Windows
Analysis Report
Launcher.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Launcher.exe (PID: 6628 cmdline:
"C:\Users\ user\Deskt op\Launche r.exe" MD5: EB703224C407D3D68B7FBD444CC2DFC3) - conhost.exe (PID: 6552 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 3868 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
{"C2 url": ["kaminiasbbefow.shop"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 2024-07-26T20:37:04.604918+0200 |
SID: | 2048094 |
Source Port: | 49733 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T20:37:11.134815+0200 |
SID: | 2054653 |
Source Port: | 49737 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T20:37:07.763651+0200 |
SID: | 2843864 |
Source Port: | 49736 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T20:37:03.519551+0200 |
SID: | 2048094 |
Source Port: | 49732 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | Malware Command and Control Activity Detected |
Timestamp: | 2024-07-26T20:37:02.375727+0200 |
SID: | 2054653 |
Source Port: | 49731 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T20:37:01.200358+0200 |
SID: | 2054653 |
Source Port: | 49730 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 2024-07-26T20:37:16.591630+0200 |
SID: | 2022930 |
Source Port: | 443 |
Destination Port: | 49738 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_004168B0 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_005185E9 |
Source: | Code function: | 0_2_00538160 | |
Source: | Code function: | 0_2_005401A0 | |
Source: | Code function: | 0_2_00566270 | |
Source: | Code function: | 0_2_0056432E | |
Source: | Code function: | 0_2_00534410 | |
Source: | Code function: | 0_2_0055049E | |
Source: | Code function: | 0_2_0054057E | |
Source: | Code function: | 0_2_0053C5CE | |
Source: | Code function: | 0_2_0053C663 | |
Source: | Code function: | 0_2_0053C663 | |
Source: | Code function: | 0_2_0054E600 | |
Source: | Code function: | 0_2_0054A690 | |
Source: | Code function: | 0_2_005646B7 | |
Source: | Code function: | 0_2_0055077B | |
Source: | Code function: | 0_2_0055077B | |
Source: | Code function: | 0_2_00550703 | |
Source: | Code function: | 0_2_00550703 | |
Source: | Code function: | 0_2_00552850 | |
Source: | Code function: | 0_2_00566850 | |
Source: | Code function: | 0_2_0054E82F | |
Source: | Code function: | 0_2_005506FE | |
Source: | Code function: | 0_2_00562AA4 | |
Source: | Code function: | 0_2_00566B80 | |
Source: | Code function: | 0_2_0054AC10 | |
Source: | Code function: | 0_2_0054ED8E | |
Source: | Code function: | 0_2_00552DA1 | |
Source: | Code function: | 0_2_00552DA1 | |
Source: | Code function: | 0_2_0053CE07 | |
Source: | Code function: | 0_2_00551B17 | |
Source: | Code function: | 0_2_0055AF60 | |
Source: | Code function: | 0_2_00546FE0 | |
Source: | Code function: | 0_2_0053F0DB | |
Source: | Code function: | 0_2_00545090 | |
Source: | Code function: | 0_2_0056521C | |
Source: | Code function: | 0_2_0054F280 | |
Source: | Code function: | 0_2_0053F373 | |
Source: | Code function: | 0_2_0054F630 | |
Source: | Code function: | 0_2_00565780 | |
Source: | Code function: | 0_2_00565950 | |
Source: | Code function: | 0_2_0052F9D0 | |
Source: | Code function: | 0_2_0053DA83 | |
Source: | Code function: | 0_2_0053DA83 | |
Source: | Code function: | 0_2_00565B00 | |
Source: | Code function: | 0_2_0052DB90 | |
Source: | Code function: | 0_2_0054DC10 | |
Source: | Code function: | 0_2_0055FCD0 | |
Source: | Code function: | 0_2_00533D60 | |
Source: | Code function: | 0_2_00563D8C | |
Source: | Code function: | 0_2_0053FE47 | |
Source: | Code function: | 0_2_00561E70 | |
Source: | Code function: | 0_2_0054DE26 | |
Source: | Code function: | 0_2_0052DEF0 | |
Source: | Code function: | 0_2_0054FF40 | |
Source: | Code function: | 0_2_00533FF0 | |
Source: | Code function: | 2_2_0040A000 | |
Source: | Code function: | 2_2_00420800 | |
Source: | Code function: | 2_2_004241F0 | |
Source: | Code function: | 2_2_00412253 | |
Source: | Code function: | 2_2_00412253 | |
Source: | Code function: | 2_2_00412253 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_0043B540 | |
Source: | Code function: | 2_2_0043BE60 | |
Source: | Code function: | 2_2_0043B6F0 | |
Source: | Code function: | 2_2_0043C770 | |
Source: | Code function: | 2_2_00415F00 | |
Source: | Code function: | 2_2_004358C0 | |
Source: | Code function: | 2_2_00409950 | |
Source: | Code function: | 2_2_00413972 | |
Source: | Code function: | 2_2_00413972 | |
Source: | Code function: | 2_2_00407174 | |
Source: | Code function: | 2_2_0043997C | |
Source: | Code function: | 2_2_004149E6 | |
Source: | Code function: | 2_2_004149E6 | |
Source: | Code function: | 2_2_0042319C | |
Source: | Code function: | 2_2_0043A9B2 | |
Source: | Code function: | 2_2_00437A60 | |
Source: | Code function: | 2_2_00423A16 | |
Source: | Code function: | 2_2_00425220 | |
Source: | Code function: | 2_2_00415A37 | |
Source: | Code function: | 2_2_00420280 | |
Source: | Code function: | 2_2_00430B50 | |
Source: | Code function: | 2_2_00423361 | |
Source: | Code function: | 2_2_0043B370 | |
Source: | Code function: | 2_2_0041CBD0 | |
Source: | Code function: | 2_2_00409BE0 | |
Source: | Code function: | 2_2_00428440 | |
Source: | Code function: | 2_2_0043C440 | |
Source: | Code function: | 2_2_0041AC80 | |
Source: | Code function: | 2_2_0040DD50 | |
Source: | Code function: | 2_2_004055C0 | |
Source: | Code function: | 2_2_0043AD80 | |
Source: | Code function: | 2_2_00415D90 | |
Source: | Code function: | 2_2_00424E70 | |
Source: | Code function: | 2_2_00413601 | |
Source: | Code function: | 2_2_00413601 | |
Source: | Code function: | 2_2_00411FEF | |
Source: | Code function: | 2_2_00403780 |
Networking |
---|
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_0042D8C0 |
Source: | Code function: | 2_2_0042D8C0 |
Source: | Code function: | 2_2_0042E8E8 |
Source: | Code function: | 0_2_0054A4B6 | |
Source: | Code function: | 0_2_00566530 | |
Source: | Code function: | 0_2_00566850 | |
Source: | Code function: | 0_2_00532870 | |
Source: | Code function: | 0_2_0052E8C0 | |
Source: | Code function: | 0_2_005549DC | |
Source: | Code function: | 0_2_00530B30 | |
Source: | Code function: | 0_2_0055CD20 | |
Source: | Code function: | 0_2_0054CEB0 | |
Source: | Code function: | 0_2_00539270 | |
Source: | Code function: | 0_2_0052F2A0 | |
Source: | Code function: | 0_2_00533550 | |
Source: | Code function: | 0_2_005177CA | |
Source: | Code function: | 0_2_0054F8D0 | |
Source: | Code function: | 0_2_0054B8E0 | |
Source: | Code function: | 0_2_00561E70 | |
Source: | Code function: | 0_2_0052FE24 | |
Source: | Code function: | 0_2_0052DEF0 | |
Source: | Code function: | 2_2_00421970 | |
Source: | Code function: | 2_2_0041E110 | |
Source: | Code function: | 2_2_0040F1B0 | |
Source: | Code function: | 2_2_00412253 | |
Source: | Code function: | 2_2_00425B30 | |
Source: | Code function: | 2_2_00420BEC | |
Source: | Code function: | 2_2_00404E90 | |
Source: | Code function: | 2_2_004117FB | |
Source: | Code function: | 2_2_00433790 | |
Source: | Code function: | 2_2_0041E054 | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_00409140 | |
Source: | Code function: | 2_2_00407174 | |
Source: | Code function: | 2_2_00432910 | |
Source: | Code function: | 2_2_0043C120 | |
Source: | Code function: | 2_2_0042292B | |
Source: | Code function: | 2_2_004149E6 | |
Source: | Code function: | 2_2_0042319C | |
Source: | Code function: | 2_2_0043A9B2 | |
Source: | Code function: | 2_2_00437A60 | |
Source: | Code function: | 2_2_0042127D | |
Source: | Code function: | 2_2_00406222 | |
Source: | Code function: | 2_2_00415232 | |
Source: | Code function: | 2_2_00420280 | |
Source: | Code function: | 2_2_00421A95 | |
Source: | Code function: | 2_2_00423361 | |
Source: | Code function: | 2_2_0043A300 | |
Source: | Code function: | 2_2_0043C440 | |
Source: | Code function: | 2_2_00405C04 | |
Source: | Code function: | 2_2_004254C0 | |
Source: | Code function: | 2_2_004084FB | |
Source: | Code function: | 2_2_004044BF | |
Source: | Code function: | 2_2_0040BD07 | |
Source: | Code function: | 2_2_0042A5CC | |
Source: | Code function: | 2_2_0043AD80 | |
Source: | Code function: | 2_2_00406DB0 | |
Source: | Code function: | 2_2_00401644 | |
Source: | Code function: | 2_2_0040EE60 | |
Source: | Code function: | 2_2_0041FE25 | |
Source: | Code function: | 2_2_00407628 | |
Source: | Code function: | 2_2_00405EE6 | |
Source: | Code function: | 2_2_0043A6B0 | |
Source: | Code function: | 2_2_00406720 | |
Source: | Code function: | 2_2_00401FA0 |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_00428D80 |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_005087B2 |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_005185E9 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_00438D50 |
Source: | Code function: | 0_2_00508DFE |
Source: | Code function: | 0_2_005105AA | |
Source: | Code function: | 0_2_00513E62 |
Source: | Code function: | 0_2_00519720 |
Source: | Code function: | 0_2_00508DFE | |
Source: | Code function: | 0_2_0050CDE3 | |
Source: | Code function: | 0_2_00508F5A | |
Source: | Code function: | 0_2_00509015 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_0147018D |
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_00508BF5 |
Source: | Code function: | 0_2_0051B338 | |
Source: | Code function: | 0_2_0051B533 | |
Source: | Code function: | 0_2_0051B5DA | |
Source: | Code function: | 0_2_0051B625 | |
Source: | Code function: | 0_2_0051B6C0 | |
Source: | Code function: | 0_2_005136E5 | |
Source: | Code function: | 0_2_0051B74B | |
Source: | Code function: | 0_2_0051B99E | |
Source: | Code function: | 0_2_0051BAC7 | |
Source: | Code function: | 0_2_0051BBCD | |
Source: | Code function: | 0_2_00513C0B | |
Source: | Code function: | 0_2_0051BC9C |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_005083F3 |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 411 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Screen Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 411 Process Injection | LSASS Memory | 131 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Deobfuscate/Decode Files or Information | Security Account Manager | 11 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 21 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 11 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 33 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win32.Trojan.Stealerc | ||
100% | Avira | HEUR/AGEN.1352999 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
kaminiasbbefow.shop | 188.114.96.3 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.114.96.3 | kaminiasbbefow.shop | European Union | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1483203 |
Start date and time: | 2024-07-26 20:36:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Launcher.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/0@1/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded IPs from analysis (whitelisted): 13.85.23.206
- Excluded domains from analysis (whitelisted): fe3.delivery.mp.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, glb.cws.prod.dcat.dsp.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: Launcher.exe
Time | Type | Description |
---|---|---|
14:37:01 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
188.114.96.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | FormBook, PureLog Stealer | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Amadey, Babadeda, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Babadeda | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Babadeda, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Babadeda, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | CobaltStrike, ReflectiveLoader | Browse |
| ||
Get hash | malicious | Amadey, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
File type: | |
Entropy (8bit): | 7.649441362291848 |
TrID: |
|
File name: | Launcher.exe |
File size: | 487'936 bytes |
MD5: | eb703224c407d3d68b7fbd444cc2dfc3 |
SHA1: | 2c11f4fd7e736ba67ba7a9e5f4e79f5c7c5edebe |
SHA256: | f9544eee0a9c3a07cd8b5a912cdbc5c75252cd951709e409b53027310b3a969e |
SHA512: | da1448222d34f4af9d7112342e2a7a45413d3aabb91917e286fab726152311a38c3a80c6e821ff8d8b55d04d0b01301d8299edad56123eb9c7f42d543a95dae5 |
SSDEEP: | 6144:e24ml/xWmgXhnmrCX6iQK6BHVlsdssys1FdUf7HGrzKGzTnkT+UKSgLjwfqSOOgr:e2np7ggpHVyyslQGrz5kqUeLjwCSO/ |
TLSH: | 20A4F151B4C08073C673253509E8D7B89E7EB9704FA68DAFAB944F7E0F30281E621667 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........wq..."..."..."]..#..."]..#'.."]..#..."LE.#..."]..#..."..."..."LE.#..."LE.#..."}F.#..."}F.#..."Rich..."................PE..L.. |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x408acb |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x669FC4D3 [Tue Jul 23 14:57:23 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 42eb2b50acad70f9618962bfa70c7f34 |
Instruction |
---|
call 00007F8BE08D81C4h |
jmp 00007F8BE08D78A9h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 0Fh |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007F8BE08D82AFh |
push ecx |
lea ecx, dword ptr [esp+08h] |
sub ecx, eax |
and ecx, 07h |
add eax, ecx |
sbb ecx, ecx |
or eax, ecx |
pop ecx |
jmp 00007F8BE08D8299h |
int3 |
int3 |
int3 |
int3 |
push ebx |
push esi |
mov eax, dword ptr [esp+18h] |
or eax, eax |
jne 00007F8BE08D7A4Ah |
mov ecx, dword ptr [esp+14h] |
mov eax, dword ptr [esp+10h] |
xor edx, edx |
div ecx |
mov ebx, eax |
mov eax, dword ptr [esp+0Ch] |
div ecx |
mov edx, ebx |
jmp 00007F8BE08D7A73h |
mov ecx, eax |
mov ebx, dword ptr [esp+14h] |
mov edx, dword ptr [esp+10h] |
mov eax, dword ptr [esp+0Ch] |
shr ecx, 1 |
rcr ebx, 1 |
shr edx, 1 |
rcr eax, 1 |
or ecx, ecx |
jne 00007F8BE08D7A26h |
div ebx |
mov esi, eax |
mul dword ptr [esp+18h] |
mov ecx, eax |
mov eax, dword ptr [esp+14h] |
mul esi |
add edx, ecx |
jc 00007F8BE08D7A40h |
cmp edx, dword ptr [esp+10h] |
jnbe 00007F8BE08D7A3Ah |
jc 00007F8BE08D7A39h |
cmp eax, dword ptr [esp+0Ch] |
jbe 00007F8BE08D7A33h |
dec esi |
xor edx, edx |
mov eax, esi |
pop esi |
pop ebx |
retn 0010h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
push ebx |
mov eax, dword ptr [esp+14h] |
or eax, eax |
jne 00007F8BE08D7A4Ah |
mov ecx, dword ptr [esp+10h] |
mov eax, dword ptr [esp+0Ch] |
xor edx, edx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x29dfc | 0x3c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x79000 | 0x1f94 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x273a8 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x27400 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x272e8 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x20000 | 0x174 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1ea87 | 0x1ec00 | 74572ee2a8ffc122bc46d570bdda8c33 | False | 0.5812849339430894 | data | 6.594277178434165 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x20000 | 0xa6ac | 0xa800 | 549803e1e95103221385d77eb03d4bce | False | 0.38292875744047616 | data | 4.621267525953547 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2b000 | 0x4c404 | 0x4b400 | 10967ebb64f3fd60c9b1079da1c80c30 | False | 0.9841478924418605 | data | 7.988911210370472 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bsS | 0x78000 | 0x4ac | 0x600 | f929bf25d4c42bd01cdad568b5fe4d8a | False | 0.4791666666666667 | data | 5.111291762588542 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x79000 | 0x1f94 | 0x2000 | 7b02f8bc0bbb94c166c37781d6f450c4 | False | 0.7503662109375 | data | 6.5259141747211675 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
DLL | Import |
---|---|
USER32.dll | OffsetRect |
KERNEL32.dll | GetCPInfo, CreateFileW, WaitForSingleObject, CreateThread, VirtualAllocEx, FreeConsole, RaiseException, InitOnceBeginInitialize, InitOnceComplete, CloseHandle, GetCurrentThreadId, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, TryAcquireSRWLockExclusive, WakeAllConditionVariable, SleepConditionVariableSRW, GetLastError, FreeLibraryWhenCallbackReturns, CreateThreadpoolWork, SubmitThreadpoolWork, CloseThreadpoolWork, GetModuleHandleExW, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, QueryPerformanceCounter, EncodePointer, DecodePointer, MultiByteToWideChar, WideCharToMultiByte, LCMapStringEx, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, GetStringTypeW, WriteConsoleW, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, HeapSize, RtlUnwind, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, ExitProcess, GetModuleFileNameW, GetStdHandle, WriteFile, GetCommandLineA, GetCommandLineW, HeapFree, HeapAlloc, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, GetFileSizeEx, SetFilePointerEx, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, GetProcessHeap, SetStdHandle |
Timestamp | Protocol | SID | Signature | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
2024-07-26T20:37:04.604918+0200 | TCP | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:11.134815+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:07.763651+0200 | TCP | 2843864 | ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:03.519551+0200 | TCP | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:02.375727+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:01.200358+0200 | TCP | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
2024-07-26T20:37:16.591630+0200 | TCP | 2022930 | ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow | 443 | 49738 | 40.68.123.157 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 20:37:00.239495039 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.239547968 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:00.239809036 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.242954016 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.242996931 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:00.722800970 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:00.722986937 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.725744009 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.725770950 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:00.726277113 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:00.773190975 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.811661959 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.811662912 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:00.811853886 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.200427055 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.200675964 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.200841904 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.210405111 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.210467100 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.210511923 CEST | 49730 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.210530043 CEST | 443 | 49730 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.246746063 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.246835947 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.246921062 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.289097071 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.289141893 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.808269978 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.808423042 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.820252895 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.820287943 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.820720911 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:01.866784096 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.875473022 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.875516891 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:01.875730038 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.375708103 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.375823021 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.375902891 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.375936031 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.375960112 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.375972033 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376027107 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376060963 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.376082897 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.376090050 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376101971 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376157999 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376159906 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.376173973 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376224041 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.376225948 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376235962 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.376291037 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.380234957 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.429402113 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.465967894 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.466284990 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.466407061 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.466464996 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.466511965 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.466547012 CEST | 49731 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.466559887 CEST | 443 | 49731 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.518488884 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.518578053 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.518696070 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.519079924 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.519159079 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.983551979 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.983655930 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.984896898 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.984924078 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.985284090 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.986387014 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.986525059 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.986572027 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:02.986644983 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:02.986660004 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:03.519476891 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:03.519737005 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:03.519731998 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:03.519808054 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:03.538316011 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:03.538409948 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:03.538804054 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:03.538985968 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:03.539019108 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.100075960 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.100270033 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.101557016 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.101572037 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.101891041 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.103070974 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.103179932 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.103209019 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.604810953 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.605005026 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.605106115 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.605106115 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.680084944 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.680135012 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.680216074 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.680519104 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.680533886 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:04.913705111 CEST | 49733 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:04.913743019 CEST | 443 | 49733 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.176532984 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.176692963 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.177756071 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.177777052 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.178111076 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.179744959 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.179903030 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.179941893 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.180027962 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.180043936 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.739974022 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.740196943 CEST | 443 | 49734 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.740252018 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.740252018 CEST | 49734 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.958101988 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.958183050 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:05.958436966 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.958935976 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:05.958973885 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.428534031 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.428843975 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.430555105 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.430581093 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.430989027 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.432060003 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.432209015 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.432218075 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.839179039 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.839423895 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:06.839497089 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.839576960 CEST | 49735 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:06.839595079 CEST | 443 | 49735 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.263658047 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.263703108 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.263917923 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.264107943 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.264121056 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.758269072 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.758363962 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.760080099 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.760107994 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.760656118 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.762262106 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.762999058 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.763046026 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.763176918 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.763221979 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.763345957 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.763381004 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.763535976 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.763571978 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.763751030 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.763788939 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.763967991 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.764008999 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.764031887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.764200926 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.764242887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.774375916 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.774595022 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.774636984 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.774671078 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.774693012 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.774756908 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.774806976 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.774863958 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.781104088 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:07.781236887 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:07.781296968 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.158227921 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.158457041 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.158524036 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.158560038 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.162597895 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.162687063 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.162797928 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.163193941 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.163227081 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.650857925 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.651099920 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.652537107 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.652565002 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.653503895 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:10.654597998 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.654638052 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:10.654967070 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:11.134851933 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:11.135075092 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:11.135158062 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:11.135261059 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:11.135261059 CEST | 49737 | 443 | 192.168.2.4 | 188.114.96.3 |
Jul 26, 2024 20:37:11.135307074 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Jul 26, 2024 20:37:11.135340929 CEST | 443 | 49737 | 188.114.96.3 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 26, 2024 20:37:00.219902992 CEST | 50460 | 53 | 192.168.2.4 | 1.1.1.1 |
Jul 26, 2024 20:37:00.235589981 CEST | 53 | 50460 | 1.1.1.1 | 192.168.2.4 |
Jul 26, 2024 20:37:16.322124958 CEST | 53 | 63354 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Jul 26, 2024 20:37:00.219902992 CEST | 192.168.2.4 | 1.1.1.1 | 0x38f0 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Jul 26, 2024 20:37:00.235589981 CEST | 1.1.1.1 | 192.168.2.4 | 0x38f0 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Jul 26, 2024 20:37:00.235589981 CEST | 1.1.1.1 | 192.168.2.4 | 0x38f0 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49730 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:00 UTC | 266 | OUT | |
2024-07-26 18:37:00 UTC | 8 | OUT | |
2024-07-26 18:37:01 UTC | 800 | IN | |
2024-07-26 18:37:01 UTC | 7 | IN | |
2024-07-26 18:37:01 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49731 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:01 UTC | 267 | OUT | |
2024-07-26 18:37:01 UTC | 57 | OUT | |
2024-07-26 18:37:02 UTC | 810 | IN | |
2024-07-26 18:37:02 UTC | 559 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 181 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN | |
2024-07-26 18:37:02 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:02 UTC | 285 | OUT | |
2024-07-26 18:37:02 UTC | 15331 | OUT | |
2024-07-26 18:37:02 UTC | 2842 | OUT | |
2024-07-26 18:37:03 UTC | 804 | IN | |
2024-07-26 18:37:03 UTC | 19 | IN | |
2024-07-26 18:37:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49733 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:04 UTC | 284 | OUT | |
2024-07-26 18:37:04 UTC | 8794 | OUT | |
2024-07-26 18:37:04 UTC | 808 | IN | |
2024-07-26 18:37:04 UTC | 19 | IN | |
2024-07-26 18:37:04 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49734 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:05 UTC | 285 | OUT | |
2024-07-26 18:37:05 UTC | 15331 | OUT | |
2024-07-26 18:37:05 UTC | 5116 | OUT | |
2024-07-26 18:37:05 UTC | 796 | IN | |
2024-07-26 18:37:05 UTC | 19 | IN | |
2024-07-26 18:37:05 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49735 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:06 UTC | 284 | OUT | |
2024-07-26 18:37:06 UTC | 1265 | OUT | |
2024-07-26 18:37:06 UTC | 800 | IN | |
2024-07-26 18:37:06 UTC | 19 | IN | |
2024-07-26 18:37:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:07 UTC | 286 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:07 UTC | 15331 | OUT | |
2024-07-26 18:37:10 UTC | 802 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49737 | 188.114.96.3 | 443 | 3868 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-07-26 18:37:10 UTC | 267 | OUT | |
2024-07-26 18:37:10 UTC | 92 | OUT | |
2024-07-26 18:37:11 UTC | 800 | IN | |
2024-07-26 18:37:11 UTC | 54 | IN | |
2024-07-26 18:37:11 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 14:36:58 |
Start date: | 26/07/2024 |
Path: | C:\Users\user\Desktop\Launcher.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x500000 |
File size: | 487'936 bytes |
MD5 hash: | EB703224C407D3D68B7FBD444CC2DFC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 14:36:58 |
Start date: | 26/07/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 14:36:59 |
Start date: | 26/07/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x530000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.9% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 5.1% |
Total number of Nodes: | 292 |
Total number of Limit Nodes: | 17 |
Graph
Function 0147018D Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005105AA Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005138AE Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 74COMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050525A Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 50memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00510536 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 15COMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00515A2E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80fileCOMMONLIBRARYCODE
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00513979 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57COMMONLIBRARYCODE
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00513E93 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00514082 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050504D Relevance: 3.0, APIs: 2, Instructions: 12synchronizationthreadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00505378 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00534410 Relevance: 11.7, Strings: 9, Instructions: 426COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0051BC9C Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0051B338 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005185E9 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 206fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0051BAC7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050CDE3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 77COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005083F3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27timeCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00508DFE Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054FF40 Relevance: 5.2, Strings: 4, Instructions: 234COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00545090 Relevance: 4.1, Strings: 3, Instructions: 381COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00533FF0 Relevance: 4.1, Strings: 3, Instructions: 322COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00565B00 Relevance: 3.9, Strings: 3, Instructions: 153COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005136E5 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 33COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052FE24 Relevance: 3.3, Strings: 2, Instructions: 819COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054F8D0 Relevance: 3.0, Strings: 2, Instructions: 543COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F2A0 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005506FE Relevance: 2.9, Strings: 2, Instructions: 403COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0055077B Relevance: 2.9, Strings: 2, Instructions: 393COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054B8E0 Relevance: 2.9, Strings: 2, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00566B80 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00533D60 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00508BF5 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00533550 Relevance: 1.6, Strings: 1, Instructions: 363COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0051BBCD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054AC10 Relevance: 1.5, Strings: 1, Instructions: 283COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00508F5A Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005549DC Relevance: 1.5, Strings: 1, Instructions: 226COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00565780 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00565950 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0055049E Relevance: 1.4, Strings: 1, Instructions: 134COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00519720 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00532870 Relevance: .9, Instructions: 867COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00561E70 Relevance: .8, Instructions: 788COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052DEF0 Relevance: .7, Instructions: 660COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052E8C0 Relevance: .6, Instructions: 608COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00530B30 Relevance: .5, Instructions: 545COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053C663 Relevance: .4, Instructions: 418COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00552850 Relevance: .3, Instructions: 321COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00566530 Relevance: .3, Instructions: 303COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053FE47 Relevance: .3, Instructions: 303COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00552DA1 Relevance: .3, Instructions: 296COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00566850 Relevance: .3, Instructions: 286COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00550703 Relevance: .3, Instructions: 285COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053DA83 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00566270 Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00546FE0 Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054F280 Relevance: .2, Instructions: 197COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054CEB0 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0055CD20 Relevance: .2, Instructions: 188COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054E600 Relevance: .2, Instructions: 181COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054A4B6 Relevance: .2, Instructions: 157COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00551B17 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005401A0 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00539270 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054E82F Relevance: .1, Instructions: 125COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00563D8C Relevance: .1, Instructions: 117COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00562AA4 Relevance: .1, Instructions: 109COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054A690 Relevance: .1, Instructions: 102COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053F373 Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053F0DB Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052F9D0 Relevance: .1, Instructions: 85COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054DC10 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0055AF60 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054F630 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0052DB90 Relevance: .0, Instructions: 49COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0056432E Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053C5CE Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0056521C Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00538160 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0055FCD0 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054DE26 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054057E Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0054ED8E Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005646B7 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0053CE07 Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005083AE Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 19libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050BD42 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00516DCC Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005060CB Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 116threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005105CC Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00515576 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 338fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00506CE1 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00514EA4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00508791 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 59COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050CAD7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005182F5 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050FE04 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0051928B Relevance: 6.1, APIs: 4, Instructions: 74COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005165B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 132fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050C0E7 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00515BF2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104fileCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00515B09 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82fileCOMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00503FEA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00509143 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005099C2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 005024EA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 35COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0050243C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00506B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20threadCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 15.5% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 11.8% |
Total number of Nodes: | 415 |
Total number of Limit Nodes: | 35 |
Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00428D80 Relevance: 21.4, Strings: 17, Instructions: 182COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004168B0 Relevance: 1.7, APIs: 1, Instructions: 162COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438D50 Relevance: 1.5, APIs: 1, Instructions: 12libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437190 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 98memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A6C0 Relevance: 11.3, APIs: 1, Strings: 5, Instructions: 846libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004298C4 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 87memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409662 Relevance: 3.0, APIs: 2, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040967F Relevance: 3.0, APIs: 2, Instructions: 10COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409657 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438C60 Relevance: 1.6, APIs: 1, Instructions: 81memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437176 Relevance: 1.5, APIs: 1, Instructions: 8memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004095F6 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004095CD Relevance: 1.5, APIs: 1, Instructions: 6COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004095BF Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D8C0 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 132clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|