Edit tour
Windows
Analysis Report
SET_UP.exe
Overview
General Information
| Sample name: | SET_UP.exe |
| Analysis ID: | 1581468 |
| MD5: | cd56e21dfe1460fc3efa75a47c94636a |
| SHA1: | 2f3681813a203c1cd397411840d7837478328bbe |
| SHA256: | b3fdf6d793ada45f64429549b3601405f6ce1c67819b23add27d53b2e50aa324 |
| Tags: | exeuser-aachum |
| Infos: |  |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Found many strings related to Crypto-Wallets (likely being stolen)
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check if the current machine is a sandbox (GetTickCount - Sleep)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match
Classification
- System is w10x64
SET_UP.exe (PID: 6428 cmdline: "C:\Users\ user\Deskt op\SET_UP. exe" MD5: CD56E21DFE1460FC3EFA75A47C94636A)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["appliacnesot.buzz", "inherineau.buzz", "hummskitnj.buzz", "cashfuzysao.buzz", "scentniej.buzz", "prisonyfork.buzz", "gripfizz.click", "screwamusresz.buzz", "rebuildeso.buzz"], "Build id": "hRjzG3--ELVIRA"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 4 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:12.035929+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:14.220403+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:16.404331+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49732 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:18.742370+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49733 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:21.531115+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49735 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:24.604708+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49737 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:27.228932+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49740 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:29.366244+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49742 | 172.67.152.152 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:12.904109+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:15.007029+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:34:02.407142+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 172.67.152.152 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:12.904109+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:15.007029+0100 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:25.706874+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.4 | 49737 | 172.67.152.152 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_000FC3A9 | |
| Source: | Code function: | 0_2_0007D7A0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | Code function: | 0_2_0009B8D0 | |
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
System Summary | |
|---|
| Source: | Matched rule: | ||
| Source: | Code function: | 0_2_000781F0 | |
| Source: | Code function: | 0_2_00078410 | |
| Source: | Code function: | 0_2_00078060 | |
| Source: | Code function: | 0_2_00078150 | |
| Source: | Code function: | 0_2_000CA160 | |
| Source: | Code function: | 0_2_0010234F | |
| Source: | Code function: | 0_2_0008C3F0 | |
| Source: | Code function: | 0_2_0010246F | |
| Source: | Code function: | 0_2_000FE5CE | |
| Source: | Code function: | 0_2_0008C5D0 | |
| Source: | Code function: | 0_2_000D4640 | |
| Source: | Code function: | 0_2_000C86F0 | |
| Source: | Code function: | 0_2_0008C7F0 | |
| Source: | Code function: | 0_2_0007E800 | |
| Source: | Code function: | 0_2_000FAA09 | |
| Source: | Code function: | 0_2_000A8A40 | |
| Source: | Code function: | 0_2_0008CAB0 | |
| Source: | Code function: | 0_2_000A0AF0 | |
| Source: | Code function: | 0_2_00076B0C | |
| Source: | Code function: | 0_2_00104B60 | |
| Source: | Code function: | 0_2_00076C20 | |
| Source: | Code function: | 0_2_0008CF30 | |
| Source: | Code function: | 0_2_00076FF6 | |
| Source: | Code function: | 0_2_000950C0 | |
| Source: | Code function: | 0_2_000F1160 | |
| Source: | Code function: | 0_2_00089280 | |
| Source: | Code function: | 0_2_00077290 | |
| Source: | Code function: | 0_2_000773D0 | |
| Source: | Code function: | 0_2_00077410 | |
| Source: | Code function: | 0_2_000E3450 | |
| Source: | Code function: | 0_2_000F9547 | |
| Source: | Code function: | 0_2_000995A0 | |
| Source: | Code function: | 0_2_000B5660 | |
| Source: | Code function: | 0_2_000ED83F | |
| Source: | Code function: | 0_2_00077880 | |
| Source: | Code function: | 0_2_00077900 | |
| Source: | Code function: | 0_2_00077920 | |
| Source: | Code function: | 0_2_000779D0 | |
| Source: | Code function: | 0_2_000EDA71 | |
| Source: | Code function: | 0_2_00077B00 | |
| Source: | Code function: | 0_2_00077B80 | |
| Source: | Code function: | 0_2_000A7C00 | |
| Source: | Code function: | 0_2_000C3C30 | |
| Source: | Code function: | 0_2_00077C90 | |
| Source: | Code function: | 0_2_000CDD80 | |
| Source: | Code function: | 0_2_00077DB0 | |
| Source: | Code function: | 0_2_000FFF29 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_0007C950 | |
| Source: | Code function: | 0_2_000DE190 | |
| Source: | Code function: | 0_2_000D87D0 | |
| Source: | Code function: | 0_2_000B8920 | |
| Source: | Command line argument: | 0_2_000D7F20 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_000980F0 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F16E | |
| Source: | Code function: | 0_3_0377F16E | |
| Source: | Code function: | 0_3_0377F16E | |
| Source: | Code function: | 0_3_0377F16E | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03780196 | |
| Source: | Code function: | 0_3_03781918 | |
| Source: | Code function: | 0_3_03781918 | |
| Source: | Code function: | 0_3_03781918 | |
| Source: | Code function: | 0_3_03781918 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377E900 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Code function: | 0_3_0377F908 | |
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Code function: | 0_2_0008DE50 | |
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Code function: | 0_2_0008DE50 | |
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_000FC3A9 | |
| Source: | Code function: | 0_2_0007D7A0 | |
| Source: | Code function: | 0_2_000E5701 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_2_000EB983 | |
| Source: | Code function: | 0_2_00097730 | |
| Source: | Code function: | 0_2_000980F0 | |
| Source: | Code function: | 0_2_000FC138 | |
| Source: | Code function: | 0_2_000F289E | |
| Source: | Code function: | 0_2_000E5E3F | |
| Source: | Code function: | 0_2_00074130 | |
| Source: | Code function: | 0_2_000E75A7 | |
| Source: | Code function: | 0_2_000EB983 | |
| Source: | Code function: | 0_2_000E7C40 | |
| Source: | Code function: | 0_2_000E7DD4 | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_000E7E41 | |
| Source: | Code function: | 0_2_000F871B | |
| Source: | Code function: | 0_2_000FEB1D | |
| Source: | Code function: | 0_2_0007AB80 | |
| Source: | Code function: | 0_2_000F8BC1 | |
| Source: | Code function: | 0_2_000FEDBF | |
| Source: | Code function: | 0_2_000FEE0A | |
| Source: | Code function: | 0_2_000FEEA5 | |
| Source: | Code function: | 0_2_000FEF30 | |
| Source: | Code function: | 0_2_000FF183 | |
| Source: | Code function: | 0_2_000FF2A9 | |
| Source: | Code function: | 0_2_000FF3AF | |
| Source: | Code function: | 0_2_000FF47E | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_000E80E7 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 3 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 11 Deobfuscate/Decode Files or Information | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 41 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | Logon Script (Windows) | 2 Obfuscated Files or Information | Security Account Manager | 351 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | 1 PowerShell | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 113 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 11 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 44 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| gripfizz.click | 172.67.152.152 | true | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.67.152.152 | gripfizz.click | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1581468 |
| Start date and time: | 2024-12-27 20:32:10 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 49s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | SET_UP.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/0@1/1 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63, 20.109.210.53
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- VT rate limit hit for: SET_UP.exe
| Time | Type | Description |
|---|---|---|
| 14:33:12 | API Interceptor |
⊘No context
⊘No context
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Amadey, LummaC Stealer, Stealc | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 0.5708598206365602 |
| TrID: |
|
| File name: | SET_UP.exe |
| File size: | 74'900'688 bytes |
| MD5: | cd56e21dfe1460fc3efa75a47c94636a |
| SHA1: | 2f3681813a203c1cd397411840d7837478328bbe |
| SHA256: | b3fdf6d793ada45f64429549b3601405f6ce1c67819b23add27d53b2e50aa324 |
| SHA512: | bb39a124ee1b8272f98aefba307caf0d6198d1b7463e421f5bfb0a0e7df5dca3fa01885ae36585a9785805a77a96b88b1a10164e0c1e8fd9762335f1c4e36878 |
| SSDEEP: | 49152:6w0qxRbo2IFUV+o3bQi0xjod/11XZovmN/:t0qxRbol7c1Joa/ |
| TLSH: | 4DF7F524A6B246A5DBF2057BD906EBDDC83CAE11332101EF21DD369E5532DDC4272A2F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C...............................U.......U.......U...[.......................&...............{...................Rich........... |
 | |
| Icon Hash: | 2b698e8c88c8690f |
| Entrypoint: | 0x477b03 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x61826F9C [Wed Nov 3 11:16:44 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | ff15200f411a3d1cc3567c598135aebe |
| Signature Valid: | false |
| Signature Issuer: | CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
| Signature Validation Error: | The digital signature of the object did not verify |
| Error Number: | -2146869232 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 4068B1B0494EFA79F5A751DCCA8111CD |
| Thumbprint SHA-1: | 914A09C2E02C696AF394048BCB8D95449BCD5B9E |
| Thumbprint SHA-256: | 4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13 |
| Serial: | 33000003DFFB6AE3F427ECB6A30000000003DF |
| Instruction |
|---|
| call 00007F6A28CA4F71h |
| jmp 00007F6A28CA47BFh |
| int3 |
| int3 |
| int3 |
| push ecx |
| lea ecx, dword ptr [esp+08h] |
| sub ecx, eax |
| and ecx, 0Fh |
| add eax, ecx |
| sbb ecx, ecx |
| or eax, ecx |
| pop ecx |
| jmp 00007F6A28CA505Fh |
| push ecx |
| lea ecx, dword ptr [esp+08h] |
| sub ecx, eax |
| and ecx, 07h |
| add eax, ecx |
| sbb ecx, ecx |
| or eax, ecx |
| pop ecx |
| jmp 00007F6A28CA5049h |
| mov ecx, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], ecx |
| pop ecx |
| pop edi |
| pop edi |
| pop esi |
| pop ebx |
| mov esp, ebp |
| pop ebp |
| push ecx |
| ret |
| mov ecx, dword ptr [ebp-10h] |
| xor ecx, ebp |
| call 00007F6A28CA3EBBh |
| jmp 00007F6A28CA4922h |
| push eax |
| push dword ptr fs:[00000000h] |
| lea eax, dword ptr [esp+0Ch] |
| sub esp, dword ptr [esp+0Ch] |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [eax], ebp |
| mov ebp, eax |
| mov eax, dword ptr [004D9064h] |
| xor eax, ebp |
| push eax |
| push dword ptr [ebp-04h] |
| mov dword ptr [ebp-04h], FFFFFFFFh |
| lea eax, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], eax |
| ret |
| push eax |
| push dword ptr fs:[00000000h] |
| lea eax, dword ptr [esp+0Ch] |
| sub esp, dword ptr [esp+0Ch] |
| push ebx |
| push esi |
| push edi |
| mov dword ptr [eax], ebp |
| mov ebp, eax |
| mov eax, dword ptr [004D9064h] |
| xor eax, ebp |
| push eax |
| mov dword ptr [ebp-10h], eax |
| push dword ptr [ebp-04h] |
| mov dword ptr [ebp-04h], FFFFFFFFh |
| lea eax, dword ptr [ebp-0Ch] |
| mov dword ptr fs:[00000000h], eax |
| ret |
| push eax |
| inc dword ptr fs:[eax] |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xd6878 | 0x12c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xdc000 | 0x9c6e0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x476c300 | 0x21d0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x179000 | 0x9c7c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc0fd0 | 0x70 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0xc1040 | 0x18 | .rdata |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xadc88 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xac000 | 0x574 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0xd631c | 0x80 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xaa3df | 0xaa400 | 7e3132d5068a2c0e7b727a6ce4852509 | False | 0.47093830304698975 | data | 6.532184128439665 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0xac000 | 0x2c712 | 0x2c800 | 413120a321a93002b690382b6678c348 | False | 0.38426088483146065 | data | 4.819529476300543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xd9000 | 0x28d4 | 0x1400 | 539978dea584470dc14383a383e4c7bf | False | 0.2162109375 | data | 2.8291551241034414 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xdc000 | 0x9c6e0 | 0x9c800 | c1525626ec0cf32b5bd014c356891ca0 | False | 0.06745613268769968 | data | 4.536629360352571 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x179000 | 0xa6e00 | 0xa6e00 | b81ac58272b5554af04886f592662de4 | False | 0.640780079588015 | data | 7.58271858098033 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| TYPELIB | 0xdddc0 | 0x1910 | data | 0.41973192019950123 | ||
| TYPELIB | 0xdf6d0 | 0x1910 | data | German | Germany | 0.41973192019950123 |
| TYPELIB | 0xe0fe0 | 0x1910 | data | English | United States | 0.41973192019950123 |
| TYPELIB | 0xe28f0 | 0x1910 | data | French | France | 0.41973192019950123 |
| TYPELIB | 0xe4200 | 0x1910 | data | Italian | Italy | 0.41973192019950123 |
| TYPELIB | 0xe5b10 | 0x1910 | data | Dutch | Netherlands | 0.41973192019950123 |
| TYPELIB | 0xe7420 | 0x1910 | data | Portuguese | Portugal | 0.41973192019950123 |
| TYPELIB | 0xe8d30 | 0x1910 | data | 0.41973192019950123 | ||
| RT_ICON | 0xea640 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.20376712328767124 | ||
| RT_ICON | 0xee868 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | German | Germany | 0.20376712328767124 |
| RT_ICON | 0xf2a90 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.20376712328767124 |
| RT_ICON | 0xf6cb8 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | French | France | 0.20376712328767124 |
| RT_ICON | 0xfaee0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Italian | Italy | 0.20376712328767124 |
| RT_ICON | 0xff108 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Dutch | Netherlands | 0.20376712328767124 |
| RT_ICON | 0x103330 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | Portuguese | Portugal | 0.20376712328767124 |
| RT_ICON | 0x107558 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.20376712328767124 | ||
| RT_ICON | 0x10b780 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.25404564315352696 | ||
| RT_ICON | 0x10dd28 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | German | Germany | 0.25404564315352696 |
| RT_ICON | 0x1102d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.25404564315352696 |
| RT_ICON | 0x112878 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | French | France | 0.25404564315352696 |
| RT_ICON | 0x114e20 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Italian | Italy | 0.25404564315352696 |
| RT_ICON | 0x1173c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Dutch | Netherlands | 0.25404564315352696 |
| RT_ICON | 0x119970 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Portuguese | Portugal | 0.25404564315352696 |
| RT_ICON | 0x11bf18 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.25404564315352696 | ||
| RT_ICON | 0x11e4c0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.2905722326454034 | ||
| RT_ICON | 0x11f568 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | German | Germany | 0.2905722326454034 |
| RT_ICON | 0x120610 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.2905722326454034 |
| RT_ICON | 0x1216b8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | French | France | 0.2905722326454034 |
| RT_ICON | 0x122760 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Italian | Italy | 0.2905722326454034 |
| RT_ICON | 0x123808 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Dutch | Netherlands | 0.2905722326454034 |
| RT_ICON | 0x1248b0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Portuguese | Portugal | 0.2905722326454034 |
| RT_ICON | 0x125958 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.2905722326454034 | ||
| RT_ICON | 0x126a00 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.3360655737704918 | ||
| RT_ICON | 0x127388 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | German | Germany | 0.3360655737704918 |
| RT_ICON | 0x127d10 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.3360655737704918 |
| RT_ICON | 0x128698 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | French | France | 0.3360655737704918 |
| RT_ICON | 0x129020 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Italian | Italy | 0.3360655737704918 |
| RT_ICON | 0x1299a8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Dutch | Netherlands | 0.3360655737704918 |
| RT_ICON | 0x12a330 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Portuguese | Portugal | 0.3360655737704918 |
| RT_ICON | 0x12acb8 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.3360655737704918 | ||
| RT_ICON | 0x12b640 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5141843971631206 | ||
| RT_ICON | 0x12baa8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | German | Germany | 0.5141843971631206 |
| RT_ICON | 0x12bf10 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.5141843971631206 |
| RT_ICON | 0x12c378 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | French | France | 0.5141843971631206 |
| RT_ICON | 0x12c7e0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Italian | Italy | 0.5141843971631206 |
| RT_ICON | 0x12cc48 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Dutch | Netherlands | 0.5141843971631206 |
| RT_ICON | 0x12d0b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Portuguese | Portugal | 0.5141843971631206 |
| RT_ICON | 0x12d518 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.5141843971631206 | ||
| RT_MENU | 0x12d980 | 0x2a | data | 1.0714285714285714 | ||
| RT_MENU | 0x12d9ac | 0x44 | data | German | Germany | 0.8676470588235294 |
| RT_MENU | 0x12d9f0 | 0x2a | data | English | United States | 1.0714285714285714 |
| RT_MENU | 0x12da1c | 0x34 | data | French | France | 0.9038461538461539 |
| RT_MENU | 0x12da50 | 0x32 | data | Italian | Italy | 0.96 |
| RT_MENU | 0x12da84 | 0x3a | data | Dutch | Netherlands | 0.896551724137931 |
| RT_MENU | 0x12dac0 | 0x30 | data | Portuguese | Portugal | 0.8958333333333334 |
| RT_MENU | 0x12daf0 | 0x32 | data | 0.9 | ||
| RT_MENU | 0x12db24 | 0x4c | data | 0.9210526315789473 | ||
| RT_MENU | 0x12db70 | 0x5a | data | German | Germany | 0.7888888888888889 |
| RT_MENU | 0x12dbcc | 0x4c | data | English | United States | 0.9210526315789473 |
| RT_MENU | 0x12dc18 | 0x78 | data | French | France | 0.7833333333333333 |
| RT_MENU | 0x12dc90 | 0x54 | data | Italian | Italy | 0.8809523809523809 |
| RT_MENU | 0x12dce4 | 0x5e | data | Dutch | Netherlands | 0.8297872340425532 |
| RT_MENU | 0x12dd44 | 0x60 | data | Portuguese | Portugal | 0.7916666666666666 |
| RT_MENU | 0x12dda4 | 0x54 | data | 0.8452380952380952 | ||
| RT_DIALOG | 0x12ddf8 | 0xd0 | data | 0.7163461538461539 | ||
| RT_DIALOG | 0x12dec8 | 0xea | data | German | Germany | 0.6666666666666666 |
| RT_DIALOG | 0x12dfb4 | 0xd0 | data | English | United States | 0.7211538461538461 |
| RT_DIALOG | 0x12e084 | 0xf6 | data | French | France | 0.6829268292682927 |
| RT_DIALOG | 0x12e17c | 0xe0 | data | Italian | Italy | 0.6830357142857143 |
| RT_DIALOG | 0x12e25c | 0xd8 | data | Dutch | Netherlands | 0.6898148148148148 |
| RT_DIALOG | 0x12e334 | 0xec | data | Portuguese | Portugal | 0.6991525423728814 |
| RT_DIALOG | 0x12e420 | 0xe8 | data | 0.6939655172413793 | ||
| RT_DIALOG | 0x12e508 | 0x3b4 | data | 0.4282700421940928 | ||
| RT_DIALOG | 0x12e8bc | 0x3b4 | data | German | Germany | 0.4282700421940928 |
| RT_DIALOG | 0x12ec70 | 0x3b4 | data | English | United States | 0.4282700421940928 |
| RT_DIALOG | 0x12f024 | 0x3b4 | data | French | France | 0.4282700421940928 |
| RT_DIALOG | 0x12f3d8 | 0x3b4 | data | Italian | Italy | 0.4282700421940928 |
| RT_DIALOG | 0x12f78c | 0x3b4 | data | Dutch | Netherlands | 0.4282700421940928 |
| RT_DIALOG | 0x12fb40 | 0x3b4 | data | Portuguese | Portugal | 0.4282700421940928 |
| RT_DIALOG | 0x12fef4 | 0x3b4 | data | 0.4282700421940928 | ||
| RT_DIALOG | 0x1302a8 | 0x19a | data | 0.5658536585365853 | ||
| RT_DIALOG | 0x130444 | 0x1ac | data | German | Germany | 0.5607476635514018 |
| RT_DIALOG | 0x1305f0 | 0x19a | data | English | United States | 0.5658536585365853 |
| RT_DIALOG | 0x13078c | 0x1a4 | data | French | France | 0.5571428571428572 |
| RT_DIALOG | 0x130930 | 0x19a | data | Italian | Italy | 0.5658536585365853 |
| RT_DIALOG | 0x130acc | 0x19a | data | Dutch | Netherlands | 0.5658536585365853 |
| RT_DIALOG | 0x130c68 | 0x19a | data | Portuguese | Portugal | 0.573170731707317 |
| RT_DIALOG | 0x130e04 | 0x19e | data | 0.5603864734299517 | ||
| RT_DIALOG | 0x130fa4 | 0xf6 | data | 0.6747967479674797 | ||
| RT_DIALOG | 0x13109c | 0x100 | data | German | Germany | 0.66796875 |
| RT_DIALOG | 0x13119c | 0xf6 | data | English | United States | 0.6747967479674797 |
| RT_DIALOG | 0x131294 | 0x114 | data | French | France | 0.6413043478260869 |
| RT_DIALOG | 0x1313a8 | 0x10e | data | Italian | Italy | 0.6592592592592592 |
| RT_DIALOG | 0x1314b8 | 0x10e | data | Dutch | Netherlands | 0.6592592592592592 |
| RT_DIALOG | 0x1315c8 | 0x108 | data | Portuguese | Portugal | 0.6515151515151515 |
| RT_DIALOG | 0x1316d0 | 0x10a | data | 0.650375939849624 | ||
| RT_DIALOG | 0x1317dc | 0x1b4 | data | 0.5527522935779816 | ||
| RT_DIALOG | 0x131990 | 0x1dc | data | German | Germany | 0.5357142857142857 |
| RT_DIALOG | 0x131b6c | 0x1b4 | data | English | United States | 0.5527522935779816 |
| RT_DIALOG | 0x131d20 | 0x208 | data | French | France | 0.5346153846153846 |
| RT_DIALOG | 0x131f28 | 0x1cc | data | Italian | Italy | 0.5347826086956522 |
| RT_DIALOG | 0x1320f4 | 0x1c8 | data | Dutch | Netherlands | 0.5570175438596491 |
| RT_DIALOG | 0x1322bc | 0x1e4 | data | Portuguese | Portugal | 0.5495867768595041 |
| RT_DIALOG | 0x1324a0 | 0x1e0 | data | 0.5375 | ||
| RT_DIALOG | 0x132680 | 0x1a4 | data | 0.6071428571428571 | ||
| RT_DIALOG | 0x132824 | 0x1a4 | data | German | Germany | 0.6023809523809524 |
| RT_DIALOG | 0x1329c8 | 0x1a4 | data | English | United States | 0.6071428571428571 |
| RT_DIALOG | 0x132b6c | 0x1c8 | data | French | France | 0.5855263157894737 |
| RT_DIALOG | 0x132d34 | 0x1c2 | data | Italian | Italy | 0.5866666666666667 |
| RT_DIALOG | 0x132ef8 | 0x1a0 | data | Dutch | Netherlands | 0.6033653846153846 |
| RT_DIALOG | 0x133098 | 0x1bc | data | Portuguese | Portugal | 0.6058558558558559 |
| RT_DIALOG | 0x133254 | 0x1dc | data | 0.5672268907563025 | ||
| RT_DIALOG | 0x133430 | 0xbc | data | 0.6595744680851063 | ||
| RT_DIALOG | 0x1334ec | 0xbc | data | German | Germany | 0.6595744680851063 |
| RT_DIALOG | 0x1335a8 | 0xbc | data | English | United States | 0.6648936170212766 |
| RT_DIALOG | 0x133664 | 0xbc | data | French | France | 0.6595744680851063 |
| RT_DIALOG | 0x133720 | 0xbc | data | Italian | Italy | 0.6595744680851063 |
| RT_DIALOG | 0x1337dc | 0xbc | data | Dutch | Netherlands | 0.6595744680851063 |
| RT_DIALOG | 0x133898 | 0xbc | data | Portuguese | Portugal | 0.6595744680851063 |
| RT_DIALOG | 0x133954 | 0xbc | data | 0.6595744680851063 | ||
| RT_DIALOG | 0x133a10 | 0x6c | data | 0.7407407407407407 | ||
| RT_DIALOG | 0x133a7c | 0x6c | data | German | Germany | 0.7592592592592593 |
| RT_DIALOG | 0x133ae8 | 0x6c | data | English | United States | 0.7407407407407407 |
| RT_DIALOG | 0x133b54 | 0x70 | data | French | France | 0.75 |
| RT_DIALOG | 0x133bc4 | 0x6e | data | Italian | Italy | 0.7454545454545455 |
| RT_DIALOG | 0x133c34 | 0x70 | data | Dutch | Netherlands | 0.75 |
| RT_DIALOG | 0x133ca4 | 0x70 | data | Portuguese | Portugal | 0.7589285714285714 |
| RT_DIALOG | 0x133d14 | 0x70 | data | 0.7589285714285714 | ||
| RT_DIALOG | 0x133d84 | 0xa0 | data | 0.725 | ||
| RT_DIALOG | 0x133e24 | 0xa0 | data | German | Germany | 0.725 |
| RT_DIALOG | 0x133ec4 | 0x7c | data | English | United States | 0.75 |
| RT_DIALOG | 0x133f40 | 0xa0 | data | French | France | 0.725 |
| RT_DIALOG | 0x133fe0 | 0xa0 | data | Italian | Italy | 0.725 |
| RT_DIALOG | 0x134080 | 0xa0 | data | Dutch | Netherlands | 0.725 |
| RT_DIALOG | 0x134120 | 0xa0 | data | Portuguese | Portugal | 0.725 |
| RT_DIALOG | 0x1341c0 | 0xa0 | data | 0.725 | ||
| RT_STRING | 0x134260 | 0x300 | data | 0.4036458333333333 | ||
| RT_STRING | 0x134560 | 0x3ba | data | German | Germany | 0.38155136268343814 |
| RT_STRING | 0x13491c | 0x300 | data | English | United States | 0.4036458333333333 |
| RT_STRING | 0x134c1c | 0x408 | data | French | France | 0.35852713178294576 |
| RT_STRING | 0x135024 | 0x3ac | data | Italian | Italy | 0.33404255319148934 |
| RT_STRING | 0x1353d0 | 0x32a | data | Dutch | Netherlands | 0.391358024691358 |
| RT_STRING | 0x1356fc | 0x3dc | data | Portuguese | Portugal | 0.3765182186234818 |
| RT_STRING | 0x135ad8 | 0x362 | data | 0.37528868360277134 | ||
| RT_STRING | 0x135e3c | 0x186 | data | 0.5025641025641026 | ||
| RT_STRING | 0x135fc4 | 0x208 | data | German | Germany | 0.46153846153846156 |
| RT_STRING | 0x1361cc | 0x186 | data | English | United States | 0.5025641025641026 |
| RT_STRING | 0x136354 | 0x22c | data | French | France | 0.4244604316546763 |
| RT_STRING | 0x136580 | 0x206 | data | Italian | Italy | 0.4498069498069498 |
| RT_STRING | 0x136788 | 0x1a8 | data | Dutch | Netherlands | 0.5 |
| RT_STRING | 0x136930 | 0x216 | data | Portuguese | Portugal | 0.45880149812734083 |
| RT_STRING | 0x136b48 | 0x1f0 | data | 0.4657258064516129 | ||
| RT_STRING | 0x136d38 | 0x1a0 | data | 0.5144230769230769 | ||
| RT_STRING | 0x136ed8 | 0x1be | data | German | Germany | 0.5291479820627802 |
| RT_STRING | 0x137098 | 0x1a0 | data | English | United States | 0.5144230769230769 |
| RT_STRING | 0x137238 | 0x206 | data | French | France | 0.49613899613899615 |
| RT_STRING | 0x137440 | 0x1d4 | data | Italian | Italy | 0.5 |
| RT_STRING | 0x137614 | 0x1b6 | data | Dutch | Netherlands | 0.5182648401826484 |
| RT_STRING | 0x1377cc | 0x1d8 | data | Portuguese | Portugal | 0.5233050847457628 |
| RT_STRING | 0x1379a4 | 0x1e8 | data | 0.5061475409836066 | ||
| RT_STRING | 0x137b8c | 0x23c | data | 0.458041958041958 | ||
| RT_STRING | 0x137dc8 | 0x2fc | data | German | Germany | 0.38219895287958117 |
| RT_STRING | 0x1380c4 | 0x23c | data | English | United States | 0.458041958041958 |
| RT_STRING | 0x138300 | 0x2fc | data | French | France | 0.3992146596858639 |
| RT_STRING | 0x1385fc | 0x2e8 | data | Italian | Italy | 0.3897849462365591 |
| RT_STRING | 0x1388e4 | 0x276 | data | Dutch | Netherlands | 0.43174603174603177 |
| RT_STRING | 0x138b5c | 0x2cc | data | Portuguese | Portugal | 0.42877094972067037 |
| RT_STRING | 0x138e28 | 0x2f8 | data | 0.3973684210526316 | ||
| RT_STRING | 0x139120 | 0x3d2 | data | 0.36912065439672803 | ||
| RT_STRING | 0x1394f4 | 0x440 | data | German | Germany | 0.37224264705882354 |
| RT_STRING | 0x139934 | 0x3d2 | data | English | United States | 0.36912065439672803 |
| RT_STRING | 0x139d08 | 0x4c2 | data | French | France | 0.33251231527093594 |
| RT_STRING | 0x13a1cc | 0x4a8 | data | Italian | Italy | 0.3288590604026846 |
| RT_STRING | 0x13a674 | 0x468 | data | Dutch | Netherlands | 0.35638297872340424 |
| RT_STRING | 0x13aadc | 0x4da | data | Portuguese | Portugal | 0.3365539452495974 |
| RT_STRING | 0x13afb8 | 0x4fa | data | 0.33124018838304553 | ||
| RT_STRING | 0x13b4b4 | 0x350 | data | 0.4339622641509434 | ||
| RT_STRING | 0x13b804 | 0x3f0 | data | German | Germany | 0.4107142857142857 |
| RT_STRING | 0x13bbf4 | 0x350 | data | English | United States | 0.4339622641509434 |
| RT_STRING | 0x13bf44 | 0x48e | data | French | France | 0.3704974271012007 |
| RT_STRING | 0x13c3d4 | 0x412 | data | Italian | Italy | 0.4040307101727447 |
| RT_STRING | 0x13c7e8 | 0x408 | data | Dutch | Netherlands | 0.3875968992248062 |
| RT_STRING | 0x13cbf0 | 0x470 | data | Portuguese | Portugal | 0.38380281690140844 |
| RT_STRING | 0x13d060 | 0x42a | data | 0.3818011257035647 | ||
| RT_STRING | 0x13d48c | 0x55e | data | 0.41120815138282385 | ||
| RT_STRING | 0x13d9ec | 0x640 | data | German | Germany | 0.40625 |
| RT_STRING | 0x13e02c | 0x55e | data | English | United States | 0.41120815138282385 |
| RT_STRING | 0x13e58c | 0x6ce | data | French | France | 0.3719862227324914 |
| RT_STRING | 0x13ec5c | 0x614 | data | Italian | Italy | 0.39524421593830333 |
| RT_STRING | 0x13f270 | 0x5c0 | data | Dutch | Netherlands | 0.40625 |
| RT_STRING | 0x13f830 | 0x61c | data | Portuguese | Portugal | 0.4117647058823529 |
| RT_STRING | 0x13fe4c | 0x69a | data | 0.38402366863905324 | ||
| RT_STRING | 0x1404e8 | 0x660 | data | 0.2922794117647059 | ||
| RT_STRING | 0x140b48 | 0x720 | data | German | Germany | 0.3031798245614035 |
| RT_STRING | 0x141268 | 0x660 | data | English | United States | 0.2922794117647059 |
| RT_STRING | 0x1418c8 | 0x758 | data | French | France | 0.29148936170212764 |
| RT_STRING | 0x142020 | 0x660 | data | Italian | Italy | 0.2922794117647059 |
| RT_STRING | 0x142680 | 0x6b0 | data | Dutch | Netherlands | 0.29906542056074764 |
| RT_STRING | 0x142d30 | 0x662 | data | Portuguese | Portugal | 0.29253365973072215 |
| RT_STRING | 0x143394 | 0x73e | data | 0.28047464940668826 | ||
| RT_STRING | 0x143ad4 | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | 0.5214723926380368 | ||
| RT_STRING | 0x143c1c | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | German | Germany | 0.5214723926380368 |
| RT_STRING | 0x143d64 | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | English | United States | 0.5214723926380368 |
| RT_STRING | 0x143eac | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | French | France | 0.5214723926380368 |
| RT_STRING | 0x143ff4 | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | Italian | Italy | 0.5214723926380368 |
| RT_STRING | 0x14413c | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | Dutch | Netherlands | 0.5214723926380368 |
| RT_STRING | 0x144284 | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | Portuguese | Portugal | 0.5214723926380368 |
| RT_STRING | 0x1443cc | 0x146 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | 0.5214723926380368 | ||
| RT_RCDATA | 0x144514 | 0x3 | ASCII text, with no line terminators | 3.6666666666666665 | ||
| RT_RCDATA | 0x144518 | 0x3 | ASCII text, with no line terminators | German | Germany | 3.6666666666666665 |
| RT_RCDATA | 0x14451c | 0x3 | ASCII text, with no line terminators | English | United States | 3.6666666666666665 |
| RT_RCDATA | 0x144520 | 0x3 | ASCII text, with no line terminators | French | France | 3.6666666666666665 |
| RT_RCDATA | 0x144524 | 0x3 | ASCII text, with no line terminators | Italian | Italy | 3.6666666666666665 |
| RT_RCDATA | 0x144528 | 0x3 | ASCII text, with no line terminators | Dutch | Netherlands | 3.6666666666666665 |
| RT_RCDATA | 0x14452c | 0x3 | ASCII text, with no line terminators | Portuguese | Portugal | 3.6666666666666665 |
| RT_RCDATA | 0x144530 | 0x3 | ASCII text, with no line terminators | 3.6666666666666665 | ||
| RT_RCDATA | 0x144534 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.31384732437230534 | ||
| RT_RCDATA | 0x146404 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | German | Germany | 0.31384732437230534 |
| RT_RCDATA | 0x1482d4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | English | United States | 0.31384732437230534 |
| RT_RCDATA | 0x14a1a4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | French | France | 0.31384732437230534 |
| RT_RCDATA | 0x14c074 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Italian | Italy | 0.31384732437230534 |
| RT_RCDATA | 0x14df44 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Dutch | Netherlands | 0.31384732437230534 |
| RT_RCDATA | 0x14fe14 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Portuguese | Portugal | 0.31384732437230534 |
| RT_RCDATA | 0x151ce4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.31384732437230534 | ||
| RT_RCDATA | 0x153bb4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.29736241440527517 | ||
| RT_RCDATA | 0x155a84 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | German | Germany | 0.29736241440527517 |
| RT_RCDATA | 0x157954 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | English | United States | 0.29736241440527517 |
| RT_RCDATA | 0x159824 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | French | France | 0.29736241440527517 |
| RT_RCDATA | 0x15b6f4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Italian | Italy | 0.29736241440527517 |
| RT_RCDATA | 0x15d5c4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Dutch | Netherlands | 0.29736241440527517 |
| RT_RCDATA | 0x15f494 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Portuguese | Portugal | 0.29736241440527517 |
| RT_RCDATA | 0x161364 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.29736241440527517 | ||
| RT_RCDATA | 0x163234 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.35011412629977173 | ||
| RT_RCDATA | 0x165104 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | German | Germany | 0.35011412629977173 |
| RT_RCDATA | 0x166fd4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | English | United States | 0.35011412629977173 |
| RT_RCDATA | 0x168ea4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | French | France | 0.35011412629977173 |
| RT_RCDATA | 0x16ad74 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Italian | Italy | 0.35011412629977173 |
| RT_RCDATA | 0x16cc44 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Dutch | Netherlands | 0.35011412629977173 |
| RT_RCDATA | 0x16eb14 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | Portuguese | Portugal | 0.35011412629977173 |
| RT_RCDATA | 0x1709e4 | 0x1ece | MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 24x24, 32 bits/pixel | 0.35011412629977173 | ||
| RT_RCDATA | 0x1728b4 | 0x276 | ASCII text, with CRLF line terminators | English | United States | 0.3682539682539683 |
| RT_RCDATA | 0x172b2c | 0x140 | ASCII text | English | United States | 0.553125 |
| RT_RCDATA | 0x172c6c | 0x119 | ASCII text | English | United States | 0.5587188612099644 |
| RT_RCDATA | 0x172d88 | 0x96 | ASCII text | English | United States | 0.6333333333333333 |
| RT_RCDATA | 0x172e20 | 0xbd | ASCII text | English | United States | 0.6402116402116402 |
| RT_GROUP_ICON | 0x172ee0 | 0x4c | data | 0.8026315789473685 | ||
| RT_GROUP_ICON | 0x172f2c | 0x4c | data | German | Germany | 0.8026315789473685 |
| RT_GROUP_ICON | 0x172f78 | 0x4c | data | English | United States | 0.8026315789473685 |
| RT_GROUP_ICON | 0x172fc4 | 0x4c | data | French | France | 0.8026315789473685 |
| RT_GROUP_ICON | 0x173010 | 0x4c | data | Italian | Italy | 0.8026315789473685 |
| RT_GROUP_ICON | 0x17305c | 0x4c | data | Dutch | Netherlands | 0.8026315789473685 |
| RT_GROUP_ICON | 0x1730a8 | 0x4c | data | Portuguese | Portugal | 0.8026315789473685 |
| RT_GROUP_ICON | 0x1730f4 | 0x4c | data | 0.8026315789473685 | ||
| RT_VERSION | 0x173140 | 0x30c | data | 0.4346153846153846 | ||
| RT_VERSION | 0x17344c | 0x30c | data | German | Germany | 0.43974358974358974 |
| RT_VERSION | 0x173758 | 0x30c | data | English | United States | 0.4371794871794872 |
| RT_VERSION | 0x173a64 | 0x30c | data | French | France | 0.4371794871794872 |
| RT_VERSION | 0x173d70 | 0x30c | data | Italian | Italy | 0.43846153846153846 |
| RT_VERSION | 0x17407c | 0x30c | data | Dutch | Netherlands | 0.43974358974358974 |
| RT_VERSION | 0x174388 | 0x30c | data | Portuguese | Portugal | 0.4423076923076923 |
| RT_VERSION | 0x174694 | 0x30c | data | 0.43846153846153846 | ||
| RT_MANIFEST | 0x1749a0 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | 0.4036791006642821 | ||
| RT_MANIFEST | 0x175148 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | German | Germany | 0.4036791006642821 |
| RT_MANIFEST | 0x1758f0 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4036791006642821 |
| RT_MANIFEST | 0x176098 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | French | France | 0.4036791006642821 |
| RT_MANIFEST | 0x176840 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | Italian | Italy | 0.4036791006642821 |
| RT_MANIFEST | 0x176fe8 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | Dutch | Netherlands | 0.4036791006642821 |
| RT_MANIFEST | 0x177790 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | Portuguese | Portugal | 0.4036791006642821 |
| RT_MANIFEST | 0x177f38 | 0x7a5 | XML 1.0 document, ASCII text, with CRLF line terminators | 0.4036791006642821 |
| DLL | Import |
|---|---|
| VERSION.dll | GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW |
| WININET.dll | HttpSendRequestW, InternetCrackUrlW, InternetCreateUrlW, InternetCloseHandle, InternetSetStatusCallbackW, InternetSetOptionW, InternetOpenW, InternetGetLastResponseInfoW, InternetReadFile, InternetQueryDataAvailable, FtpGetFileSize, InternetQueryOptionW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, InternetErrorDlg, FtpCommandW, FtpOpenFileW |
| msi.dll | |
| CRYPT32.dll | CertNameToStrW, CertFreeCertificateContext |
| MPR.dll | WNetAddConnection2W |
| KERNEL32.dll | GetConsoleOutputCP, GetFileType, GetConsoleMode, SetFilePointerEx, GetFileSizeEx, LCMapStringW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, CopyFileExW, GetLastError, FileTimeToSystemTime, SystemTimeToFileTime, CompareFileTime, DeleteFileW, MoveFileW, CopyFileW, CreateFileW, CloseHandle, HeapDestroy, HeapSize, HeapReAlloc, HeapFree, HeapAlloc, GetProcessHeap, SizeofResource, LockResource, LoadResource, FindResourceW, FindResourceExW, ReadFile, WideCharToMultiByte, FindClose, GetSystemTime, FindFirstFileW, RemoveDirectoryW, FindNextFileW, GetFileSize, CreateDirectoryW, SetFileAttributesW, GetFileTime, WriteFile, SetFilePointer, SetFileTime, LoadLibraryW, GetProcAddress, GetTempPathW, GetTempFileNameW, GetModuleHandleW, GetSystemDirectoryW, LoadLibraryExW, CreateToolhelp32Snapshot, Process32FirstW, OpenProcess, Process32NextW, GetCurrentProcessId, GetCurrentProcess, GetExitCodeProcess, WaitForSingleObject, TerminateProcess, FindFirstFileExW, FreeLibrary, Sleep, RaiseException, LocalFree, GetTickCount, LocalAlloc, GetUserDefaultUILanguage, FileTimeToLocalFileTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, CreateProcessW, MultiByteToWideChar, FormatMessageW, SetLastError, GetEnvironmentVariableW, GetModuleFileNameW, DeleteCriticalSection, InitializeCriticalSectionEx, lstrcmpiW, VerifyVersionInfoW, VerSetConditionMask, lstrlenW, CompareStringW, GetExitCodeThread, TerminateThread, CreateThread, Wow64DisableWow64FsRedirection, Wow64RevertWow64FsRedirection, EnterCriticalSection, InitializeCriticalSection, LeaveCriticalSection, OutputDebugStringW, GetCurrentThreadId, GetLocalTime, FlushFileBuffers, GetStringTypeW, ResetEvent, CreateEventW, SetEvent, GlobalFree, MulDiv, QueryPerformanceFrequency, QueryPerformanceCounter, GetSystemDefaultLangID, GetPrivateProfileStringW, GetPrivateProfileSectionNamesW, WritePrivateProfileStringW, UnmapViewOfFile, ReleaseMutex, CreateFileMappingW, MapViewOfFile, CreateMutexW, OpenFileMappingW, OpenEventW, lstrcpynW, DecodePointer, GetACP, QueryFullProcessImageNameW, IsValidCodePage, VirtualFree, VirtualAlloc, IsProcessorFeaturePresent, FlushInstructionCache, InterlockedPushEntrySList, InterlockedPopEntrySList, InitializeSListHead, EncodePointer, IsDebuggerPresent, LoadLibraryExA, VirtualQuery, GetOEMCP, VirtualProtect, GetSystemInfo, LCMapStringEx, CompareStringEx, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, ReadConsoleW, WriteConsoleW, SetEndOfFile, GetStdHandle, GetModuleHandleExW, ExitProcess, TlsFree, InitializeCriticalSectionAndSpinCount, WaitForSingleObjectEx, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetSystemTimeAsFileTime, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue |
| USER32.dll | GetSubMenu, LoadMenuW, ModifyMenuW, GetMessagePos, SetCursorPos, RemovePropW, SetPropW, GetWindowDC, DrawEdge, GetActiveWindow, LookupIconIdFromDirectoryEx, CreateIconFromResourceEx, DialogBoxParamW, MoveWindow, GetSystemMenu, DrawMenuBar, RegisterWindowMessageW, PostQuitMessage, SetMenuDefaultItem, GetMenuItemID, GetPropW, MonitorFromPoint, GetWindow, ShowWindow, IsWindowVisible, SetForegroundWindow, MessageBoxW, GetDlgCtrlID, FillRect, TrackMouseEvent, DestroyWindow, EndPaint, BeginPaint, SetCursor, RegisterClassExW, TrackPopupMenu, KillTimer, SetTimer, GetDesktopWindow, PostThreadMessageW, EndDialog, GetDlgItem, MonitorFromWindow, GetMonitorInfoW, GetWindowRect, EnableMenuItem, SetFocus, ReleaseCapture, GetCapture, PtInRect, ScreenToClient, GetCursorPos, UpdateWindow, InvalidateRect, CharNextW, OffsetRect, ReleaseDC, IsWindow, SetRectEmpty, GetWindowTextW, GetWindowTextLengthW, CreateWindowExW, SystemParametersInfoW, LoadCursorW, GetClassNameW, GetClientRect, DrawFocusRect, GetFocus, DrawTextW, GetSysColor, IsWindowEnabled, RedrawWindow, MapWindowPoints, DestroyMenu, LockWindowUpdate, CreateDialogParamW, GetMessageW, PostMessageW, GetClassInfoExW, SetWindowPos, UnregisterClassW, CallWindowProcW, DefWindowProcW, SetWindowLongW, GetSystemMetrics, LoadImageW, DispatchMessageW, EnableWindow, SetCapture, TranslateMessage, PeekMessageW, SetWindowTextW, LoadStringW, GetParent, SendMessageW, GetDC, GetWindowLongW, GetWindowThreadProcessId, EnumWindows, GetForegroundWindow |
| GDI32.dll | CreateBitmap, DeleteObject, CreateFontIndirectW, GetObjectW, PatBlt, GetStockObject, SelectObject, SetTextColor, DeleteDC, SetBkMode, GetDeviceCaps, CreatePatternBrush |
| SHELL32.dll | Shell_NotifyIconW, ShellExecuteW, ShellExecuteExW, SHGetMalloc, SHGetPathFromIDListW, SHGetSpecialFolderLocation, SHGetFolderPathW, SHBrowseForFolderW |
| ole32.dll | CoInitializeEx, CoTaskMemAlloc, CoUninitialize, CoCreateInstance, CoTaskMemFree, CoRevokeClassObject, CoRegisterClassObject, CoAddRefServerProcess, CoReleaseServerProcess, CLSIDFromString, CoResumeClassObjects, CoCreateGuid, CoTaskMemRealloc |
| OLEAUT32.dll | RevokeActiveObject, DispGetIDsOfNames, SysAllocString, LoadTypeLib, VarUI4FromStr, SysFreeString, DispInvoke |
| SHLWAPI.dll | PathIsUNCW, PathFileExistsW, PathAppendW |
| COMCTL32.dll | DestroyPropertySheetPage, InitCommonControlsEx, CreatePropertySheetPageW, PropertySheetW |
| UxTheme.dll | IsAppThemed, EnableThemeDialogTexture |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| German | Germany |  |
| English | United States |  |
| French | France |  |
| Italian | Italy |  |
| Dutch | Netherlands |  |
| Portuguese | Portugal |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-12-27T20:33:12.035929+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:12.904109+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:12.904109+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:14.220403+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:15.007029+0100 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:15.007029+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:16.404331+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49732 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:18.742370+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49733 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:21.531115+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49735 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:24.604708+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49737 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:25.706874+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.4 | 49737 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:27.228932+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49740 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:33:29.366244+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49742 | 172.67.152.152 | 443 | TCP |
| 2024-12-27T20:34:02.407142+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49742 | 172.67.152.152 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 20:33:10.774122000 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:10.774152040 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:10.774226904 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:10.777128935 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:10.777137041 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.035756111 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.035928965 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.038999081 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.039005041 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.039211035 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.082880020 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.161958933 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.162020922 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.162045956 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.904126883 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.904200077 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.904278994 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.906214952 CET | 49730 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.906225920 CET | 443 | 49730 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.914891005 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.914951086 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:12.915061951 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.915333033 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:12.915353060 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:14.220263004 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:14.220402956 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:14.222264051 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:14.222275972 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:14.222527981 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:14.224334002 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:14.224386930 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:14.224401951 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007050037 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007088900 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007121086 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007150888 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007180929 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007186890 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.007213116 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.007245064 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.007267952 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.007275105 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.015305042 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.015404940 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.015414000 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.023623943 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.023703098 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.023713112 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036066055 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036103964 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036118031 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.036128044 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036165953 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.036171913 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036181927 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036222935 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.036427975 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.036442995 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.036458969 CET | 49731 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.036463976 CET | 443 | 49731 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.191274881 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.191333055 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:15.191411972 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.191695929 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:15.191720009 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:16.404210091 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:16.404330969 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:16.406131029 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:16.406150103 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:16.406354904 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:16.408025026 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:16.408190012 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:16.408224106 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:16.408282042 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:16.408298016 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:17.356664896 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:17.356743097 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:17.356911898 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:17.357047081 CET | 49732 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:17.357074022 CET | 443 | 49732 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:17.435774088 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:17.435802937 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:17.435877085 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:17.436182022 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:17.436193943 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:18.742284060 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:18.742369890 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:18.745390892 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:18.745399952 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:18.745634079 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:18.747800112 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:18.747800112 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:18.747818947 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:19.593910933 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:19.593977928 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:19.594046116 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:19.594393015 CET | 49733 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:19.594404936 CET | 443 | 49733 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:19.872834921 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:19.872858047 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:19.872989893 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:19.873481989 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:19.873491049 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.530985117 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.531115055 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.532599926 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.532608986 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.532804012 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.533941984 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.534070969 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.534096956 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.534173012 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.534173012 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:21.534182072 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:21.575337887 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:22.475406885 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:22.475485086 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:22.475619078 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:22.516674042 CET | 49735 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:22.516688108 CET | 443 | 49735 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:23.347285032 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:23.347333908 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:23.347428083 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:23.347882986 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:23.347898960 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:24.604552984 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:24.604707956 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:24.606477976 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:24.606488943 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:24.606704950 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:24.607965946 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:24.608114958 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:24.608119965 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:25.706886053 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:25.706975937 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:25.707063913 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:25.707586050 CET | 49737 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:25.707618952 CET | 443 | 49737 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:25.894125938 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:25.894176960 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:25.894258022 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:25.894560099 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:25.894577026 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:27.228733063 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:27.228931904 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:27.233014107 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:27.233038902 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:27.233268976 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:27.240782022 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:27.240876913 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:27.240885019 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:28.019587040 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:28.019670010 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:28.019932985 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:28.020009041 CET | 49740 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:28.020019054 CET | 443 | 49740 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:28.101351023 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:28.101382017 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:28.101452112 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:28.101805925 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:28.101819038 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:29.366009951 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:29.366244078 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:29.367547035 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:29.367562056 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:29.367779016 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:33:29.375834942 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:29.375869989 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Dec 27, 2024 20:33:29.375906944 CET | 443 | 49742 | 172.67.152.152 | 192.168.2.4 |
| Dec 27, 2024 20:34:02.406785011 CET | 49742 | 443 | 192.168.2.4 | 172.67.152.152 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Dec 27, 2024 20:33:10.432375908 CET | 50242 | 53 | 192.168.2.4 | 1.1.1.1 |
| Dec 27, 2024 20:33:10.768784046 CET | 53 | 50242 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 20:33:10.432375908 CET | 192.168.2.4 | 1.1.1.1 | 0x7c29 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Dec 27, 2024 20:33:10.768784046 CET | 1.1.1.1 | 192.168.2.4 | 0x7c29 | No error (0) | 172.67.152.152 | A (IP address) | IN (0x0001) | false | ||
| Dec 27, 2024 20:33:10.768784046 CET | 1.1.1.1 | 192.168.2.4 | 0x7c29 | No error (0) | 104.21.1.240 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49730 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:12 UTC | 261 | OUT | |
| 2024-12-27 19:33:12 UTC | 8 | OUT | |
| 2024-12-27 19:33:12 UTC | 1135 | IN | |
| 2024-12-27 19:33:12 UTC | 7 | IN | |
| 2024-12-27 19:33:12 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49731 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:14 UTC | 262 | OUT | |
| 2024-12-27 19:33:14 UTC | 80 | OUT | |
| 2024-12-27 19:33:15 UTC | 1123 | IN | |
| 2024-12-27 19:33:15 UTC | 246 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN | |
| 2024-12-27 19:33:15 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49732 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:16 UTC | 271 | OUT | |
| 2024-12-27 19:33:16 UTC | 15331 | OUT | |
| 2024-12-27 19:33:16 UTC | 2779 | OUT | |
| 2024-12-27 19:33:17 UTC | 1127 | IN | |
| 2024-12-27 19:33:17 UTC | 20 | IN | |
| 2024-12-27 19:33:17 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49733 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:18 UTC | 276 | OUT | |
| 2024-12-27 19:33:18 UTC | 8767 | OUT | |
| 2024-12-27 19:33:19 UTC | 1125 | IN | |
| 2024-12-27 19:33:19 UTC | 20 | IN | |
| 2024-12-27 19:33:19 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49735 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:21 UTC | 271 | OUT | |
| 2024-12-27 19:33:21 UTC | 15331 | OUT | |
| 2024-12-27 19:33:21 UTC | 5053 | OUT | |
| 2024-12-27 19:33:22 UTC | 1133 | IN | |
| 2024-12-27 19:33:22 UTC | 20 | IN | |
| 2024-12-27 19:33:22 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49737 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:24 UTC | 270 | OUT | |
| 2024-12-27 19:33:24 UTC | 1213 | OUT | |
| 2024-12-27 19:33:25 UTC | 1131 | IN | |
| 2024-12-27 19:33:25 UTC | 20 | IN | |
| 2024-12-27 19:33:25 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49740 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:27 UTC | 278 | OUT | |
| 2024-12-27 19:33:27 UTC | 1097 | OUT | |
| 2024-12-27 19:33:28 UTC | 1124 | IN | |
| 2024-12-27 19:33:28 UTC | 20 | IN | |
| 2024-12-27 19:33:28 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49742 | 172.67.152.152 | 443 | 6428 | C:\Users\user\Desktop\SET_UP.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-12-27 19:33:29 UTC | 263 | OUT | |
| 2024-12-27 19:33:29 UTC | 115 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 14:33:02 |
| Start date: | 27/12/2024 |
| Path: | C:\Users\user\Desktop\SET_UP.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x70000 |
| File size: | 74'900'688 bytes |
| MD5 hash: | CD56E21DFE1460FC3EFA75A47C94636A |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 0.4% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 23.3% |
| Total number of Nodes: | 60 |
| Total number of Limit Nodes: | 3 |
Graph
Function 000773D0 Relevance: 4.2, APIs: 2, Instructions: 1199librarymemoryloaderCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078150 Relevance: 1.6, APIs: 1, Instructions: 313memoryCOMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000781F0 Relevance: 1.4, APIs: 1, Instructions: 100memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078410 Relevance: .1, Instructions: 128COMMON
Download Yara Rule
Control-flow Graph
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D4640 Relevance: 83.6, Strings: 64, Instructions: 3599COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009B8D0 Relevance: 62.1, APIs: 28, Strings: 7, Instructions: 808fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00097730 Relevance: 44.3, APIs: 16, Strings: 9, Instructions: 505fileCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000CA160 Relevance: 26.9, APIs: 9, Strings: 6, Instructions: 690synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000980F0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 292libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FEB1D Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 251COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A0AF0 Relevance: 9.6, APIs: 2, Strings: 3, Instructions: 882processCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C86F0 Relevance: 9.1, Strings: 7, Instructions: 375COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FF2A9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000995A0 Relevance: 6.6, Strings: 5, Instructions: 320COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FEF30 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007D7A0 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008C3F0 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 906memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008C5D0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 760memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F1160 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000950C0 Relevance: 3.1, Strings: 2, Instructions: 614COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007C950 Relevance: 3.1, APIs: 2, Instructions: 97windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007AB80 Relevance: 3.1, APIs: 2, Instructions: 96COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00076FF6 Relevance: 2.0, APIs: 1, Instructions: 534COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008C7F0 Relevance: 1.9, APIs: 1, Instructions: 613memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008CAB0 Relevance: 1.7, APIs: 1, Instructions: 434memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FC3A9 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FF183 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D87D0 Relevance: 1.6, APIs: 1, Instructions: 56comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FF3AF Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000ED83F Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00074130 Relevance: 1.3, APIs: 1, Instructions: 64memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A8A40 Relevance: 1.0, Instructions: 972COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007E800 Relevance: .7, Instructions: 682COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00104B60 Relevance: .7, Instructions: 651COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FAA09 Relevance: .6, Instructions: 636COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FE5CE Relevance: .3, Instructions: 327COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00076B0C Relevance: .3, Instructions: 303COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00077410 Relevance: .3, Instructions: 285COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00076C20 Relevance: .2, Instructions: 225COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008CF30 Relevance: .2, Instructions: 159COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078060 Relevance: .1, Instructions: 105COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0010246F Relevance: .1, Instructions: 104COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0010234F Relevance: .1, Instructions: 81COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FC138 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B2FD0 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 253windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D9460 Relevance: 33.6, APIs: 16, Strings: 3, Instructions: 365memorystringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E2E90 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 349windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BB6D0 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 172windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E10E0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 140windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00088E70 Relevance: 30.0, APIs: 12, Strings: 5, Instructions: 300stringCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D21B0 Relevance: 26.7, APIs: 14, Strings: 1, Instructions: 448threadsynchronizationwindowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BC020 Relevance: 26.6, APIs: 14, Strings: 1, Instructions: 333windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E1280 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 286windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008E500 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 245libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A0330 Relevance: 25.8, APIs: 17, Instructions: 340COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B74C0 Relevance: 25.8, APIs: 17, Instructions: 340COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E18A0 Relevance: 25.8, APIs: 17, Instructions: 340COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DC550 Relevance: 23.2, APIs: 5, Strings: 8, Instructions: 454processsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078980 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 390libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009F890 Relevance: 22.8, APIs: 15, Instructions: 285COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C6460 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 253fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BCC30 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 247fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B6980 Relevance: 21.2, APIs: 14, Instructions: 245COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BC2B0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 193windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A0920 Relevance: 21.2, APIs: 14, Instructions: 170COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E7128 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BF490 Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 373synchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000972D0 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 306filethreadCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C0430 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 263stringsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009C2E0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 168fileCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000FD4FC Relevance: 18.4, APIs: 12, Instructions: 372COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00102CEF Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007B860 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 177libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DAC40 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 153libraryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BA8C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B8AD0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 137windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008A0F0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 84windowCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D17A0 Relevance: 16.7, APIs: 11, Instructions: 247threadsynchronizationwindowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000EA9AA Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008C0D0 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 270libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C7270 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 126fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F51A0 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AE5F0 Relevance: 14.4, APIs: 4, Strings: 4, Instructions: 374fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AD610 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 204filesynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008EFA0 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 182fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007CA70 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 85libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008AFF0 Relevance: 12.6, APIs: 2, Strings: 5, Instructions: 327networkCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DEEE0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 184encryptionCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00072640 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 161fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007E030 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C3170 Relevance: 12.2, APIs: 8, Instructions: 169COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E01E0 Relevance: 12.1, APIs: 8, Instructions: 87windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000CD0B0 Relevance: 10.9, APIs: 5, Strings: 2, Instructions: 418memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000CA3D0 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 389timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F4629 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 255COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BF0F0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 224registrysynchronizationwindowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D3070 Relevance: 10.6, APIs: 7, Instructions: 142threadsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BE780 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 125windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BEBA0 Relevance: 10.6, APIs: 7, Instructions: 101filethreadsynchronizationCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007E2E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79libraryloaderCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F88E4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009C500 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66networkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B4480 Relevance: 9.2, APIs: 6, Instructions: 232windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DE5F0 Relevance: 9.2, APIs: 6, Instructions: 195COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C7420 Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 431fileCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E4360 Relevance: 9.2, APIs: 6, Instructions: 160fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000809B0 Relevance: 9.1, APIs: 6, Instructions: 148COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DA0D0 Relevance: 9.1, APIs: 6, Instructions: 144COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000807D0 Relevance: 9.1, APIs: 6, Instructions: 131COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000D33E0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 109memoryCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B51A0 Relevance: 9.1, APIs: 6, Instructions: 105windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A3250 Relevance: 9.1, APIs: 6, Instructions: 96timeCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E2DE0 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C6740 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 234processCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E2A50 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 215windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009E190 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 148synchronizationnetworkCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000EB6E2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F28E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C2BF0 Relevance: 7.9, APIs: 5, Instructions: 359windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AF690 Relevance: 7.8, APIs: 5, Instructions: 281COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B7150 Relevance: 7.7, APIs: 5, Instructions: 232windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000A0070 Relevance: 7.7, APIs: 5, Instructions: 230windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E1610 Relevance: 7.7, APIs: 5, Instructions: 211windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F674B Relevance: 7.7, APIs: 5, Instructions: 199COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B4820 Relevance: 7.7, APIs: 5, Instructions: 164windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007D060 Relevance: 7.7, APIs: 5, Instructions: 163fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C1830 Relevance: 7.6, APIs: 5, Instructions: 136fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00094170 Relevance: 7.6, APIs: 5, Instructions: 133COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00078F00 Relevance: 7.6, APIs: 6, Instructions: 133COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B54F0 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007E3C0 Relevance: 7.6, APIs: 5, Instructions: 96fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008A5B0 Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BD8C7 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000DCE50 Relevance: 7.6, APIs: 5, Instructions: 67windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008A84B Relevance: 7.6, APIs: 5, Instructions: 65COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0009E0D0 Relevance: 7.6, APIs: 5, Instructions: 62synchronizationnetworkCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AF5D0 Relevance: 7.6, APIs: 5, Instructions: 60fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B6710 Relevance: 7.6, APIs: 5, Instructions: 51COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B86D0 Relevance: 7.5, APIs: 5, Instructions: 37COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E71EA Relevance: 7.5, APIs: 5, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008AB70 Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 384networkCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E2840 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177windowCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000C02B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137fileCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008A460 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 86libraryloaderCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007B170 Relevance: 6.6, APIs: 5, Instructions: 324COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0007AEA0 Relevance: 6.5, APIs: 5, Instructions: 256COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BAA80 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E0820 Relevance: 6.1, APIs: 4, Instructions: 110windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BED60 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000BF370 Relevance: 6.1, APIs: 4, Instructions: 106fileCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AABB0 Relevance: 6.1, APIs: 4, Instructions: 99COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B61D7 Relevance: 6.1, APIs: 4, Instructions: 92windowCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008EC10 Relevance: 6.1, APIs: 4, Instructions: 51threadsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008ECC0 Relevance: 6.0, APIs: 4, Instructions: 44threadsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000AACC0 Relevance: 6.0, APIs: 4, Instructions: 37timeCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0008ED50 Relevance: 6.0, APIs: 4, Instructions: 35threadsynchronizationCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B50D2 Relevance: 6.0, APIs: 4, Instructions: 32windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E0730 Relevance: 6.0, APIs: 4, Instructions: 28windowCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000E72BC Relevance: 6.0, APIs: 4, Instructions: 25COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000F32C9 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000EAD54 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 000B8730 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100windowCOMMON
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|