interface | Modify Existing Service | New Service | Deobfuscate/Decode Files or Information1 | Brute Force | File and Directory Discovery1 | Third-party Software | Screen Capture | Data Transfer Size Limits | Commonly Used Port |
Spearphishing via Service | Scripting | Path Interception | Scheduled Task | Obfuscated Files or Information3 | Two-Factor Authentication Interception | System Information Discovery23 | Pass the Hash | Email Collection | Exfiltration Over Command and Control Channel | Uncommonly Used Port |
Supply Chain Compromise | Third-party Software | Logon Scripts | Process Injection | DLL Side-Loading1 | Bash History | Network Service Scanning | Remote Desktop Protocol | Clipboard Data | Exfiltration Over Alternative Protocol | Standard Application Layer Protocol |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for dropped file | Show sources |
Source: | virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | virustotal: | Perma Link |
Antivirus or Machine Learning detection for unpacked file | Show sources |
Source: | Avira: | ||
Source: | Avira: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: | Code function: | 4_2_00401329 | |
Source: | Code function: | 4_2_004023A8 | |
Source: | Code function: | 4_2_004014AE | |
Source: | Code function: | 4_2_00403678 | |
Source: | Code function: | 4_2_00402884 | |
Source: | Code function: | 4_2_00401CEA |
Networking: |
---|
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: | TCP traffic: |
Connects to IPs without corresponding DNS lookups | Show sources |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Internet Provider seen in connection with other malware | Show sources |
Source: | ASN Name: |
Found strings which match to known social media urls | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Urls found in memory or binary data | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality to log keystrokes (.Net Source) | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Contains functionality to call native functions | Show sources |
Source: | Code function: | 1_2_00551C04 | |
Source: | Code function: | 1_2_005500AD |
Creates mutexes | Show sources |
Source: | Mutant created: | ||
Source: | Mutant created: |
Detected potential crypto function | Show sources |
Source: | Code function: | 1_2_001A6013 | |
Source: | Code function: | 1_2_001AC838 | |
Source: | Code function: | 1_2_001A8958 | |
Source: | Code function: | 1_2_001AB210 | |
Source: | Code function: | 1_2_001A7DFA | |
Source: | Code function: | 1_2_001AD6D8 | |
Source: | Code function: | 1_2_001A97E8 | |
Source: | Code function: | 1_2_001A60A3 | |
Source: | Code function: | 1_2_001A60E3 | |
Source: | Code function: | 1_2_001A6232 | |
Source: | Code function: | 1_2_001A635E | |
Source: | Code function: | 1_2_006822A7 | |
Source: | Code function: | 2_2_003C6058 | |
Source: | Code function: | 2_2_003CCCD0 | |
Source: | Code function: | 2_2_003C79D8 | |
Source: | Code function: | 2_2_003C5768 | |
Source: | Code function: | 2_2_003C1B40 | |
Source: | Code function: | 2_2_003C0FEA | |
Source: | Code function: | 2_2_003C5418 | |
Source: | Code function: | 4_2_00449182 | |
Source: | Code function: | 4_2_00440CD7 | |
Source: | Code function: | 4_2_004080C8 | |
Source: | Code function: | 4_2_0045008C | |
Source: | Code function: | 4_2_00409101 | |
Source: | Code function: | 4_2_0044A248 | |
Source: | Code function: | 4_2_00431223 | |
Source: | Code function: | 4_2_004392D4 | |
Source: | Code function: | 4_2_0042B386 | |
Source: | Code function: | 4_2_0044B3BE | |
Source: | Code function: | 4_2_00435460 | |
Source: | Code function: | 4_2_00432513 | |
Source: | Code function: | 4_2_004505FC | |
Source: | Code function: | 4_2_0043F640 | |
Source: | Code function: | 4_2_0042D61C | |
Source: | Code function: | 4_2_0042170A | |
Source: | Code function: | 4_2_0044A73C | |
Source: | Code function: | 4_2_0041C8D5 | |
Source: | Code function: | 4_2_004388E7 | |
Source: | Code function: | 4_2_0040494F | |
Source: | Code function: | 4_2_0044AB54 | |
Source: | Code function: | 4_2_00451B7C | |
Source: | Code function: | 4_2_0044FB1C | |
Source: | Code function: | 4_2_00404BBF | |
Source: | Code function: | 4_2_0041EC16 | |
Source: | Code function: | 4_2_00404CCC | |
Source: | Code function: | 4_2_00450D78 | |
Source: | Code function: | 4_2_0041ADF6 | |
Source: | Code function: | 4_2_00404F44 | |
Source: | Code function: | 4_2_0044AF89 |
Found potential string decryption / allocating functions | Show sources |
Sample file is different than original file name gathered from version info | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: | File read: | Jump to behavior |
Tries to load missing DLLs | Show sources |
Source: | Section loaded: | Jump to behavior |
Yara signature match | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
.NET source code contains many API calls related to security | Show sources |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Classification label | Show sources |
Source: | Classification label: |
Contains functionality for error logging | Show sources |
Source: | Code function: | 4_2_0040AB07 |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: | Code function: | 4_2_00404399 |
Contains functionality to check free disk space | Show sources |
Source: | Code function: | 4_2_0040AFF0 |
Contains functionality to instantiate COM classes | Show sources |
Source: | Code function: | 4_2_00401F3D |
Creates files inside the user directory | Show sources |
Source: | File created: | Jump to behavior |
Creates temporary files | Show sources |
Source: | File created: | Jump to behavior |
PE file has an executable .text section and no other executable section | Show sources |
Source: | Static PE information: |
Parts of this applications are using the .NET runtime (Probably coded in C#) | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Reads ini files | Show sources |
Source: | File read: | Jump to behavior |
Reads software policies | Show sources |
Source: | Key opened: | Jump to behavior |
SQL strings found in memory and binary data | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Sample is known by Antivirus | Show sources |
Source: | virustotal: |
Spawns processes | Show sources |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Uses an in-process (OLE) Automation server | Show sources |
Source: | Key value queried: | Jump to behavior |
Uses Microsoft Silverlight | Show sources |
Source: | File opened: | Jump to behavior |
PE file contains a COM descriptor data directory | Show sources |
Source: | Static PE information: |
Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources |
Source: | Static PE information: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: | Code function: | 1_2_00689818 | |
Source: | Code function: | 1_2_00689288 | |
Source: | Code function: | 1_2_010F3A72 | |
Source: | Code function: | 2_2_010F3A72 | |
Source: | Code function: | 4_2_004448B8 |
Binary may include packed or encrypted code | Show sources |
Source: | Static PE information: | ||
Source: | Static PE information: |
Persistence and Installation Behavior: |
---|
Drops PE files | Show sources |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Creates an undocumented autostart registry key | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Detected FrenchyShellcode packer | Show sources |
Source: | Mutex created: | Jump to behavior |
Stores large binary data to the registry | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Disables application error messsages (SetErrorMode) | Show sources |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Found a high number of Window / User specific system calls (may be a loop to detect user behavior) | Show sources |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: | Evasive API call chain: | graph_4-43540 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: | Last function: | ||
Source: | Last function: |
Uses the system / local time for branch decision (may execute only at specific dates) | Show sources |
Source: | Code function: | 4_2_0040B148 |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Program exit points | Show sources |
Source: | API call chain: | graph_4-44485 | ||
Source: | API call chain: | graph_4-43541 |
Queries a list of all running processes | Show sources |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: | Code function: | 1_2_001ADC28 |
Checks for kernel debuggers (NtQuerySystemInformation(SystemKernelDebuggerInformation)) | Show sources |
Source: | System information queried: | Jump to behavior |
Checks if the current process is being debugged | Show sources |
Source: | Process queried: | Jump to behavior |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: | Code function: | 4_2_004400AC |
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError) | Show sources |
Source: | Code function: | 4_2_0044C259 |
Contains functionality to read the PEB | Show sources |
Source: | Code function: | 1_2_005501CB | |
Source: | Code function: | 1_2_005500AD | |
Source: | Code function: | 1_2_005500AD |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: | Code function: | 4_2_00443C67 |
Enables debug privileges | Show sources |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Contains functionality to register its own exception handler | Show sources |
Source: | Code function: | 4_2_00447049 | |
Source: | Code function: | 4_2_0044706C |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
.NET source code references suspicious native API functions | Show sources |
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: | ||
Source: | Reference to suspicious API methods: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: | Code function: | 4_2_00441B9C |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: | Code function: | 4_2_00448F27 |
Contains functionality to query time zone information | Show sources |
Source: | Code function: | 4_2_004483A1 |
Contains functionality to query windows version | Show sources |
Source: | Code function: | 4_2_004041A8 |
Queries the cryptographic machine GUID | Show sources |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Contains functionality to steal Internet Explorer form passwords | Show sources |
Source: | Code function: | 4_2_00401F3D | |
Source: | Code function: | 4_2_00401CEA |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior |
Tries to steal Instant Messenger accounts or passwords | Show sources |
Source: | Key opened: | Jump to behavior |
Remote Access Functionality: |
---|
Detected njRat | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: |
Samplename | Analysis ID | SHA256 | Similarity |
---|
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
21:26:34 | API Interceptor | |
21:27:32 | API Interceptor |
Antivirus and Machine Learning Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
48% | virustotal | Browse |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
48% | virustotal | Browse |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1004669 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
SecurityXploded_Producer_String_RID33B2 | Detects hacktools by SecurityXploded | Florian Roth |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
|
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth |
| |
MAL_Winnti_Sample_May18_1 | Detects malware sample from Burning Umbrella report - Generic Winnti Rule | Florian Roth |
| |
MAL_Winnti_Sample_May18_1_RID3003 | Detects malware sample from Burning Umbrella report - Generic Winnti Rule | Florian Roth |
| |
CN_disclosed_20180208_c_RID2E71 | Detects malware from disclosed CN malware set | Florian Roth |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
CN_disclosed_20180208_c | Detects malware from disclosed CN malware set | Florian Roth |
| |
MAL_Winnti_Sample_May18_1 | Detects malware sample from Burning Umbrella report - Generic Winnti Rule | Florian Roth |
| |
MAL_Winnti_Sample_May18_1_RID3003 | Detects malware sample from Burning Umbrella report - Generic Winnti Rule | Florian Roth |
| |
CN_disclosed_20180208_c_RID2E71 | Detects malware from disclosed CN malware set | Florian Roth |
| |
Njrat | detect njRAT in memory | JPCERT/CC Incident Response Group |
| |
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
SecurityXploded_Producer_String_RID33B2 | Detects hacktools by SecurityXploded | Florian Roth |
| |
SecurityXploded_Producer_String | Detects hacktools by SecurityXploded | Florian Roth |
| |
SecurityXploded_Producer_String_RID33B2 | Detects hacktools by SecurityXploded | Florian Roth |
|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
COGENT-174-CogentCommunicationsUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
File Type: | |
Size (bytes): | 399 |
Entropy (8bit): | 3.2821118737659947 |
Encrypted: | false |
MD5: | E4BF4F7ACCC657622FE419C0D62419AB |
SHA1: | C2856936DD3DE05BAD0DA5CA94D6B521E40AB5A2 |
SHA-256: | B32FA68B79C5A7CEAA89E8E537EFE33A963C499666202611329944BD2C09318E |
SHA-512: | 85DC223E39A16DDEBA53A4B3D6C9EFF14D30EC67DFDA1E650DA2C9057F640EDD033A31868915A31CAAC0D325D240A7F634F62CD52FBD2ADC68BD1D9CB6281431 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
File Type: | |
Size (bytes): | 18432 |
Entropy (8bit): | 0.852140055112637 |
Encrypted: | false |
MD5: | A8621F29FD303FB5ED20DAAD3FD3A8CB |
SHA1: | F536DE7809F38BC0FCD33A9FCA7A8CF4ECE6DDAC |
SHA-256: | 3A646CB91D47FD9345EED024714DE3AA07AFD2FA1F558D408A1A45A6D76CB572 |
SHA-512: | BA663CD2FAF7AC63536772BC2E6674779C285B297D8B70F783C80BCA658F405A306F5E3C3DDB9225928C1636F5CDB5D3585F7885D509F7B52CCFD75508F32C3F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\systemupdate_ProtectedAUS.exe |
File Type: | |
Size (bytes): | 305152 |
Entropy (8bit): | 6.89537174077336 |
Encrypted: | false |
MD5: | 812D49BE271E7D49274F94CCACA83A90 |
SHA1: | E11D287C6D0A33DA2C9C4FF13E826C0D711DDB50 |
SHA-256: | 619281BC0A12DAA8A57C1BA3B527843066FAD2ECAB1F4B2E515E5D5B5879AFCE |
SHA-512: | F02B5B4E455243AADC9FF13EF3948A77E157963CFC9DC98AFE4671A6186024719D624280FB2439B454835BE0DB58EC2707990526DC4867005D1FBF3D2FBD7A38 |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\systemupdate_ProtectedAUS.exe |
File Type: | |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
160.116.15.134 | South Africa | 174 | COGENT-174-CogentCommunicationsUS | true |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.89537174077336 |
TrID: |
|
File name: | systemupdate_ProtectedAUS.exe |
File size: | 305152 |
MD5: | 812d49be271e7d49274f94ccaca83a90 |
SHA1: | e11d287c6d0a33da2c9c4ff13e826c0d711ddb50 |
SHA256: | 619281bc0a12daa8a57c1ba3b527843066fad2ecab1f4b2e515e5d5b5879afce |
SHA512: | f02b5b4e455243aadc9ff13ef3948a77e157963cfc9dc98afe4671a6186024719d624280fb2439b454835be0db58ec2707990526dc4867005d1fbf3d2fbd7a38 |
SSDEEP: | 6144:ypzbpDZtF1JaicVykjg1072r8+oDE6sZU6jXF47zkhagF:kpDntcVykjg3Y546sZx |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....#G]................................. ........@.. ....................................@................................ |
File Icon |
---|
Icon Hash: | cccccccccccccc00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x44b82e |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5D4723EF [Sun Aug 4 18:29:03 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v4.0.30319 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4b7dc | 0x4f | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4c000 | 0x8f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x4e000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x49834 | 0x49a00 | False | 0.614173254457 | data | 6.92696568298 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4c000 | 0x8f8 | 0xa00 | False | 0.378125 | data | 3.61215263574 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x4e000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x4c0e8 | 0x537 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_GROUP_ICON | 0x4c620 | 0x14 | data | ||
RT_VERSION | 0x4c634 | 0x2c4 | data | French | France |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | 2019 BitTorrent, Inc. All Rights Reserved. |
FileVersion | 3.5.5.45311 |
CompanyName | BitTorrent Inc. |
ProductName | Torrent |
ProductVersion | 3.5.5.45311 |
FileDescription | Torrent |
OriginalFilename | uTorrent.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
French | France |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 12, 2019 21:27:05.537683010 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:05.679543972 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:05.679740906 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:07.271159887 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:07.619154930 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:07.628520966 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:07.994111061 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:11.464479923 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:11.806581020 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:11.838212013 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:11.841814041 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:12.197005987 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:29.915882111 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:29.917114973 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:30.058619022 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:30.270744085 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:30.282128096 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:30.636322021 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:33.041297913 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:33.084368944 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:33.431937933 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:35.569077015 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:35.915757895 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:36.041058064 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:36.085531950 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:36.431539059 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.673293114 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.673326015 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.673607111 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:38.815311909 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.815376043 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.815407038 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.815428019 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.815692902 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:38.957562923 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957592964 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957612038 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957628965 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957689047 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957722902 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957770109 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957815886 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:38.957906008 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:38.958055973 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.099780083 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.099824905 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.099884987 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.099931002 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.099965096 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100008965 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100025892 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.100039005 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100083113 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100117922 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100197077 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100296974 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.100336075 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100368023 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100433111 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100466013 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.100492001 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.100578070 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.241971016 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242072105 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242136002 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242197037 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242239952 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.242265940 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242311001 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242347002 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242383003 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242393017 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.242449045 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242510080 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.242548943 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242577076 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242657900 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.242686033 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242711067 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242733955 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.242809057 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.243086100 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243105888 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243144989 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243175030 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243204117 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243206978 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.243338108 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.243501902 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243527889 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243551016 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243575096 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243598938 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243626118 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.243640900 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.243750095 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.385446072 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385483980 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385505915 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385525942 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385572910 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385637045 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385757923 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385781050 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385850906 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.385854006 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.385984898 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386029959 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386099100 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386176109 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.386183023 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386241913 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386280060 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386329889 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386377096 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.386467934 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386522055 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386552095 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.386580944 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386625051 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386756897 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.386847973 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386885881 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386920929 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.386970997 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387006044 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.387118101 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387144089 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387165070 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387212992 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.387233973 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387305975 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387372971 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387424946 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.387460947 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387587070 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387594938 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.387789011 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387801886 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387825012 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387940884 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.387950897 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.388108015 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388143063 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388231039 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388262987 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.388328075 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388364077 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388448954 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.388489962 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388526917 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388569117 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388642073 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.388766050 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388812065 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388853073 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388911009 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.388916016 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.389020920 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.389100075 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.389182091 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528424025 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528459072 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528487921 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528512001 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528533936 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528557062 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528579950 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.528606892 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.528764009 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.529526949 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529565096 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529592037 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529628992 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529642105 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529679060 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529692888 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529720068 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529748917 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529748917 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.529778004 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529804945 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529829979 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.529937983 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.530003071 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530031919 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530059099 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530085087 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530133963 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530162096 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.530219078 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.531028032 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531060934 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531090975 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531121016 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531152964 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.531158924 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531189919 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531234026 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531270981 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531321049 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531332016 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531351089 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531379938 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531393051 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.531409025 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531436920 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531760931 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.531887054 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531938076 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531948090 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531958103 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.531985998 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532006979 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532028913 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532052040 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532069921 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532087088 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532306910 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.532524109 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532553911 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532625914 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532639980 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.532645941 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532697916 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532741070 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532780886 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532782078 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.532831907 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532871962 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532911062 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532942057 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532970905 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.532989979 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533008099 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533025026 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.533185005 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.533664942 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533685923 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533704042 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533720970 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533739090 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533765078 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533782005 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533808947 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533843994 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533891916 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533895016 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.533961058 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.533981085 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534018993 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534024000 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.534069061 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534105062 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534156084 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534212112 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534216881 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.534775019 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534812927 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534832001 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534868002 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534904003 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534957886 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534957886 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.534979105 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.534991026 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535041094 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535059929 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535079956 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535099030 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535115004 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535118103 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535146952 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.535154104 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535190105 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535212040 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535231113 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535341978 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535377026 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535415888 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.535446882 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.670659065 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.670737982 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.670785904 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.670928955 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.670979977 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671005011 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671159983 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671216011 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671288967 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671322107 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671333075 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671363115 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671380997 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671411037 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671530008 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671576023 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671627998 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671674013 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.671788931 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671895027 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671922922 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671960115 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.671960115 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672107935 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672138929 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672159910 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672331095 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672427893 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672460079 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672530890 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672564030 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672590971 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672595024 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672616959 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672625065 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672662020 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672722101 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672755957 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672771931 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672782898 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672796011 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672806978 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672830105 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.672832012 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.672971964 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673002005 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673023939 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673047066 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673269987 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673332930 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673389912 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673401117 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673424006 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673429012 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673474073 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673552036 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673578024 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673583031 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673599958 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673612118 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.673729897 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.673760891 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.674021959 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.674086094 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.674279928 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.674338102 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.674866915 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.674943924 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.674998999 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675033092 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675064087 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675092936 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675105095 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675142050 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675148964 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675174952 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675216913 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675266027 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675319910 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675343990 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675385952 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.675419092 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675465107 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675509930 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675555944 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675590038 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675621986 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675653934 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675687075 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.675884962 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676035881 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676081896 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676131964 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676182032 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676219940 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676264048 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676292896 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676342964 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676378965 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676422119 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676450014 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676491976 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676521063 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676548004 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676590919 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676625967 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676656961 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676708937 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676781893 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.676923037 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.676976919 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.677011967 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.677409887 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677484989 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677551985 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677650928 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677678108 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.677726030 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.677757978 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.677814960 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677871943 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677932024 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.677983046 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678024054 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678041935 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678055048 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678153038 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678244114 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678256035 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678284883 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678316116 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678373098 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678461075 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678534985 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678554058 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678592920 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678597927 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678608894 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678641081 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678649902 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678704977 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678879976 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678911924 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678914070 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.678982973 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.678992033 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679038048 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679049015 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679066896 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679095030 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679166079 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679276943 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679348946 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679404974 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679403067 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679421902 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679450035 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679457903 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679480076 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679498911 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679514885 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679569006 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679574013 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679644108 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679757118 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679828882 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679838896 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679874897 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679884911 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.679915905 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679961920 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.679992914 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.680011988 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680073977 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680085897 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.680105925 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680114985 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.680136919 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680232048 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:39.680385113 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680440903 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680475950 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680510998 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680560112 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680600882 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.680766106 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:39.747415066 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:40.103245020 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:40.103385925 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:40.447010040 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:41.524847031 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:41.869887114 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:43.568695068 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:43.916764975 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:46.068269014 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:46.148914099 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:46.505647898 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:47.928098917 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:47.928689003 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:48.287018061 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:49.069061995 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:49.115134954 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:49.458712101 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:52.068603039 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:52.113619089 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:52.490313053 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:55.068386078 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:55.109813929 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:55.458758116 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:58.068509102 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:27:58.108050108 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:27:58.458750010 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:01.068474054 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:01.116698027 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:01.458957911 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:05.927841902 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:05.929538012 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:06.271184921 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:07.569901943 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:07.927481890 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:15.569175959 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:15.927508116 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:23.927828074 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:23.929673910 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:24.287122011 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:39.568150997 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:39.911861897 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:41.928092957 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:41.928818941 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:42.286928892 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Aug 12, 2019 21:28:47.567831039 CEST | 49163 | 3361 | 192.168.1.81 | 160.116.15.134 |
Aug 12, 2019 21:28:47.928426981 CEST | 3361 | 49163 | 160.116.15.134 | 192.168.1.81 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 21:26:33 |
Start date: | 12/08/2019 |
Path: | C:\Users\user\Desktop\systemupdate_ProtectedAUS.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x10f0000 |
File size: | 305152 bytes |
MD5 hash: | 812D49BE271E7D49274F94CCACA83A90 |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 21:26:47 |
Start date: | 12/08/2019 |
Path: | C:\Users\user\Desktop\systemupdate_ProtectedAUS.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x10f0000 |
File size: | 305152 bytes |
MD5 hash: | 812D49BE271E7D49274F94CCACA83A90 |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 21:27:31 |
Start date: | 12/08/2019 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x1250000 |
File size: | 2688144 bytes |
MD5 hash: | A8CCD298F718423D35CFD925063F082D |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 26% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 46.3% |
Total number of Nodes: | 67 |
Total number of Limit Nodes: | 2 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00551C04, Relevance: 13.7, APIs: 9, Instructions: 225nativethreadprocessUNIQUE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 005500AD, Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 92nativeUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 001AB210, Relevance: 3.8, Strings: 2, Instructions: 1300UNIQUE
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 001ADC28, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
Function 001A6013, Relevance: 1.5, Strings: 1, Instructions: 211COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 1.59% |
Function 001A7DFA, Relevance: .8, Instructions: 842COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001AC838, Relevance: .6, Instructions: 611COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A8958, Relevance: .6, Instructions: 608COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A97E8, Relevance: .4, Instructions: 415COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001AD6D8, Relevance: .4, Instructions: 372COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A635E, Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A60A3, Relevance: .2, Instructions: 191COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A60E3, Relevance: .2, Instructions: 184COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 001A6232, Relevance: .2, Instructions: 178COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00551E97, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118synchronizationUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 001ADC20, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
Function 005317A0, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 4.01% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00531168, Relevance: 1.3, APIs: 1, Instructions: 53memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0012D3DC, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0012D4C8, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0012D3D7, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0012D4C3, Relevance: .1, Instructions: 56COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Non-executed Functions |
---|
Execution Graph |
---|
Execution Coverage: | 25.6% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 106 |
Total number of Limit Nodes: | 2 |
Graph
Executed Functions |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003C0FEA, Relevance: 9.2, Strings: 7, Instructions: 426UNIQUE
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003C1B40, Relevance: 2.8, Strings: 2, Instructions: 305UNIQUE
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003CCCD0, Relevance: .4, Instructions: 381COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 003C5768, Relevance: .3, Instructions: 283COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 003C6058, Relevance: .3, Instructions: 268COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 003CB700, Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 454memorythreadUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003C2C48, Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 003CD938, Relevance: 1.6, APIs: 1, Instructions: 71UNIQUE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 003CD940, Relevance: 1.6, APIs: 1, Instructions: 68UNIQUE
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 003CAF5C, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.11% |
Function 003CC158, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.11% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.78% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.78% |
Function 003C3C22, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.78% |
Function 003C3C40, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
Function 003C6DF0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.32% |
Function 0036D2B4, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0036D01C, Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0036D017, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0036D2AF, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Non-executed Functions |
---|
Function 003C5418, Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Execution Graph |
---|
Execution Coverage: | 4.4% |
Dynamic/Decrypted Code Coverage: | 11.8% |
Signature Coverage: | 6.2% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 188 |
Graph
Executed Functions |
---|
Function 00401F3D, Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 346registrycomUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040AFF0, Relevance: 4.6, APIs: 3, Instructions: 84UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004041A8, Relevance: 4.6, APIs: 3, Instructions: 77UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00447049, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 0044D57E, Relevance: 47.9, APIs: 26, Strings: 1, Instructions: 622fileUNIQUELIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00405778, Relevance: 35.3, APIs: 10, Strings: 10, Instructions: 322UNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00402C57, Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 289fileUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00403D44, Relevance: 31.6, APIs: 14, Strings: 4, Instructions: 139processsynchronizationUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040454E, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 125registryUNIQUE
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00401230, Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71registryUNIQUE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040A55B, Relevance: 7.6, APIs: 5, Instructions: 57fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.20% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004035AF, Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 12.89% |
Function 0040516F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42libraryUNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040AC83, Relevance: 4.6, APIs: 3, Instructions: 130fileUNIQUE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040AEBF, Relevance: 4.5, APIs: 3, Instructions: 47UNIQUE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 004443F2, Relevance: 3.0, APIs: 2, Instructions: 45COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.40% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.04% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004015C5, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
Function 004476E1, Relevance: 3.0, APIs: 2, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 00401601, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.51% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.24% |
Function 0040A524, Relevance: 2.5, APIs: 2, Instructions: 26sleepUNIQUE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 37.75% |
Function 0040E44A, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0040E166, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.18% |
Function 0040753C, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.36% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 004053F5, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.03% |
Function 00440E8E, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.23% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.01% |
Function 00441B92, Relevance: 1.5, APIs: 1, Instructions: 2COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.77% |
Non-executed Functions |
---|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004023A8, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 162encryptionUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00401CEA, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 182registryencryptionUNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00401329, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 122encryptionUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00403678, Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 96encryptionUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040AB07, Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 138windowUNIQUE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0042B386, Relevance: 7.4, Strings: 5, Instructions: 1199UNIQUE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00431223, Relevance: 6.8, Strings: 5, Instructions: 578UNIQUE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040B148, Relevance: 6.1, APIs: 4, Instructions: 60timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.34% |
Function 00435460, Relevance: 3.6, Strings: 2, Instructions: 1057COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 8.94% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.02% |
Function 00404F44, Relevance: 2.7, Strings: 2, Instructions: 187UNIQUE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00432513, Relevance: 2.0, APIs: 1, Instructions: 469COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041ADF6, Relevance: 1.6, Strings: 1, Instructions: 400UNIQUE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00443C67, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.04% |
Function 004388E7, Relevance: .5, Instructions: 529COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00409101, Relevance: .4, Instructions: 369COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0044AF89, Relevance: .3, Instructions: 345COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0044B3BE, Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0044AB54, Relevance: .3, Instructions: 331COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0044A73C, Relevance: .3, Instructions: 323COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0042170A, Relevance: .3, Instructions: 282COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0041C8D5, Relevance: .2, Instructions: 244COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00404CCC, Relevance: .2, Instructions: 220COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040494F, Relevance: .2, Instructions: 180COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 00404BBF, Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0043F640, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.00% |
Function 0040173D, Relevance: 68.7, APIs: 30, Strings: 9, Instructions: 476stringlibraryUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00406651, Relevance: 54.7, APIs: 19, Strings: 12, Instructions: 465UNIQUE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00403835, Relevance: 47.6, APIs: 16, Strings: 11, Instructions: 310UNIQUE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040541A, Relevance: 45.8, APIs: 20, Strings: 6, Instructions: 301fileUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004040B8, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 65libraryUNIQUE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004416F4, Relevance: 16.8, APIs: 11, Instructions: 257COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.50% |
Function 0040AF25, Relevance: 16.6, APIs: 11, Instructions: 85UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 10.55% |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.01% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 23.02% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040AE06, Relevance: 10.6, APIs: 7, Instructions: 71sleepUNIQUE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040A4AC, Relevance: 9.1, APIs: 6, Instructions: 59UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00443937, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.84% |
Function 0043FD0D, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162UNIQUELIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 004431CF, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47UNIQUELIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 00443884, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41UNIQUELIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.64% |
Function 0040A44E, Relevance: 7.6, APIs: 5, Instructions: 51UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.09% |
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.05% |
Function 0043F2C0, Relevance: 6.1, APIs: 4, Instructions: 81UNIQUE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040A5ED, Relevance: 6.1, APIs: 4, Instructions: 70fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.28% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 0.50% |
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 1.25% |
Function 0040A3F7, Relevance: 6.0, APIs: 4, Instructions: 44UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040A3A2, Relevance: 6.0, APIs: 4, Instructions: 40UNIQUE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0040A690, Relevance: 6.0, APIs: 4, Instructions: 34fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 2.48% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 6.12% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0043FEEB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42UNIQUELIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
Function 0044C474, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32UNIQUELIBRARYCODE
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: 100.00% |