Windows
Analysis Report
mkFOY01Gl5.exe
Overview
General Information
Sample name: | mkFOY01Gl5.exerenamed because original name is a hash value |
Original sample name: | 0309dd0131150796ea99b30a62194fae.exe |
Analysis ID: | 1465097 |
MD5: | 0309dd0131150796ea99b30a62194fae |
SHA1: | 2df6e334708eae810a74b844fd57e18e9fdc34cd |
SHA256: | 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35 |
Tags: | 32exetrojan |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
mkFOY01Gl5.exe (PID: 6056 cmdline:
"C:\Users\ user\Deskt op\mkFOY01 Gl5.exe" MD5: 0309DD0131150796EA99B30A62194FAE) conhost.exe (PID: 5952 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) RegAsm.exe (PID: 4308 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) RegAsm.exe (PID: 6176 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13) WerFault.exe (PID: 6976 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 176 -s 179 6 MD5: C31336C1EFC2CCB44B4326EA793040F2) WerFault.exe (PID: 2968 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 056 -s 304 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["pedestriankodwu.xyz", "towerxxuytwi.xyzd", "ellaboratepwsz.xyzu", "penetratedpoopp.xyz", "swellfrrgwwos.xyz", "contintnetksows.shop", "foodypannyjsud.shop", "potterryisiw.shop", "potterryisiw.shop"], "Build id": "H8NgCl--default2806"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 4_2_00417592 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0010AA16 |
Source: | Code function: | 4_2_0043B00A | |
Source: | Code function: | 4_2_004180AA | |
Source: | Code function: | 4_2_0041B990 | |
Source: | Code function: | 4_2_0041FAE0 | |
Source: | Code function: | 4_2_00428A88 | |
Source: | Code function: | 4_2_00402D60 | |
Source: | Code function: | 4_2_00424F10 | |
Source: | Code function: | 4_2_00424F10 | |
Source: | Code function: | 4_2_0040FF30 | |
Source: | Code function: | 4_2_004241DE | |
Source: | Code function: | 4_2_004241DE | |
Source: | Code function: | 4_2_00439270 | |
Source: | Code function: | 4_2_00439270 | |
Source: | Code function: | 4_2_004212D0 | |
Source: | Code function: | 4_2_004212D0 | |
Source: | Code function: | 4_2_00425350 | |
Source: | Code function: | 4_2_004083F0 | |
Source: | Code function: | 4_2_004083F0 | |
Source: | Code function: | 4_2_0041343E | |
Source: | Code function: | 4_2_00426483 | |
Source: | Code function: | 4_2_0043C4BB | |
Source: | Code function: | 4_2_0043C5C0 | |
Source: | Code function: | 4_2_00416637 | |
Source: | Code function: | 4_2_0043B776 | |
Source: | Code function: | 4_2_0043C7C0 | |
Source: | Code function: | 4_2_0043C8C0 | |
Source: | Code function: | 4_2_00413940 | |
Source: | Code function: | 4_2_00423976 | |
Source: | Code function: | 4_2_00423976 | |
Source: | Code function: | 4_2_0040EA70 | |
Source: | Code function: | 4_2_00426A10 | |
Source: | Code function: | 4_2_00425A2A | |
Source: | Code function: | 4_2_00416AD0 | |
Source: | Code function: | 4_2_00436AD2 | |
Source: | Code function: | 4_2_0041BB40 | |
Source: | Code function: | 4_2_00433BF0 | |
Source: | Code function: | 4_2_0043AC04 | |
Source: | Code function: | 4_2_00438C80 | |
Source: | Code function: | 4_2_00413D71 | |
Source: | Code function: | 4_2_00422E75 | |
Source: | Code function: | 4_2_00421EB0 | |
Source: | Code function: | 4_2_00428F65 |
Networking |
---|
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 4_2_00430CF0 |
Source: | Code function: | 4_2_00430CF0 |
Source: | Code function: | 4_2_00430F10 |
Source: | Code function: | 0_2_00114920 | |
Source: | Code function: | 0_2_00104869 | |
Source: | Code function: | 0_2_0010E8C8 | |
Source: | Code function: | 0_2_00105289 | |
Source: | Code function: | 0_2_000FDAB4 | |
Source: | Code function: | 0_2_00100B00 | |
Source: | Code function: | 0_2_000F3D50 | |
Source: | Code function: | 4_2_00417592 | |
Source: | Code function: | 4_2_004227B0 | |
Source: | Code function: | 4_2_00417AC5 | |
Source: | Code function: | 4_2_00404E70 | |
Source: | Code function: | 4_2_00421F5A | |
Source: | Code function: | 4_2_00402FA0 | |
Source: | Code function: | 4_2_00409060 | |
Source: | Code function: | 4_2_00436120 | |
Source: | Code function: | 4_2_004241DE | |
Source: | Code function: | 4_2_0043E1E0 | |
Source: | Code function: | 4_2_004211E6 | |
Source: | Code function: | 4_2_00439270 | |
Source: | Code function: | 4_2_0041E2CE | |
Source: | Code function: | 4_2_004083F0 | |
Source: | Code function: | 4_2_0043C4BB | |
Source: | Code function: | 4_2_00422569 | |
Source: | Code function: | 4_2_0043E510 | |
Source: | Code function: | 4_2_0043C5C0 | |
Source: | Code function: | 4_2_004035E0 | |
Source: | Code function: | 4_2_0042166A | |
Source: | Code function: | 4_2_00406770 | |
Source: | Code function: | 4_2_0043C7C0 | |
Source: | Code function: | 4_2_0043C8C0 | |
Source: | Code function: | 4_2_004188EE | |
Source: | Code function: | 4_2_00423976 | |
Source: | Code function: | 4_2_00403990 | |
Source: | Code function: | 4_2_0043CA00 | |
Source: | Code function: | 4_2_00426CC0 | |
Source: | Code function: | 4_2_00401CDA | |
Source: | Code function: | 4_2_00401CA4 | |
Source: | Code function: | 4_2_00406D40 | |
Source: | Code function: | 4_2_0043CD60 | |
Source: | Code function: | 4_2_0040FD90 | |
Source: | Code function: | 4_2_00401EE0 | |
Source: | Code function: | 4_2_00422EE3 | |
Source: | Code function: | 4_2_00422F52 | |
Source: | Code function: | 4_2_0041EF39 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 4_2_0042F339 |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_000F76C0 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 0_2_0010AA16 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_4-11821 |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_0043AAC0 |
Source: | Code function: | 0_2_000FBA03 |
Source: | Code function: | 0_2_00106AF1 | |
Source: | Code function: | 0_2_00106B35 | |
Source: | Code function: | 0_2_00101FC4 |
Source: | Code function: | 0_2_0010E15F |
Source: | Code function: | 0_2_000F79C6 | |
Source: | Code function: | 0_2_000FBA03 | |
Source: | Code function: | 0_2_000F7CC9 | |
Source: | Code function: | 0_2_000F7E25 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_022C018D |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_000F779C |
Source: | Code function: | 0_2_00106831 | |
Source: | Code function: | 0_2_0010D83B | |
Source: | Code function: | 0_2_0010D886 | |
Source: | Code function: | 0_2_0010D921 | |
Source: | Code function: | 0_2_0010D9AC | |
Source: | Code function: | 0_2_001062CB | |
Source: | Code function: | 0_2_0010DBFF | |
Source: | Code function: | 0_2_0010DD28 | |
Source: | Code function: | 0_2_0010D599 | |
Source: | Code function: | 0_2_0010DE2E | |
Source: | Code function: | 0_2_0010DEFD | |
Source: | Code function: | 0_2_0010D794 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_000F7BC3 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 12 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 411 Process Injection | LSASS Memory | 151 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 12 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 3 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 1 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 33 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
68% | ReversingLabs | Win32.Trojan.Znyonm | ||
71% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1317026 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
14% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
2% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
1% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
2% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
potterryisiw.shop | 188.114.96.3 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.96.3 | potterryisiw.shop | European Union | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1465097 |
Start date and time: | 2024-07-01 09:22:27 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 11s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 14 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | mkFOY01Gl5.exerenamed because original name is a hash value |
Original Sample Name: | 0309dd0131150796ea99b30a62194fae.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@8/9@2/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Time | Type | Description |
---|---|---|
03:23:50 | API Interceptor | |
03:24:11 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.96.3 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
potterryisiw.shop | Get hash | malicious | LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Mirai, Moobot | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AsyncRAT, DarkTortilla, StormKitty, WorldWind Stealer | Browse |
| ||
Get hash | malicious | Mirai, Moobot | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_RegAsm.exe_c9bfd8d07f254ebe8912d43c52adf5e55266565a_e47d3db6_cc4100ba-9324-4e3f-bbf5-c9151601b391\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0525382419946387 |
Encrypted: | false |
SSDEEP: | 192:C5EjjeFy/L+xDxf0BU/AjezEKTczuiF8Z24IO8Z:oEjtL+FKBU/AjeNczuiF8Y4IO8Z |
MD5: | E78EF36D7541004A2B31A50E2604F593 |
SHA1: | 68C69A69B98877BD31FB192D83EB6ADA83369FE8 |
SHA-256: | 1F6D5D1CD4456FE3BEA61FC7973012B29B9B0808FDC128CEB58884F32792B5D6 |
SHA-512: | 4B758C5B33B73D54C7866D276538CC01F6BB08F2CFD500014C4506B95780F10FAA15F557EED02BBEBF1A929323A428D0E36B0B892C44D710DBE518245DA6899B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_mkFOY01Gl5.exe_f17527364e8b6e37285ab788bb2a9768f98071_61a3bbc4_8792fd5b-a84f-4d64-8493-38f89d51577a\Report.wer ![malicious](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABgAAAAXCAYAAAARIY8tAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyFpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuNi1jMTQyIDc5LjE2MDkyNCwgMjAxNy8wNy8xMy0wMTowNjozOSAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENDIChXaW5kb3dzKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDo1MURGMTcxMEUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDo1MURGMTcxMUUwMTExMUU3ODcwNkQzRUEzRDEzQkU2NSI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjUxREYxNzBFRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjUxREYxNzBGRTAxMTExRTc4NzA2RDNFQTNEMTNCRTY1Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+ndzG2gAAA2JJREFUeNq0VVtIlEEU/nZXaTc1txbLMkrFxAuolA+Z3dQgqIdE0dSy1gclezJt1VWrh9TSBzUqKCorMs1L0ENJqV0helBMxTCSykUSzby77pKX7czorr/r6mLggcPMf/453zdz5pwzIoPBgNUUMVZZRJaM0evlUTRUrRArpmpouNIqAYFLaeggdV0hgYbUm0h01kJ0zhK4o9NGwdzJEsF20tRl74B270xDltC2RiZDpEqFTa7bTbbNHh6ISEvj/8xETRhbljtBPqm90JBV8xTa4WF8a2w02b5++oSJ0VGoq2vMCezmMBYTEPNOGpTmHjIHBwz09CyKB7OtXbfOUqhOEVagpROULJVVTCS2tjiafJYrm1vJzBIi4Vg2grTct5THjl2BiM5UQz8xwb8PxsXhc339ciTBDJa0UjyXloWWVsns7XmIjqWk8H29vH0Lz2/eoLmI29g/pktIAWHLJL4yqYo+IheckQAOxMZCVV4BhYuLKU19gvfCOygILp6eszcqlyPk5AmMDQ5C095uTiAn1TECVrGmbbj6+UFVVoag8HA8K7mGvzodnN3dIRaLURgXi8baFzxEM9PTNK9F3b27iL14CbvDj+FHSwuG+/qEJL4iOoZamFqn869AameHJ7mXMdLfj/tdGlxPSsSeiEhMjIxgemoKDooNeFv2GOdpIwlUHyyUx7NzwBrnwyy1kCCHZVExaZfRohsbw920VA5uFL1Wi5E//TicmIgjyckY6u0lsBnTf934OB5dyOG1YdY6iiRf9PopChNLdJZJ3PG3RjMPTs5JxSWccJu3z2wN/OrhlVyZl4vvzc3cZpiZYc7o7+42up6hvtQiEhTaB5aqIoo1XywQB4UCUekZ/ARMXt25g+rCAowNDCwsgHnfjwyLCAwS023IpK00JNEuRHaOjvwS2WIGHpOdjdD4eNSVlqKzqQmHlErYr5fzOUsCiY0NmA+bs8OwrCTwnkXtmk5RSkMCq9SQuBPw3b8P/qFh+NnaigfqTHR3dPB1W728kHDlKtwCAtD65jXa33/Au4pyTE9Ost8PCVxp8T2Y66adxobHct/N3w8tDQ0WKykgjMjb2oQJoSX1NO5+qQdHbd4RVyA5BJ5n7cFZkLYrfNGKrD76tAM9Den/QZBh/lwy+SfAAK5qO2iUYLhmAAAAAElFTkSuQmCC)
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.7141568706699232 |
Encrypted: | false |
SSDEEP: | 192:yMoSAUWOQl0BU/gjuGzuiF8Z24IO8LJL:8SAUWOQGBU/gjfzuiF8Y4IO8L |
MD5: | 4DD92C98AF76544D029865DBEC08EE85 |
SHA1: | AD328AC3C2533AA4A56F6D44CCBCF93E501864EC |
SHA-256: | F2CBE1527262D637C015C18289EADD8E6364ABF7E8C574E2022222DB5AFA1934 |
SHA-512: | 9B56473259E156EEC6708339DD7E4CADD2BC0C8DF33585F7AD8320A7C0269BE879AFC6BB45E78E8D3244293C7049C5C694DDA1C6CA900BFC381E3065690624D6 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46170 |
Entropy (8bit): | 1.7551058547418887 |
Encrypted: | false |
SSDEEP: | 96:528lJE7AwOa8UeSvgsi7X9UnjP97j5VKR9XcMFcoZFuRejWBb//04LKbWIkWIXpt:H8tvHOMHKzt0eCeWjfFlp60 |
MD5: | EBDF3DF5FC96E4314804B116E51DE50D |
SHA1: | EBEFD2E60C1D5B4DF4A14F448F06399AF91AD181 |
SHA-256: | D39D0B1EFEED58E2CA55D6A9F7C5B10A91353AA4CBEDE15297DFEBFA0D358D9E |
SHA-512: | 4E96F8D0A62C59CBBDB9799F384291C88B22C996794A84AC69E0F07EFE6C55CC08A634D33A3B11716E5D3E47226D013A5DE3744D2CB6ADC6E76207715B98A7FA |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8302 |
Entropy (8bit): | 3.6998500413426703 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJto6tpWX6YEI6SUH5NgmfeJDrpr089bRpsfCObm:R6lXJi6tW6YE1SUH5NgmfeJD3RCfCj |
MD5: | EAFCA40006C6C316D90BEE485653765D |
SHA1: | 4DFA12C4883F817D7BC8F98FEC3B6438745FEE74 |
SHA-256: | AD230542FCB010F87101EC8B1A07AC2C1EFD74627CDCDC98C492A48B26F0B4D0 |
SHA-512: | 1C83960C2548F44F929BD1A74D51A5F863796D7F04486967F44884F07E6F7E908B0C779474E4861F4D556E26AB8F299701D4E2AE9E93B4A3DF7B5A3F4EB8FB7B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4585 |
Entropy (8bit): | 4.465536815918837 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsyJg77aI9ROWpW8VYQ0Ym8M4Jp8fiFqFNDo+q8o80u0nW0ud:uIjfAI77v7VbJp8bF9o5Bu0nW0ud |
MD5: | 0B77D030B7EF4018AA735B7A93CF17AF |
SHA1: | E8816154930087222CBEB3C0C20CCE8EED97E7D9 |
SHA-256: | ADBE23635D4ECD53D821FD2A3A4C238CAD0C53BD11BA10A276F76972FDB0ADCC |
SHA-512: | 278A539C5B6F12A77574F1810D184F47764FECE3B1C2CCEE96CD9EC6DFA6DBD744F1C414D37B010A21A4C5ABF8346A0DBDA8416FB36E7D41B4241FC54C99DA8D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 101108 |
Entropy (8bit): | 2.087840884203208 |
Encrypted: | false |
SSDEEP: | 384:AI5H5paX5X75HnEfEkxYaUCvZb9LaWQhLiyMDy3XO3yjC4Vq75Z6D1ubH3Pg3zIj:A8uZ5nEf7kWQL9OCpIj |
MD5: | E63835EB24058CCE2709C6C3D1A04320 |
SHA1: | 642C768FA1C31DB01ACFC1671702813DF072EF0C |
SHA-256: | FABF541552024AA176A63EEDAD79BB608770C053CCE35C86AC9726043CF98A58 |
SHA-512: | 4ACB13BDE6957BDF4F41AB28A6D9E5FF2B6B158A89F86AEAC70852C94C2221A6F2657B48D9B816518A6AE62B775DCF188A7F0B23D3F8F5D8C96EDE947BAD8F22 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8294 |
Entropy (8bit): | 3.6999052158755275 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJot63sr9e6Y9v6thWXgmf811rprO89bI8Rsf2WYm:R6lXJa6cI6Y16tegmfERI8Kf2Q |
MD5: | 083EA18287B1CC5FCA85B385211A203C |
SHA1: | D71C8757AF304C6ED61608C2246F18FCB3037DFA |
SHA-256: | CA0BFD84475392D6B934F25A2E6BE63482E034F516D2847DC0734A642D784700 |
SHA-512: | 9FE6C2E3B13E1FB88ED0889A2EE6B835A3568001BF5BCB7F1C9395FB118C27879657BA3CF3FFED9DA846C916826AA153E3A33C529D45DFECC18E0C3690441970 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4628 |
Entropy (8bit): | 4.448620318724153 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsyJg77aI9ROWpW8VYCYm8M4JfuAsQF6sCj+q8olVuQgLuOLuWrd:uIjfAI77v7VyJfuLtZvlgBukuWrd |
MD5: | 7FD1633C49059A3588F37F550D4A0872 |
SHA1: | 5D9F8E7B6F335F4DE3531F4B7712EBF4A14E9878 |
SHA-256: | D70D2C34C160C62C389D15B4EFC4367A7E3834A609FFCC3CF0CEED92471FE5E1 |
SHA-512: | D3877FA69A7976DEAEC601B1454C4624D2D3B16697A1A7ED73554C5707EA21EB78C2D6463E7E1F1E270E4F41CB63B4BB65EBE11ECE9E30762C04456DF77E3F1D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.4251801333705565 |
Encrypted: | false |
SSDEEP: | 6144:BSvfpi6ceLP/9skLmb0OTyWSPHaJG8nAgeMZMMhA2fX4WABlEnNl0uhiTw:YvloTyW+EZMM6DFyD03w |
MD5: | A2A5BF6F5D9FBB49F263B40CF802033B |
SHA1: | E85AF25CFFD99F90D093D9C9437DBD2C3734D855 |
SHA-256: | A096EC5DCD763AD9224659C670FEFE9BEF2389CDD582C56601EB59B808622998 |
SHA-512: | 0BF4E231F06EE1D21E7C90417F34715AB0DD06DFB55DBFC9075B1182FED169EC2236A171D0E3D65C15E65E40D3A8F24DE551E486DD51FD0740A59DE7F99EB874 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.661614937929796 |
TrID: |
|
File name: | mkFOY01Gl5.exe |
File size: | 528'384 bytes |
MD5: | 0309dd0131150796ea99b30a62194fae |
SHA1: | 2df6e334708eae810a74b844fd57e18e9fdc34cd |
SHA256: | 07c09ba5a84f619e5b83a54298ffc58d20b00f14399c7a94b7f02b70efc60f35 |
SHA512: | 3d4e5a0718d04fee92d8040880b631107d1e23a6b3bce430d58769179af999c28b99e50c5cd45f283339f7bbb24ffacbf601a5447edb12e28da4517fbfa282e8 |
SSDEEP: | 12288:YwFARGxNB+mIuUOI+J0X6KALNGK34y1sB2Y+Jg4c:Yj4xb+mrZj1VHSB2Y6d |
TLSH: | 6FB4F10275C08072D573113605F8DBB86E3EB9704F6599CF97941B7E8F202E2FA35A6A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x...+...+...+z..*...+z..*...+z..*...+k\.*...+k\.*...+z..*...+...+(..+k\.*...+Z_.*...+Z_.*...+Z_.*...+Rich...+........PE..L.. |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x407452 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66810EB7 [Sun Jun 30 07:52:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | bea8657593f34831fef16a15915f462d |
Instruction |
---|
call 00007FCFAC6482AEh |
jmp 00007FCFAC647969h |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007FCFAC647B0Bh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007FCFAC647AFCh |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007FCFAC647AFEh |
add edx, 28h |
cmp edx, esi |
jne 00007FCFAC647ADCh |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007FCFAC647AEBh |
push esi |
call 00007FCFAC648584h |
test eax, eax |
je 00007FCFAC647B12h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 004801F0h |
mov edx, dword ptr [eax+04h] |
jmp 00007FCFAC647AF6h |
cmp edx, eax |
je 00007FCFAC647B02h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
jne 00007FCFAC647AE2h |
xor al, al |
pop esi |
ret |
mov al, 01h |
pop esi |
ret |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
jne 00007FCFAC647AF9h |
mov byte ptr [004801F4h], 00000001h |
call 00007FCFAC647DAAh |
call 00007FCFAC64AB17h |
test al, al |
jne 00007FCFAC647AF6h |
xor al, al |
pop ebp |
ret |
call 00007FCFAC6542E4h |
test al, al |
jne 00007FCFAC647AFCh |
push 00000000h |
call 00007FCFAC64AB1Eh |
pop ecx |
jmp 00007FCFAC647ADBh |
mov al, 01h |
pop ebp |
ret |
push ebp |
mov ebp, esp |
cmp byte ptr [004801F5h], 00000000h |
je 00007FCFAC647AF6h |
mov al, 01h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2f5c0 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2f610 | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x81000 | 0x1d1c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2d868 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2d7a8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x25000 | 0x164 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x22e06 | 0x23000 | bcfd4743919a7287f45509a4c87268d7 | False | 0.5696707589285714 | data | 6.6395354102405175 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.BsS | 0x24000 | 0xe1d | 0x1000 | cd00c5aad3fabcefbb666ed38bc94e75 | False | 0.571044921875 | data | 5.9592480997149915 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x25000 | 0xae34 | 0xb000 | 269cf7a3d1bfd5dc301125bba1094a1e | False | 0.42329545454545453 | data | 5.043395030886215 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x30000 | 0x50cf4 | 0x4fe00 | 20ba1805648860606c3ba6a2c47c9c18 | False | 0.9885318857589984 | data | 7.990757511119703 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x81000 | 0x1d1c | 0x1e00 | 1fc36b079fe1a28d899aecb42986d0b4 | False | 0.76484375 | data | 6.493243062616553 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
USER32.dll | OffsetRect |
KERNEL32.dll | CreateFileW, HeapSize, GetProcessHeap, SetStdHandle, WaitForSingleObject, CreateThread, VirtualAlloc, GetModuleHandleA, GetProcAddress, GetConsoleWindow, CloseHandle, WaitForSingleObjectEx, GetCurrentThreadId, GetExitCodeThread, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, ReleaseSRWLockExclusive, WakeAllConditionVariable, EncodePointer, DecodePointer, MultiByteToWideChar, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetStringTypeW, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, SetEnvironmentVariableW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetCommandLineA, GetCommandLineW, HeapAlloc, HeapFree, GetFileType, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW |
Name | Ordinal | Address |
---|---|---|
IUAhsiuchniuohAIU | 1 | 0x424d00 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 09:23:35.287076950 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:35.287127018 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:35.287193060 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:35.289505005 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:35.289526939 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.063465118 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.063615084 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.067439079 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.067455053 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.067749023 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.120342016 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.120362997 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.120522976 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.507936001 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.508028984 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.508122921 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.510570049 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.510600090 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.510615110 CEST | 49704 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.510622025 CEST | 443 | 49704 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.516469002 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.516520977 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:51.516696930 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.517065048 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:51.517074108 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.250397921 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.250524044 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.252046108 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.252053976 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.252305984 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.255815029 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.255844116 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.255911112 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692200899 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692240953 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692274094 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692332029 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.692339897 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692382097 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.692385912 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692420006 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692449093 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692497969 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.692502975 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692573071 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.692744970 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.692888975 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.693026066 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.693032026 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.735049009 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.735059023 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.781858921 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.784363985 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784504890 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784533978 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784558058 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784569979 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.784578085 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784621000 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.784720898 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.784770966 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.785049915 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.785063982 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.785087109 CEST | 49707 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.785094976 CEST | 443 | 49707 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.822515011 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.822570086 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:52.822642088 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.822978020 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:52.822998047 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.292536974 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.292622089 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.294410944 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.294428110 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.294707060 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.295975924 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.296132088 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.296160936 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.726450920 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.726541996 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.726609945 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.726772070 CEST | 49708 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.726797104 CEST | 443 | 49708 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.775541067 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.775573969 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:53.775713921 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.776020050 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:53.776030064 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.296291113 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.296561003 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.297971010 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.297980070 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.298336029 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.299654007 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.299787998 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.299808979 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.299863100 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.299869061 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.727808952 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.727890015 CEST | 443 | 49709 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.728008032 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.728028059 CEST | 49709 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.931252003 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.931314945 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:54.931523085 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.931829929 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:54.931838036 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:55.410425901 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:55.410516977 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:55.411695004 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:55.411726952 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:55.411993980 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:55.413160086 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:55.413330078 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:55.413369894 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:55.413455963 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:55.413475037 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.237123966 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.237222910 CEST | 443 | 49711 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.237431049 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.237466097 CEST | 49711 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.329623938 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.329658985 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.329731941 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.330199957 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.330214024 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.801548004 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.801645041 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.802887917 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.802898884 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.803142071 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:56.810775042 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.810842991 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:56.810893059 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.184555054 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.184659004 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.184762001 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.184812069 CEST | 49714 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.184839964 CEST | 443 | 49714 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.204365969 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.204401016 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.204499960 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.205003023 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.205014944 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.678580999 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.678715944 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.680118084 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.680129051 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.680368900 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:57.689659119 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.689759016 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:57.689768076 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:58.337007046 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:58.337086916 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:58.337819099 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:58.337960958 CEST | 49716 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:58.337971926 CEST | 443 | 49716 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:58.772373915 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:58.772414923 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:58.772597075 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:58.772937059 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:58.772947073 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.258069038 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.258153915 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.262991905 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.263009071 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.263340950 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.264847040 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.265666962 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.265705109 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.265826941 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.265856028 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266005993 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266041040 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266158104 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266191959 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266531944 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266586065 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266753912 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266786098 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266802073 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266835928 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266881943 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.266902924 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.266923904 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.267030954 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.267061949 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.278678894 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.278918028 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.278954029 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.278964043 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.278991938 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:23:59.279011965 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:23:59.284048080 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:00.655746937 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:00.655853987 CEST | 443 | 49719 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:00.656167984 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:00.656186104 CEST | 49719 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:00.658262014 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:00.658288956 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:00.658371925 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:00.658715010 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:00.658726931 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.165406942 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.165471077 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.166763067 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.166769981 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.167005062 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.171936989 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.171967983 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.172044992 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.840889931 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.840986013 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.841029882 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.841214895 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.841214895 CEST | 49720 | 443 | 192.168.2.5 | 188.114.96.3 |
Jul 1, 2024 09:24:01.841231108 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Jul 1, 2024 09:24:01.841239929 CEST | 443 | 49720 | 188.114.96.3 | 192.168.2.5 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 1, 2024 09:23:34.103715897 CEST | 53170 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 1, 2024 09:23:35.118236065 CEST | 53170 | 53 | 192.168.2.5 | 1.1.1.1 |
Jul 1, 2024 09:23:35.261765003 CEST | 53 | 53170 | 1.1.1.1 | 192.168.2.5 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 1, 2024 09:23:34.103715897 CEST | 192.168.2.5 | 1.1.1.1 | 0x8881 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Jul 1, 2024 09:23:35.118236065 CEST | 192.168.2.5 | 1.1.1.1 | 0x8881 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 1, 2024 09:23:35.261765003 CEST | 1.1.1.1 | 192.168.2.5 | 0x8881 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 1, 2024 09:23:35.261765003 CEST | 1.1.1.1 | 192.168.2.5 | 0x8881 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.5 | 49704 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:51 UTC | 264 | OUT | |
2024-07-01 07:23:51 UTC | 8 | OUT | |
2024-07-01 07:23:51 UTC | 802 | IN | |
2024-07-01 07:23:51 UTC | 7 | IN | |
2024-07-01 07:23:51 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.5 | 49707 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:52 UTC | 265 | OUT | |
2024-07-01 07:23:52 UTC | 53 | OUT | |
2024-07-01 07:23:52 UTC | 810 | IN | |
2024-07-01 07:23:52 UTC | 559 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 10 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN | |
2024-07-01 07:23:52 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.5 | 49708 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:53 UTC | 283 | OUT | |
2024-07-01 07:23:53 UTC | 12841 | OUT | |
2024-07-01 07:23:53 UTC | 802 | IN | |
2024-07-01 07:23:53 UTC | 19 | IN | |
2024-07-01 07:23:53 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.5 | 49709 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:54 UTC | 283 | OUT | |
2024-07-01 07:23:54 UTC | 15083 | OUT | |
2024-07-01 07:23:54 UTC | 802 | IN | |
2024-07-01 07:23:54 UTC | 19 | IN | |
2024-07-01 07:23:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.5 | 49711 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:55 UTC | 283 | OUT | |
2024-07-01 07:23:55 UTC | 15331 | OUT | |
2024-07-01 07:23:55 UTC | 5242 | OUT | |
2024-07-01 07:23:56 UTC | 800 | IN | |
2024-07-01 07:23:56 UTC | 19 | IN | |
2024-07-01 07:23:56 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.5 | 49714 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:56 UTC | 282 | OUT | |
2024-07-01 07:23:56 UTC | 3806 | OUT | |
2024-07-01 07:23:57 UTC | 806 | IN | |
2024-07-01 07:23:57 UTC | 19 | IN | |
2024-07-01 07:23:57 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.5 | 49716 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:57 UTC | 282 | OUT | |
2024-07-01 07:23:57 UTC | 1299 | OUT | |
2024-07-01 07:23:58 UTC | 812 | IN | |
2024-07-01 07:23:58 UTC | 19 | IN | |
2024-07-01 07:23:58 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.5 | 49719 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:23:59 UTC | 284 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:23:59 UTC | 15331 | OUT | |
2024-07-01 07:24:00 UTC | 806 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.5 | 49720 | 188.114.96.3 | 443 | 6176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-01 07:24:01 UTC | 265 | OUT | |
2024-07-01 07:24:01 UTC | 88 | OUT | |
2024-07-01 07:24:01 UTC | 804 | IN | |
2024-07-01 07:24:01 UTC | 54 | IN | |
2024-07-01 07:24:01 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:23:32 |
Start date: | 01/07/2024 |
Path: | C:\Users\user\Desktop\mkFOY01Gl5.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf0000 |
File size: | 528'384 bytes |
MD5 hash: | 0309DD0131150796EA99B30A62194FAE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:23:32 |
Start date: | 01/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6d64d0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 03:23:33 |
Start date: | 01/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x340000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 03:23:33 |
Start date: | 01/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x570000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 7 |
Start time: | 03:23:33 |
Start date: | 01/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 11 |
Start time: | 03:24:01 |
Start date: | 01/07/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1000000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 4.1% |
Dynamic/Decrypted Code Coverage: | 0.4% |
Signature Coverage: | 1.6% |
Total number of Nodes: | 1970 |
Total number of Limit Nodes: | 58 |
Graph
Function 022C018D Relevance: 44.0, APIs: 11, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00114920 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 214synchronizationthreadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00106AF1 Relevance: .0, Instructions: 29COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00114D20 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 61libraryloaderCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00106494 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00114000 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FE516 Relevance: 4.6, APIs: 3, Instructions: 51threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00114BD0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 107memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00106182 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FE3BA Relevance: 3.0, APIs: 2, Instructions: 38threadCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00104F0C Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F625D Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010DD28 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010D599 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00105289 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F7CC9 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010D9AC Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00100B00 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F779C Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010AA16 Relevance: 1.6, APIs: 1, Instructions: 140COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FDAB4 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010DBFF Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010DE2E Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010D794 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F7E25 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010E15F Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F3D50 Relevance: .4, Instructions: 379COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00106B35 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00101FC4 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F7152 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FA918 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00109C65 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F6E28 Relevance: 12.2, APIs: 8, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F2230 Relevance: 9.1, APIs: 6, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00101FE6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00107B03 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F59BD Relevance: 7.6, APIs: 5, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FB6F2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010A7D3 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00101056 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0010B769 Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000FACBD Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 000F2420 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 15.1% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 18.2% |
Total number of Nodes: | 335 |
Total number of Limit Nodes: | 25 |
Graph
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FF30 Relevance: 11.5, Strings: 9, Instructions: 270COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424F10 Relevance: 4.3, Strings: 3, Instructions: 596COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043AAC0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 12libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425350 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B990 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041FAE0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004180AA Relevance: .2, Instructions: 213COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004212D0 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00402D60 Relevance: .2, Instructions: 182COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B00A Relevance: .1, Instructions: 87COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F339 Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A580 Relevance: 102.2, APIs: 2, Strings: 56, Instructions: 678libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D670 Relevance: 1.6, APIs: 1, Instructions: 76memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A71C Relevance: 1.6, APIs: 1, Instructions: 70libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438800 Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004103F7 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A100 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004389C2 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043AA76 Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423976 Relevance: 6.9, Strings: 5, Instructions: 640COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00425A2A Relevance: 1.7, Strings: 1, Instructions: 456COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004241DE Relevance: 1.7, Strings: 1, Instructions: 405COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436AD2 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413D71 Relevance: 1.4, Strings: 1, Instructions: 154COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043AC04 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C4BB Relevance: .8, Instructions: 841COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004083F0 Relevance: .8, Instructions: 827COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C5C0 Relevance: .8, Instructions: 812COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C7C0 Relevance: .7, Instructions: 690COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439270 Relevance: .7, Instructions: 656COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C8C0 Relevance: .6, Instructions: 648COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041BB40 Relevance: .5, Instructions: 459COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413940 Relevance: .4, Instructions: 448COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416AD0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438C80 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416637 Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00433BF0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426A10 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421EB0 Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422E75 Relevance: .0, Instructions: 30COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EA70 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041343E Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426483 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B776 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|