Analysis Report
Overview
General Information |
---|
Analysis ID: | 77833 |
Start time: | 11:50:53 |
Start date: | 24/07/2015 |
Overall analysis duration: | 0h 2m 45s |
Report type: | full |
Sample file name: | aaaa.exe |
Cookbook file name: | default.jbs |
Analysis system description: | XP SP3 (Office 2003 SP3, Java 1.8.0_40, Flash 16.0.0.305, Acrobat Reader 10.1.8, Internet Explorer 8, Chrome 41, Firefox 36) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
HCA enabled: | true |
HCA success: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 76 | 0 - 100 | Report FP / FN |
Signature Overview |
---|
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDF5DE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDF4E2 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDF5DE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDF4E2 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDF5DE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDF4E2 |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Contains functionality for read data from the clipboard | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00401D10 |
Networking: |
---|
Contains functionality to download additional files from the internet | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_02102CA7 |
Detected TCP or UDP traffic on non-standard ports | Show sources |
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: | ||
Source: global traffic | TCP traffic: |
Uses ping.exe to check the status of other devices and networks | Show sources |
Source: unknown | Process created: |
Boot Survival: |
---|
Creates an autostart registry key | Show sources |
Source: C:\aaaa.exe | Registry value created or modified: | ||
Source: C:\aaaa.exe | Registry value created or modified: | ||
Source: C:\aaaa.exe | Registry value created or modified: | ||
Source: C:\aaaa.exe | Registry value created or modified: | ||
Source: C:\aaaa.exe | Registry value created or modified: | ||
Source: C:\aaaa.exe | Registry value created or modified: |
Creates a start menu entry (Start Menu\Programs\Startup) | Show sources |
Source: C:\aaaa.exe | File created: |
Stores files to the Windows start menu directory | Show sources |
Source: C:\aaaa.exe | File created: |
Creates an undocumented autostart registry key | Show sources |
Source: C:\aaaa.exe | Key value created or modified: |
Drops PE files to the user root directory (C:\Documents and Settings\User or C:\Users\User) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | PE file moved: |
Monitors registry run keys for changes | Show sources |
Source: C:\aaaa.exe | Registry key monitored: | ||
Source: C:\aaaa.exe | Registry key monitored: |
Uses sc.exe to modify the status of services | Show sources |
Source: unknown | Process created: |
Remote Access Functionality: |
---|
Contains functionality to open a port and listen for incoming connection (possibly a backdoor) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_02103940 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_0210469F | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_021033BF |
Opens a port and listens for incoming connection (possibly a backdoor) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Socket bind: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Socket bind: |
Persistence and Installation Behavior: |
---|
Contains functionality to create new users | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD7DF6 |
Drops PE files | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | File created: | ||
Source: C:\aaaa.exe | File created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | File created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | File created: |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00409153 |
Generates new code (likely due to unpacking of malware or shellcode) | Show sources |
Source: C:\aaaa.exe | Code execution: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code execution: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code execution: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code execution: |
PE file contains an invalid checksum | Show sources |
Source: initial sample | Static PE information: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004021F1 | |
Source: C:\aaaa.exe | Code function: | 0_2_00405D96 | |
Source: C:\aaaa.exe | Code function: | 0_2_00406925 | |
Source: C:\aaaa.exe | Code function: | 0_2_0040A044 | |
Source: C:\aaaa.exe | Code function: | 0_2_019B2EC9 | |
Source: C:\aaaa.exe | Code function: | 0_2_019B311B | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDE216 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDE216 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDE216 |
System Summary: |
---|
Tries to open an application configuration file (.cfg) | Show sources |
Source: C:\aaaa.exe | File opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
Contains functionality to adjust token privileges (e.g. debug / backup) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00405B40 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDB2F9 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_00405B40 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_00405B40 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDB2F9 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_00405B40 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDB2F9 |
Contains functionality to create services | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_015817DC | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_015817DC |
Contains functionality to enum processes or threads | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00404E98 |
Contains functionality to modify services (start/stop/modify) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_015817DC |
Creates files inside the user directory | Show sources |
Source: C:\aaaa.exe | File created: |
Creates temporary files | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | File created: |
PE file has an executable .text section and no other executable section | Show sources |
Source: initial sample | Static PE information: |
Reads ini files | Show sources |
Source: C:\aaaa.exe | File read: |
Spawns processes | Show sources |
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: unknown | Process created: | ||
Source: C:\aaaa.exe | Process created: | ||
Source: C:\aaaa.exe | Process created: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process created: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process created: |
Uses an in-process (OLE) Automation server | Show sources |
Source: C:\aaaa.exe | Key value queried: |
Contains functionality to call native functions | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004056E6 | |
Source: C:\aaaa.exe | Code function: | 0_2_004061DB | |
Source: C:\aaaa.exe | Code function: | 0_2_00404F33 | |
Source: C:\aaaa.exe | Code function: | 0_2_0040EB29 | |
Source: C:\aaaa.exe | Code function: | 0_2_004050D0 | |
Source: C:\aaaa.exe | Code function: | 0_2_019B45B9 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00402786 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00407521 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDAE5D | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDBDBE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDC706 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CE9FB1 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDEB9B | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDB900 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD934C | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_015829E1 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00402786 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00407521 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDAE5D | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDEB9B | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDBDBE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDC706 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CE9FB1 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDB900 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CD934C | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_015829E1 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_02104F8D | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00402786 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00407521 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDBDBE | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CE9FB1 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDAE5D | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDEB9B | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDB900 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDC706 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CD934C |
Contains functionality to launch a process as a different user | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD80F8 |
Creates files inside the system directory | Show sources |
Source: C:\aaaa.exe | File created: |
Creates mutexes | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Mutant created: |
Enables driver privileges | Show sources |
Source: C:\aaaa.exe | Process token adjusted: |
Tries to load missing DLLs | Show sources |
Source: C:\aaaa.exe | Section loaded: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Section loaded: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Section loaded: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Contains functionality to create a new security descriptor | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004083CB |
May try to detect the Windows Explorer process (often used for injection) | Show sources |
Source: sc.exe | Binary or memory string: | ||
Source: sc.exe | Binary or memory string: | ||
Source: sc.exe | Binary or memory string: |
Contains functionality to execute programs as a different user | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD8043 |
Anti Debugging: |
---|
Contains functionality to register its own exception handler | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00406B7A | |
Source: C:\aaaa.exe | Code function: | 0_1_00406218 | |
Source: C:\aaaa.exe | Code function: | 0_1_00408A2E | |
Source: C:\aaaa.exe | Code function: | 0_1_0040B38C | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_00406B7A | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_00406218 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_00408A2E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_0040B38C | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_00406B7A | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_00406218 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_00408A2E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_0040B38C | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_00406B7A | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_00406218 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_00408A2E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_0040B38C |
Creates guard pages, often used to prevent reverse engineering and debugging | Show sources |
Source: C:\aaaa.exe | Memory protected: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00406791 |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00406218 |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD3E4C |
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00404F33 |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00409153 |
Contains functionality to read the PEB | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_003E0000 | |
Source: C:\aaaa.exe | Code function: | 0_2_003E0000 | |
Source: C:\aaaa.exe | Code function: | 0_2_003E0408 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00920408 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00920408 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00920000 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00920408 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_0040E61F |
Enables debug privileges | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process token adjusted: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process token adjusted: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process token adjusted: |
Launches processes in debugging mode, may be used to hinder debugging | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process created: |
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_00401530 |
Malware Analysis System Evasion: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004021F1 | |
Source: C:\aaaa.exe | Code function: | 0_2_00405D96 | |
Source: C:\aaaa.exe | Code function: | 0_2_00406925 | |
Source: C:\aaaa.exe | Code function: | 0_2_0040A044 | |
Source: C:\aaaa.exe | Code function: | 0_2_019B2EC9 | |
Source: C:\aaaa.exe | Code function: | 0_2_019B311B | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CDE216 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_2_00CDE216 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00402C0E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDCC39 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDCE5E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDE05E | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 7_2_00CDE216 |
Contains functionality to query system information | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00402EF3 |
May tried to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: |
Queries a list of all running processes | Show sources |
Source: C:\aaaa.exe | Process information queried: |
Contains capabilities to detect virtual machines | Show sources |
Source: C:\aaaa.exe | File opened: | ||
Source: C:\aaaa.exe | Registry key queried: | ||
Source: C:\aaaa.exe | Registry key queried: | ||
Source: C:\aaaa.exe | Registry key queried: | ||
Source: C:\aaaa.exe | File opened: |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00406791 |
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CD3E4C |
Found dropped PE file which has not been started or loaded | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Dropped PE file which has not been started: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Dropped PE file which has not been started: |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Evasive API call chain: | graph_4-3805 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\aaaa.exe TID: 4028 | Thread sleep count: | ||
Source: C:\aaaa.exe TID: 4028 | Thread sleep time: | ||
Source: C:\aaaa.exe TID: 3164 | Thread sleep count: | ||
Source: C:\aaaa.exe TID: 768 | Thread sleep time: | ||
Source: C:\aaaa.exe TID: 768 | Thread sleep time: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 2488 | Thread sleep time: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 2356 | Thread sleep count: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 692 | Thread sleep count: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 3828 | Thread sleep time: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 3352 | Thread sleep time: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe TID: 3344 | Thread sleep count: |
Tries to detect sandboxes and other dynamic analysis tools (process name) | Show sources |
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: |
Hooking and other Techniques for Hiding and Protection: |
---|
Disables application error messsages (SetErrorMode) | Show sources |
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\aaaa.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\WINDOWS\system32\cmd.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: | ||
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Process information set: |
Monitors certain registry keys / values for changes (often done to protect autostart functionality) | Show sources |
Source: C:\aaaa.exe | Registry key monitored for changes: |
Stores large binary data to the registry | Show sources |
Source: C:\aaaa.exe | Key value created or modified: |
Creates files in the recycle bin to hide itself | Show sources |
Source: C:\aaaa.exe | File created: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
AV process strings found (often used to terminate AV products) | Show sources |
Source: aaaa.exe | Binary or memory string: | ||
Source: aaaa.exe | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to create pipes for IPC | Show sources |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_2_00CE11CB |
Contains functionality to query local / system time | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004054E1 |
Contains functionality to query the account / user name | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_00402EF3 |
Contains functionality to query windows version | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_0040547F |
Contains functionality locales information (e.g. system language) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_1_0040BD88 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 3_1_0040BD88 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 4_1_0040BD88 | |
Source: C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe | Code function: | 5_1_0040BD88 |
Contains functionality to detect query CPU information (cpuid) | Show sources |
Source: C:\aaaa.exe | Code function: | 0_2_004015AC |
Queries the volume information (name, serial number etc) of a device | Show sources |
Source: C:\aaaa.exe | Qeruies volume information: | ||
Source: C:\aaaa.exe | Qeruies volume information: | ||
Source: C:\aaaa.exe | Qeruies volume information: | ||
Source: C:\aaaa.exe | Qeruies volume information: |
Yara Overview |
---|
No Yara matches |
---|
Startup |
---|
|
Created / dropped Files |
---|
File Path | Type and Hashes |
---|---|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Country | Flag | ASN | ASN Name |
---|---|---|---|---|
121.220.72.213 | Australia | 1221 | unknown | |
121.116.249.87 | Japan | 4713 | unknown | |
176.123.85.70 | Iran (ISLAMIC Republic Of) | 59506 | Fars Province University of Medical Science and Health Car | |
93.26.129.166 | France | 15557 | Societe Francaise du Radiotelephone S.A. | |
93.155.169.127 | Bulgaria | 23456 | 32bit Transition AS | |
24.255.29.61 | United States | 22773 | Cox Communications Inc. | |
213.110.134.23 | Ukraine | 47889 | PE Gritcun Oleksandr Viktorovich | |
87.243.23.193 | Kazakhstan | 21299 | ORBITA-PLUS Autonomous System | |
185.63.203.14 | Poland | 47329 | Maria Jaroslawska, trading as WDM COMPUTERS | |
77.93.36.79 | Ukraine | 43022 | Seech-Infocom Ltd. | |
114.191.244.1 | Japan | 4713 | unknown | |
186.92.20.78 | Venezuela | 8048 | unknown | |
194.165.16.15 | Russian Federation | 48721 | ADM Service Ltd. | |
202.164.152.193 | India | 17465 | Cable ISP in India | |
82.235.136.142 | France | 12322 | Free SAS |
Static File Info |
---|
General | |
---|---|
File type: | PE32 executable (GUI) Intel 80386, for MS Windows |
TrID: |
|
File name: | aaaa.exe |
File size: | 307712 |
MD5: | 9437eabf2fe5d32101e3fbf9f6027880 |
SHA1: | 1b42683bf2c6c0da6f6abd85720b64b387cbad99 |
SHA256: | e67aa9da71042fe85d03b7f57c18e611d3d16167ca9f86615088f2fd98b17a99 |
SHA512: | 4b64ae10fd31564c04540885b09019c148a907b73d6edb673383d0713139965d07a0fc4fac2ebf0bf799a205be0e4aafd09993b44f82354bed72f247c60e9652 |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40641f |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui 50 |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x55AEABC8 [Tue Jul 21 20:30:00 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007FEB30D30ECDh |
jmp 00007FEB30D2F5DDh |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [0041E7BCh] |
mov esi, dword ptr [0040D0E4h] |
call esi |
test eax, eax |
je 00007FEB30D2F783h |
mov eax, dword ptr [0041E7B8h] |
cmp eax, FFFFFFFFh |
je 00007FEB30D2F779h |
push eax |
push dword ptr [0041E7BCh] |
call esi |
call eax |
test eax, eax |
je 00007FEB30D2F76Ah |
mov eax, dword ptr [eax+000001F8h] |
jmp 00007FEB30D2F789h |
mov esi, 004190ACh |
push esi |
call dword ptr [0040D11Ch] |
test eax, eax |
jne 00007FEB30D2F76Dh |
push esi |
call 00007FEB30D2FE75h |
pop ecx |
test eax, eax |
je 00007FEB30D2F77Ah |
push 0041909Ch |
push eax |
call dword ptr [0040D120h] |
test eax, eax |
je 00007FEB30D2F76Ah |
push dword ptr [ebp+08h] |
call eax |
mov dword ptr [ebp+08h], eax |
mov eax, dword ptr [ebp+08h] |
pop esi |
pop ebp |
ret |
push 00000000h |
call 00007FEB30D2F6ECh |
pop ecx |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [0041E7BCh] |
mov esi, dword ptr [0040D0E4h] |
call esi |
test eax, eax |
je 00007FEB30D2F783h |
mov eax, dword ptr [0041E7B8h] |
cmp eax, FFFFFFFFh |
je 00007FEB30D2F779h |
push eax |
push dword ptr [0041E7BCh] |
call esi |
call eax |
test eax, eax |
je 00007FEB30D2F76Ah |
mov eax, dword ptr [eax+000001FCh] |
jmp 00007FEB30D2F789h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1a4e4 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x41000 | 0x2e1a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1a1e0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0x214 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Xored PE | ZLIB Complexity | File Type | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb4f4 | 0xb600 | 6.34633279914 | False | 0.579992273352 | data | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0xe10e | 0xe200 | 1.3561252733 | False | 0.0758780420354 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1c000 | 0x24fdc | 0x3400 | 4.48242579635 | False | 0.549278846154 | ps database from kernel 8 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x41000 | 0x2e1a0 | 0x2e200 | 7.88320012192 | False | 0.972163998984 | data | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country | Nbr Of Functions | Xored PE |
---|---|---|---|---|---|---|---|
MUI | 0x41420 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41518 | 0x100 | data | English | United States | 0 | False |
RT_DIALOG | 0x41618 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41710 | 0x60 | data | English | United States | 0 | False |
RT_DIALOG | 0x41770 | 0x100 | data | English | United States | 0 | False |
RT_DIALOG | 0x41870 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41968 | 0x60 | data | English | United States | 0 | False |
RT_DIALOG | 0x419c8 | 0xf8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41ac0 | 0xf0 | data | English | United States | 0 | False |
RT_DIALOG | 0x41bb0 | 0x58 | data | English | United States | 0 | False |
RT_DIALOG | 0x41c08 | 0xec | data | English | United States | 0 | False |
RT_DIALOG | 0x41cf4 | 0xe4 | data | English | United States | 0 | False |
RT_DIALOG | 0x41dd8 | 0x4c | data | English | United States | 0 | False |
RT_DIALOG | 0x41e24 | 0xf0 | data | English | United States | 0 | False |
RT_DIALOG | 0x41f14 | 0xe8 | data | English | United States | 0 | False |
RT_DIALOG | 0x41ffc | 0x50 | data | English | United States | 0 | False |
RT_VERSION | 0x4204c | 0x2b0 | data | 0 | False | ||
RT_MANIFEST | 0x422fc | 0x15a | ASCII text, with CRLF line terminators | 0 | False | ||
None | 0x42458 | 0x2cd48 | data | 0 | False |
Imports |
---|
DLL | Import |
---|---|
USER32.dll | AnyPopup, CreateIconFromResourceEx, GetDC, SetFocus, EndDialog, wsprintfW, CreateDialogParamW, GetCursorPos, FindWindowExW, GetAsyncKeyState, RegisterClassW, SetDlgItemTextA, MsgWaitForMultipleObjectsEx, GetDlgItem, ClientToScreen, SendMessageTimeoutW, SendMessageTimeoutA, GetScrollPos, GetSystemMetrics, GetKeyboardType, GetNextDlgTabItem, GetUserObjectInformationA, IsZoomed, GetSysColor, OpenClipboard |
SHELL32.dll | ShellExecuteA |
ole32.dll | OleGetClipboard, CoGetMalloc |
ADVAPI32.dll | AdjustTokenPrivileges |
GDI32.dll | GetCharWidthA, RectVisible, TextOutA, GetArcDirection, DPtoLP, Polygon, SetSystemPaletteUse, DeleteDC, SetDeviceGammaRamp, EndPage, GetNearestPaletteIndex, ExcludeClipRect, LineTo, GetTextMetricsW, GdiSetBatchLimit, CloseFigure, Escape, GetCharWidthW |
KERNEL32.dll | IsValidCodePage, LoadLibraryA, GetACP, GetCPInfo, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, HeapAlloc, HeapReAlloc, RtlUnwind, GetLocaleInfoA, MultiByteToWideChar, GetStringTypeW, LCMapStringA, LCMapStringW, HeapSize, GetOEMCP, GetStringTypeA, GlobalUnfix, GetFileType, CheckRemoteDebuggerPresent, SetProcessShutdownParameters, ConvertThreadToFiber, GlobalCompact, GetNumaNodeProcessorMask, VirtualAlloc, GetProcessAffinityMask, GetProcessHandleCount, GetNumaAvailableMemoryNode, CancelWaitableTimer, FileTimeToDosDateTime, GetPrivateProfileStringA, GlobalMemoryStatus, SetLastError, lstrcpynA, GlobalReAlloc, TlsGetValue, GetSystemDirectoryW, VirtualProtect, GetComputerNameA, WaitForMultipleObjects, TlsAlloc, IsBadReadPtr, SetHandleCount, SystemTimeToFileTime, FlushFileBuffers, SetEnvironmentVariableA, GetSystemTimeAsFileTime, GetCommandLineA, GetStartupInfoA, GetModuleHandleW, GetProcAddress, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, GetLastError, InterlockedDecrement, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, DeleteCriticalSection, HeapCreate, VirtualFree, HeapFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright Alexander Roshal 1993-2011 |
InternalName | Command line RAR |
FileVersion | 4.1.0 |
CompanyName | Alexander Roshal |
ProductName | WinRAR |
ProductVersion | 4.1.0 |
FileDescription | Command line RAR |
Translation | 0x0000 0x0000 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 24, 2015 11:51:37.757419109 CEST | 1038 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:51:37.757457972 CEST | 55667 | 1038 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:51:37.757550001 CEST | 1038 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:51:37.757972956 CEST | 1038 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:51:37.757992029 CEST | 55667 | 1038 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:51:37.758172035 CEST | 1038 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:51:37.763401031 CEST | 55667 | 1038 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:51:37.763505936 CEST | 1038 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:51:38.705791950 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:38.705812931 CEST | 48755 | 1039 | 213.110.134.23 | 192.168.1.10 |
Jul 24, 2015 11:51:38.705910921 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:38.706300974 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:38.706320047 CEST | 48755 | 1039 | 213.110.134.23 | 192.168.1.10 |
Jul 24, 2015 11:51:38.706478119 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:38.706501007 CEST | 48755 | 1039 | 213.110.134.23 | 192.168.1.10 |
Jul 24, 2015 11:51:41.835654974 CEST | 48755 | 1039 | 213.110.134.23 | 192.168.1.10 |
Jul 24, 2015 11:51:41.835771084 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:48.709024906 CEST | 1039 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:51:48.709043980 CEST | 48755 | 1039 | 213.110.134.23 | 192.168.1.10 |
Jul 24, 2015 11:51:48.710746050 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:48.710773945 CEST | 48755 | 1040 | 24.255.29.61 | 192.168.1.10 |
Jul 24, 2015 11:51:48.710890055 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:48.711380959 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:48.711389065 CEST | 48755 | 1040 | 24.255.29.61 | 192.168.1.10 |
Jul 24, 2015 11:51:48.711509943 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:48.711515903 CEST | 48755 | 1040 | 24.255.29.61 | 192.168.1.10 |
Jul 24, 2015 11:51:58.723973989 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:58.724101067 CEST | 48755 | 1040 | 24.255.29.61 | 192.168.1.10 |
Jul 24, 2015 11:51:58.724208117 CEST | 1040 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:51:58.724693060 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:51:58.724721909 CEST | 48755 | 1041 | 121.220.72.213 | 192.168.1.10 |
Jul 24, 2015 11:51:58.724822044 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:51:58.725042105 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:51:58.725059986 CEST | 48755 | 1041 | 121.220.72.213 | 192.168.1.10 |
Jul 24, 2015 11:51:58.725136042 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:51:58.725142002 CEST | 48755 | 1041 | 121.220.72.213 | 192.168.1.10 |
Jul 24, 2015 11:52:08.739854097 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:52:08.739926100 CEST | 48755 | 1041 | 121.220.72.213 | 192.168.1.10 |
Jul 24, 2015 11:52:08.740009069 CEST | 1041 | 48755 | 192.168.1.10 | 121.220.72.213 |
Jul 24, 2015 11:52:08.740849018 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:08.740870953 CEST | 48755 | 1042 | 93.155.169.127 | 192.168.1.10 |
Jul 24, 2015 11:52:08.740957975 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:08.741255045 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:08.741265059 CEST | 48755 | 1042 | 93.155.169.127 | 192.168.1.10 |
Jul 24, 2015 11:52:08.741389990 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:08.741396904 CEST | 48755 | 1042 | 93.155.169.127 | 192.168.1.10 |
Jul 24, 2015 11:52:15.776073933 CEST | 48755 | 1042 | 93.155.169.127 | 192.168.1.10 |
Jul 24, 2015 11:52:15.776170015 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:18.755980968 CEST | 1042 | 48755 | 192.168.1.10 | 93.155.169.127 |
Jul 24, 2015 11:52:18.755996943 CEST | 48755 | 1042 | 93.155.169.127 | 192.168.1.10 |
Jul 24, 2015 11:52:18.756934881 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:18.756952047 CEST | 48755 | 1043 | 87.243.23.193 | 192.168.1.10 |
Jul 24, 2015 11:52:18.757064104 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:18.757503033 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:18.757513046 CEST | 48755 | 1043 | 87.243.23.193 | 192.168.1.10 |
Jul 24, 2015 11:52:18.757652998 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:18.757659912 CEST | 48755 | 1043 | 87.243.23.193 | 192.168.1.10 |
Jul 24, 2015 11:52:28.770814896 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:28.770921946 CEST | 48755 | 1043 | 87.243.23.193 | 192.168.1.10 |
Jul 24, 2015 11:52:28.771081924 CEST | 1043 | 48755 | 192.168.1.10 | 87.243.23.193 |
Jul 24, 2015 11:52:28.772022009 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:28.772046089 CEST | 48755 | 1044 | 185.63.203.14 | 192.168.1.10 |
Jul 24, 2015 11:52:28.772238016 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:28.772605896 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:28.772617102 CEST | 48755 | 1044 | 185.63.203.14 | 192.168.1.10 |
Jul 24, 2015 11:52:28.772757053 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:28.772763968 CEST | 48755 | 1044 | 185.63.203.14 | 192.168.1.10 |
Jul 24, 2015 11:52:38.787126064 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:38.787399054 CEST | 48755 | 1044 | 185.63.203.14 | 192.168.1.10 |
Jul 24, 2015 11:52:38.787794113 CEST | 1044 | 48755 | 192.168.1.10 | 185.63.203.14 |
Jul 24, 2015 11:52:38.791812897 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:38.791888952 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:38.792319059 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:38.793524027 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:38.793567896 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:38.794096947 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:38.794128895 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.156740904 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.286735058 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.286756039 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.316525936 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.316551924 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.316740036 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.316746950 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.686527014 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694056034 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694063902 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694192886 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.694206953 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694413900 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.694422007 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694428921 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694432974 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.694681883 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.708544016 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.708550930 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.708555937 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.708724976 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.708734035 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.708772898 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.714710951 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.714718103 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.714814901 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.714823961 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.714935064 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.716193914 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.716200113 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.716202974 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.716325998 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.751246929 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.751255035 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.751373053 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.751383066 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.751491070 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.764548063 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.764554977 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.764652967 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.791215897 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.809070110 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.809537888 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.809588909 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.830838919 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.831306934 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.831357956 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.874722004 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.874751091 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.875197887 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.875256062 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.875713110 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.878993034 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.889030933 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.889172077 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.889190912 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.949804068 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.949810028 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.949909925 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.949928045 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.950020075 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.957664967 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.957683086 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.957840919 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.975708008 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.975718021 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.975806952 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.986526966 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.994390965 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:39.995105028 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:39.995116949 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.038580894 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.038847923 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.038872957 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.083614111 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.083642960 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.084389925 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.084436893 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.084786892 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.096297026 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.113629103 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.114101887 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.114154100 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.122144938 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.122637033 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.122688055 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.163314104 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.163427114 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.163439035 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.179852962 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.179981947 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.180003881 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.195451975 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.195883036 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.195926905 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.237454891 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.237462997 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.237571955 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.237584114 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.237679005 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.250104904 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.269614935 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.269622087 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.269723892 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.269735098 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.269829988 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.279979944 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.287915945 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.288088083 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.288110018 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.333791971 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.333918095 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.333930016 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.359245062 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.359266043 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.359389067 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.359411955 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.359509945 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.372011900 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.397145033 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.397155046 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.397264004 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.397273064 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.397367001 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.437457085 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.442475080 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.442481041 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.442606926 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.442619085 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.442707062 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.458051920 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.465976954 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.466097116 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.466109037 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.486592054 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.486696005 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.486707926 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.513984919 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.514091969 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.514101982 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.515780926 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.515883923 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.515892029 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.554795980 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.554917097 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.554928064 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.568579912 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.568670034 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.568691015 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.591039896 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.591137886 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.591159105 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.612531900 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.612617970 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.612628937 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.647855043 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.648042917 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.648050070 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.684976101 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.685127974 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.685138941 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.692889929 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.693022966 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.693033934 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.707082033 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.707232952 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.707243919 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.716692924 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.716841936 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.716854095 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.743313074 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.743423939 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.743439913 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.751117945 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.751190901 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.751199961 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.796534061 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.796684027 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.796705008 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.815898895 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.816028118 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.816047907 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.823971033 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.824086905 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.824107885 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.855390072 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.855561018 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.855581999 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.863290071 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.863404989 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.863425970 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.896470070 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.896605015 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.896625996 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.911542892 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.911679983 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.911698103 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.943768978 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.943893909 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.943901062 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.951623917 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.951741934 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.951747894 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.970067024 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:40.970206976 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:40.970218897 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.146295071 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.201507092 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201513052 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201643944 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201649904 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201754093 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201757908 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201862097 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.201864958 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202120066 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202136993 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202197075 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202210903 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202213049 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202215910 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202709913 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202714920 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202789068 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202805996 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202811003 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202814102 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202814102 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202888012 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202918053 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.202922106 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.202951908 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.203021049 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.203064919 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.203135014 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.209425926 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.216325045 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.270479918 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.270601988 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.270621061 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.375684023 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.375718117 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.375798941 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.375819921 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.725039005 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.911186934 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.911209106 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.930598021 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.930623055 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:41.930763006 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:41.930769920 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.257911921 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.263638973 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.263654947 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.263813972 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.263833046 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.263943911 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.265871048 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.265887022 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.265888929 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.266052961 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.273797035 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.273814917 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.273916006 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.273935080 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.274044037 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.278090954 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.278351068 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.278481960 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.278506041 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.285350084 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.285495043 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.285512924 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.286514997 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.293132067 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.331398010 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.331584930 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.331605911 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.351027012 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.351217985 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.351226091 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.455882072 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.455893993 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.456026077 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.456032991 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.456268072 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:42.456317902 CEST | 48755 | 1045 | 93.26.129.166 | 192.168.1.10 |
Jul 24, 2015 11:52:42.456398010 CEST | 1045 | 48755 | 192.168.1.10 | 93.26.129.166 |
Jul 24, 2015 11:52:43.880908012 CEST | 1046 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:52:43.880938053 CEST | 55667 | 1046 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:52:43.881016970 CEST | 1046 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:52:43.881274939 CEST | 1046 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:52:43.881294012 CEST | 55667 | 1046 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:52:43.881438017 CEST | 1046 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:52:43.881515026 CEST | 55667 | 1046 | 194.165.16.15 | 192.168.1.10 |
Jul 24, 2015 11:52:43.881592035 CEST | 1046 | 55667 | 192.168.1.10 | 194.165.16.15 |
Jul 24, 2015 11:52:55.804987907 CEST | 1047 | 48755 | 192.168.1.10 | 82.235.136.142 |
Jul 24, 2015 11:52:55.819305897 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:52:55.819334984 CEST | 48755 | 1048 | 77.93.36.79 | 192.168.1.10 |
Jul 24, 2015 11:52:55.819417000 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:52:55.819890022 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:52:55.819910049 CEST | 48755 | 1048 | 77.93.36.79 | 192.168.1.10 |
Jul 24, 2015 11:52:55.820031881 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:52:55.820048094 CEST | 48755 | 1048 | 77.93.36.79 | 192.168.1.10 |
Jul 24, 2015 11:53:00.802611113 CEST | 1047 | 48755 | 192.168.1.10 | 176.123.85.70 |
Jul 24, 2015 11:53:05.802203894 CEST | 1047 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:05.833314896 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:53:05.833379030 CEST | 48755 | 1048 | 77.93.36.79 | 192.168.1.10 |
Jul 24, 2015 11:53:05.833478928 CEST | 1048 | 48755 | 192.168.1.10 | 77.93.36.79 |
Jul 24, 2015 11:53:10.802645922 CEST | 1047 | 48755 | 192.168.1.10 | 186.92.20.78 |
Jul 24, 2015 11:53:10.834474087 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:10.834508896 CEST | 48755 | 1049 | 202.164.152.193 | 192.168.1.10 |
Jul 24, 2015 11:53:10.834625006 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:10.835897923 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:10.835908890 CEST | 48755 | 1049 | 202.164.152.193 | 192.168.1.10 |
Jul 24, 2015 11:53:10.836077929 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:10.836085081 CEST | 48755 | 1049 | 202.164.152.193 | 192.168.1.10 |
Jul 24, 2015 11:53:15.802200079 CEST | 1047 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:53:20.802284002 CEST | 1047 | 48755 | 192.168.1.10 | 114.191.244.1 |
Jul 24, 2015 11:53:20.849354029 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:20.849446058 CEST | 48755 | 1049 | 202.164.152.193 | 192.168.1.10 |
Jul 24, 2015 11:53:20.849530935 CEST | 1049 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:25.802665949 CEST | 1047 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:53:25.850027084 CEST | 1050 | 48755 | 192.168.1.10 | 121.116.249.87 |
Jul 24, 2015 11:53:25.850056887 CEST | 48755 | 1050 | 121.116.249.87 | 192.168.1.10 |
Jul 24, 2015 11:53:25.850141048 CEST | 1050 | 48755 | 192.168.1.10 | 121.116.249.87 |
Jul 24, 2015 11:53:25.850414991 CEST | 1050 | 48755 | 192.168.1.10 | 121.116.249.87 |
Jul 24, 2015 11:53:25.850433111 CEST | 48755 | 1050 | 121.116.249.87 | 192.168.1.10 |
Jul 24, 2015 11:53:25.850586891 CEST | 1050 | 48755 | 192.168.1.10 | 121.116.249.87 |
Jul 24, 2015 11:53:25.850603104 CEST | 48755 | 1050 | 121.116.249.87 | 192.168.1.10 |
Jul 24, 2015 11:53:30.802309036 CEST | 1047 | 48755 | 192.168.1.10 | 213.110.134.23 |
Jul 24, 2015 11:53:32.895064116 CEST | 48755 | 1050 | 121.116.249.87 | 192.168.1.10 |
Jul 24, 2015 11:53:32.895153046 CEST | 1050 | 48755 | 192.168.1.10 | 121.116.249.87 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 24, 2015 11:52:55.804987907 CEST | 1047 | 48755 | 192.168.1.10 | 82.235.136.142 |
Jul 24, 2015 11:53:00.802611113 CEST | 1047 | 48755 | 192.168.1.10 | 176.123.85.70 |
Jul 24, 2015 11:53:05.802203894 CEST | 1047 | 48755 | 192.168.1.10 | 202.164.152.193 |
Jul 24, 2015 11:53:10.802645922 CEST | 1047 | 48755 | 192.168.1.10 | 186.92.20.78 |
Jul 24, 2015 11:53:15.802200079 CEST | 1047 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:53:20.802284002 CEST | 1047 | 48755 | 192.168.1.10 | 114.191.244.1 |
Jul 24, 2015 11:53:25.802665949 CEST | 1047 | 48755 | 192.168.1.10 | 24.255.29.61 |
Jul 24, 2015 11:53:30.802309036 CEST | 1047 | 48755 | 192.168.1.10 | 213.110.134.23 |
Hooks - Code Manipulation Behavior |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 11:51:25 |
Start date: | 24/07/2015 |
Path: | C:\aaaa.exe |
Wow64 process (32bit): | false |
Commandline: | unknown |
Imagebase: | 0x400000 |
File size: | 307712 bytes |
MD5 hash: | 9437EABF2FE5D32101E3FBF9F6027880 |
General |
---|
Start time: | 11:52:44 |
Start date: | 24/07/2015 |
Path: | C:\WINDOWS\system32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | /c ping 127.0.0.1 >> nul |
Imagebase: | 0x4ad00000 |
File size: | 389120 bytes |
MD5 hash: | 6D778E0F95447E6546553EEEA709D03C |
General |
---|
Start time: | 11:52:44 |
Start date: | 24/07/2015 |
Path: | C:\WINDOWS\system32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | /d /c del C:\aaaa.exe |
Imagebase: | 0x7e410000 |
File size: | 389120 bytes |
MD5 hash: | 6D778E0F95447E6546553EEEA709D03C |
General |
---|
Start time: | 11:52:44 |
Start date: | 24/07/2015 |
Path: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe |
Imagebase: | 0x400000 |
File size: | 156672 bytes |
MD5 hash: | B47B4634A0DD6BCCD5309C3679856DA0 |
General |
---|
Start time: | 11:52:47 |
Start date: | 24/07/2015 |
Path: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe -watchdog |
Imagebase: | 0x400000 |
File size: | 156672 bytes |
MD5 hash: | B47B4634A0DD6BCCD5309C3679856DA0 |
General |
---|
Start time: | 11:52:47 |
Start date: | 24/07/2015 |
Path: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe -update 3232 |
Imagebase: | 0x400000 |
File size: | 156672 bytes |
MD5 hash: | 62A23CF0444F6B57A5CDEA2FDC54158A |
General |
---|
Start time: | 11:52:49 |
Start date: | 24/07/2015 |
Path: | C:\WINDOWS\system32\ping.exe |
Wow64 process (32bit): | false |
Commandline: | ping 127.0.0.1 |
Imagebase: | 0x1000000 |
File size: | 17920 bytes |
MD5 hash: | 66CDF02D86C9F0B4300EE981A614D296 |
General |
---|
Start time: | 11:52:53 |
Start date: | 24/07/2015 |
Path: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe |
Wow64 process (32bit): | false |
Commandline: | C:\Documents and Settings\Administrator\Application Data\Microsoft\Windows\IEUpdate\sc.exe -watchdog |
Imagebase: | 0x400000 |
File size: | 156672 bytes |
MD5 hash: | 62A23CF0444F6B57A5CDEA2FDC54158A |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 28.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 2.5% |
Total number of Nodes: | 1182 |
Total number of Limit Nodes: | 7 |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|