Windows
Analysis Report
a7HdB2dU5P.exe
Overview
General Information
Sample name: | a7HdB2dU5P.exerenamed because original name is a hash value |
Original sample name: | ec5818decca5d6703e23c9db8a772997.exe |
Analysis ID: | 1519281 |
MD5: | ec5818decca5d6703e23c9db8a772997 |
SHA1: | daeca7f333cedb461891a3fa4be6a857df452b59 |
SHA256: | 2da667c881a6b5f4b773c932bcbb6825fda5a85a38bfb51e06921cb88c353f3b |
Tags: | exeuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- a7HdB2dU5P.exe (PID: 7160 cmdline:
"C:\Users\ user\Deskt op\a7HdB2d U5P.exe" MD5: EC5818DECCA5D6703E23C9DB8A772997) - conhost.exe (PID: 6456 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - RegAsm.exe (PID: 6596 cmdline:
"C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\Reg Asm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["reinforcenh.shop", "offensivedzvju.shop", "fragnantbui.shop", "lootebarrkeyn.shop", "stogeneratmns.shop", "ghostreedmnu.shop", "drawzhotdog.shop", "vozmeatillu.shop", "gutterydhowi.shop"], "Build id": "FATE99--"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:07.786343+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:52:08.769507+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:09.681716+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:10.618108+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:11.567762+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
2024-09-26T09:52:12.512577+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:13.467807+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:14.417603+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
2024-09-26T09:52:16.841999+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 58449 | 172.67.189.2 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:07.786343+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:52:08.769507+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:09.681716+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:10.618108+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:11.567762+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
2024-09-26T09:52:12.512577+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:13.467807+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:14.417603+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
2024-09-26T09:52:16.841999+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 58449 | 172.67.189.2 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:11.097484+0200 | 2056157 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:12.055505+0200 | 2056155 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:08.270066+0200 | 2056163 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:07.234560+0200 | 2056165 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:09.259590+0200 | 2056161 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:13.943312+0200 | 2056151 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:12.996046+0200 | 2056153 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:10.172268+0200 | 2056159 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:10.620207+0200 | 2056156 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 64598 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:11.569455+0200 | 2056154 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 53726 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:07.792672+0200 | 2056162 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 52810 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:06.724512+0200 | 2056164 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 60602 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:06.643740+0200 | 2056048 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63148 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:08.773382+0200 | 2056160 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 60842 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:13.469353+0200 | 2056150 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 64447 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:12.513950+0200 | 2056152 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 53338 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:09.685196+0200 | 2056158 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 55892 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | URL Reputation: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | URL Reputation: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | URL Reputation: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00447600 | |
Source: | Code function: | 2_2_0044A7E0 | |
Source: | Code function: | 2_2_0040FEBC | |
Source: | Code function: | 2_2_0040EFFC | |
Source: | Code function: | 2_2_0040EFFC | |
Source: | Code function: | 2_2_00415078 | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_004450E0 | |
Source: | Code function: | 2_2_004340F5 | |
Source: | Code function: | 2_2_004340F5 | |
Source: | Code function: | 2_2_00407120 | |
Source: | Code function: | 2_2_0042A274 | |
Source: | Code function: | 2_2_0042A274 | |
Source: | Code function: | 2_2_0040D2C0 | |
Source: | Code function: | 2_2_0042A2F9 | |
Source: | Code function: | 2_2_0042A2F9 | |
Source: | Code function: | 2_2_00442280 | |
Source: | Code function: | 2_2_0042A345 | |
Source: | Code function: | 2_2_0042A345 | |
Source: | Code function: | 2_2_0042A345 | |
Source: | Code function: | 2_2_00431370 | |
Source: | Code function: | 2_2_0040A3C0 | |
Source: | Code function: | 2_2_0040A3C0 | |
Source: | Code function: | 2_2_0042C390 | |
Source: | Code function: | 2_2_0042C390 | |
Source: | Code function: | 2_2_00449390 | |
Source: | Code function: | 2_2_00449390 | |
Source: | Code function: | 2_2_00424490 | |
Source: | Code function: | 2_2_004204A0 | |
Source: | Code function: | 2_2_004204A0 | |
Source: | Code function: | 2_2_0042D56C | |
Source: | Code function: | 2_2_0043B510 | |
Source: | Code function: | 2_2_0042D58E | |
Source: | Code function: | 2_2_0042F5B7 | |
Source: | Code function: | 2_2_004146B5 | |
Source: | Code function: | 2_2_0040F7E0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_0041A880 | |
Source: | Code function: | 2_2_0042C891 | |
Source: | Code function: | 2_2_0042C891 | |
Source: | Code function: | 2_2_00444970 | |
Source: | Code function: | 2_2_004489F0 | |
Source: | Code function: | 2_2_00434A2F | |
Source: | Code function: | 2_2_00445AD0 | |
Source: | Code function: | 2_2_00413AE6 | |
Source: | Code function: | 2_2_00413AE6 | |
Source: | Code function: | 2_2_00413AE6 | |
Source: | Code function: | 2_2_0042BB00 | |
Source: | Code function: | 2_2_00427B0F | |
Source: | Code function: | 2_2_00430BD0 | |
Source: | Code function: | 2_2_00448BE0 | |
Source: | Code function: | 2_2_0044AC00 | |
Source: | Code function: | 2_2_00404C10 | |
Source: | Code function: | 2_2_00426CA0 | |
Source: | Code function: | 2_2_0041DD64 | |
Source: | Code function: | 2_2_0041DD64 | |
Source: | Code function: | 2_2_00405D20 | |
Source: | Code function: | 2_2_00434DF6 | |
Source: | Code function: | 2_2_00445D80 | |
Source: | Code function: | 2_2_0044AD90 | |
Source: | Code function: | 2_2_00449E60 | |
Source: | Code function: | 2_2_00414E26 | |
Source: | Code function: | 2_2_00414E26 | |
Source: | Code function: | 2_2_00447EDE | |
Source: | Code function: | 2_2_0044AF10 | |
Source: | Code function: | 2_2_0044AF10 | |
Source: | Code function: | 2_2_00426F20 | |
Source: | Code function: | 2_2_0041CFF0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_00439000 |
Source: | Code function: | 2_2_00439000 |
System Summary |
---|
Source: | Large array initialization: |
Source: | Code function: | 2_2_00410480 | |
Source: | Code function: | 2_2_00447600 | |
Source: | Code function: | 2_2_0040FEBC | |
Source: | Code function: | 2_2_0044004B | |
Source: | Code function: | 2_2_00401000 | |
Source: | Code function: | 2_2_0044B020 | |
Source: | Code function: | 2_2_004450E0 | |
Source: | Code function: | 2_2_004340F5 | |
Source: | Code function: | 2_2_004091F0 | |
Source: | Code function: | 2_2_004012A7 | |
Source: | Code function: | 2_2_0042A345 | |
Source: | Code function: | 2_2_0044B300 | |
Source: | Code function: | 2_2_0040A3C0 | |
Source: | Code function: | 2_2_0042C390 | |
Source: | Code function: | 2_2_00449390 | |
Source: | Code function: | 2_2_00407470 | |
Source: | Code function: | 2_2_0040B470 | |
Source: | Code function: | 2_2_0040E470 | |
Source: | Code function: | 2_2_00405400 | |
Source: | Code function: | 2_2_00411420 | |
Source: | Code function: | 2_2_0042D56C | |
Source: | Code function: | 2_2_0042D58E | |
Source: | Code function: | 2_2_00437620 | |
Source: | Code function: | 2_2_00409737 | |
Source: | Code function: | 2_2_00403790 | |
Source: | Code function: | 2_2_004327B0 | |
Source: | Code function: | 2_2_0042C891 | |
Source: | Code function: | 2_2_00449970 | |
Source: | Code function: | 2_2_00409A02 | |
Source: | Code function: | 2_2_00445AD0 | |
Source: | Code function: | 2_2_00449B60 | |
Source: | Code function: | 2_2_0042BB00 | |
Source: | Code function: | 2_2_00427B0F | |
Source: | Code function: | 2_2_00438C00 | |
Source: | Code function: | 2_2_0043FD0E | |
Source: | Code function: | 2_2_00449E60 | |
Source: | Code function: | 2_2_00407E70 | |
Source: | Code function: | 2_2_00447EDE | |
Source: | Code function: | 2_2_0042DEF8 | |
Source: | Code function: | 2_2_0043EF50 | |
Source: | Code function: | 2_2_0040AFD0 | |
Source: | Code function: | 2_2_0042DFE0 | |
Source: | Code function: | 2_2_0040BF80 | |
Source: | Code function: | 2_2_00448F80 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 2_2_004381AA |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 2_2_0043733A |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 2_2_00447560 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 0_2_028C2145 |
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 PowerShell | 1 DLL Side-Loading | 411 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 31 Virtualization/Sandbox Evasion | Security Account Manager | 12 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 411 Process Injection | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Deobfuscate/Decode Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 4 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Software Packing | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | ReversingLabs | ByteCode-MSIL.Trojan.Zilla |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | URL Reputation | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | URL Reputation | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | URL Reputation | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fragnantbui.shop | 188.114.97.3 | true | true | unknown | |
performenj.shop | 172.67.189.2 | true | true | unknown | |
gutterydhowi.shop | 104.21.4.136 | true | true | unknown | |
steamcommunity.com | 104.102.49.254 | true | false | unknown | |
offensivedzvju.shop | 188.114.96.3 | true | true | unknown | |
stogeneratmns.shop | 188.114.96.3 | true | true | unknown | |
reinforcenh.shop | 104.21.77.130 | true | true | unknown | |
drawzhotdog.shop | 104.21.58.182 | true | true | unknown | |
ghostreedmnu.shop | 188.114.97.3 | true | true | unknown | |
vozmeatillu.shop | 188.114.96.3 | true | true | unknown | |
lootebarrkeyn.shop | unknown | unknown | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.77.130 | reinforcenh.shop | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.4.136 | gutterydhowi.shop | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.189.2 | performenj.shop | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | fragnantbui.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | offensivedzvju.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false | |
104.21.58.182 | drawzhotdog.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519281 |
Start date and time: | 2024-09-26 09:51:12 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 21s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | a7HdB2dU5P.exerenamed because original name is a hash value |
Original Sample Name: | ec5818decca5d6703e23c9db8a772997.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/2@11/7 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): SIHClient.exe
- Excluded IPs from analysis (whitelisted): 52.165.165.26
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, sls.update.microsoft.com, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: a7HdB2dU5P.exe
Time | Type | Description |
---|---|---|
03:52:06 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.77.130 | Get hash | malicious | Amadey, GO Backdoor | Browse |
| |
Get hash | malicious | Amadey | Browse |
| ||
Get hash | malicious | Amadey | Browse |
| ||
104.21.4.136 | Get hash | malicious | LummaC, Vidar | Browse | ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
172.67.189.2 | Get hash | malicious | LummaC, Vidar | Browse | ||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
gutterydhowi.shop | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
performenj.shop | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer, MicroClip | Browse |
| ||
Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
fragnantbui.shop | Get hash | malicious | LummaC, Vidar | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla, RedLine | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC, Go Injector, LummaC Stealer | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | UltraVNC | Browse |
| ||
Get hash | malicious | UltraVNC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Process: | C:\Users\user\Desktop\a7HdB2dU5P.exe |
File Type: | |
Category: | modified |
Size (bytes): | 425 |
Entropy (8bit): | 5.353683843266035 |
Encrypted: | false |
SSDEEP: | 12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:ML9E4KlKDE4KhKiKhk |
MD5: | 859802284B12C59DDBB85B0AC64C08F0 |
SHA1: | 4FDDEFC6DB9645057FEB3322BE98EF10D6A593EE |
SHA-256: | FB234B6DAB715ADABB23E450DADCDBCDDFF78A054BAF19B5CE7A9B4206B7492B |
SHA-512: | 8A371F671B962AE8AE0F58421A13E80F645FF0A9888462C1529B77289098A0EA4D6A9E2E07ABD4F96460FCC32AA87B0581CA4D747E77E69C3620BF1368BA9A67 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\a7HdB2dU5P.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 33 |
Entropy (8bit): | 2.2845972159140855 |
Encrypted: | false |
SSDEEP: | 3:i6vvRyMivvRya:iKvHivD |
MD5: | 45B4C82B8041BF0F9CCED0D6A18D151A |
SHA1: | B4DAD3FFFEF507CBB78671EE620BB495F8CE22F1 |
SHA-256: | 7CFA461ED1FC8611AB74878EDB1FBBDE3596F5D042946A42A7F31EB6D462E628 |
SHA-512: | B29C3696A8A311EFAF9B9709BA082FF2C8D45A6912D79BC1DE7FEEFBEF8F8DDEFCD6650B5E1165D0A79800C8AED399E2B11BC2431E3837DD8587516BDE50EAB5 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 7.9894730772519456 |
TrID: |
|
File name: | a7HdB2dU5P.exe |
File size: | 374'784 bytes |
MD5: | ec5818decca5d6703e23c9db8a772997 |
SHA1: | daeca7f333cedb461891a3fa4be6a857df452b59 |
SHA256: | 2da667c881a6b5f4b773c932bcbb6825fda5a85a38bfb51e06921cb88c353f3b |
SHA512: | 12205f23f622518eddde5c9ecc5168929a421ff1a0442dca23104723a5ad7edfd1e84bcbba4afe03fe20823cb0d39e4fdf7fae716b43cd1cec244bb12d60c254 |
SSDEEP: | 6144:VX7iHuLVysIuU1dHpxx7VOEe9hTuubkP9vMV8DGtywI/ZM9M6vrNaIr6NKHQ3iFE:FZVyruU1BxcElnP9kV82Z+oRXQiFP |
TLSH: | 5A842364F21A8765C764947AEE86962CCDF3B93A2A5F90076CE47E098D0DD3B1347B30 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....3.f................................. ........@.. ....................... ............`................................ |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x45ccee |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows cui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x66F43305 [Wed Sep 25 15:57:57 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5cc94 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5e000 | 0x5b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x60000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x5cb5c | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x5acf4 | 0x5ae00 | c03cbc644eb253acf1af646f29cebfd3 | False | 0.9938477905777167 | data | 7.995621110986315 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rsrc | 0x5e000 | 0x5b8 | 0x600 | e0c57c891752f78d44441c65570fe51e | False | 0.4381510416666667 | data | 4.119761219082767 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x60000 | 0xc | 0x200 | 93175a635d4731115c9b1e1c282e8f9e | False | 0.044921875 | data | 0.10191042566270775 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x5e0a0 | 0x324 | data | 0.4552238805970149 | ||
RT_MANIFEST | 0x5e3c8 | 0x1ea | XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators | 0.5469387755102041 |
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T09:52:06.643740+0200 | 2056048 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (lootebarrkeyn .shop) | 1 | 192.168.2.4 | 63148 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:06.724512+0200 | 2056164 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) | 1 | 192.168.2.4 | 60602 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:07.234560+0200 | 2056165 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) | 1 | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:52:07.786343+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:52:07.786343+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | TCP |
2024-09-26T09:52:07.792672+0200 | 2056162 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) | 1 | 192.168.2.4 | 52810 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:08.270066+0200 | 2056163 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) | 1 | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:08.769507+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:08.769507+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:08.773382+0200 | 2056160 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) | 1 | 192.168.2.4 | 60842 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:09.259590+0200 | 2056161 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) | 1 | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:09.681716+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:09.681716+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:09.685196+0200 | 2056158 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) | 1 | 192.168.2.4 | 55892 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:10.172268+0200 | 2056159 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) | 1 | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:10.618108+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:10.618108+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:10.620207+0200 | 2056156 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) | 1 | 192.168.2.4 | 64598 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:11.097484+0200 | 2056157 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) | 1 | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
2024-09-26T09:52:11.567762+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
2024-09-26T09:52:11.567762+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | TCP |
2024-09-26T09:52:11.569455+0200 | 2056154 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) | 1 | 192.168.2.4 | 53726 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:12.055505+0200 | 2056155 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) | 1 | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:12.512577+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:12.512577+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | TCP |
2024-09-26T09:52:12.513950+0200 | 2056152 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) | 1 | 192.168.2.4 | 53338 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:12.996046+0200 | 2056153 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) | 1 | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:13.467807+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:13.467807+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | TCP |
2024-09-26T09:52:13.469353+0200 | 2056150 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) | 1 | 192.168.2.4 | 64447 | 1.1.1.1 | 53 | UDP |
2024-09-26T09:52:13.943312+0200 | 2056151 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) | 1 | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
2024-09-26T09:52:14.417603+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
2024-09-26T09:52:14.417603+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | TCP |
2024-09-26T09:52:16.841999+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 58449 | 172.67.189.2 | 443 | TCP |
2024-09-26T09:52:16.841999+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 58449 | 172.67.189.2 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:52:06.739407063 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:06.739514112 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:06.739604950 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:06.743361950 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:06.743416071 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.234314919 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.234560013 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.237685919 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.237703085 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.237987041 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.288292885 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.295239925 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.295267105 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.295407057 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.786358118 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.786451101 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.786500931 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.788469076 CEST | 58440 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 09:52:07.788497925 CEST | 443 | 58440 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 09:52:07.806108952 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:07.806154013 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:07.806226015 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:07.806570053 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:07.806586027 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.269989967 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.270066023 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.273355007 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.273385048 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.273859024 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.274975061 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.275005102 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.275065899 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.769520998 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.769617081 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.769783020 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.769833088 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.769855976 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.769870043 CEST | 58441 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:08.769876957 CEST | 443 | 58441 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.787012100 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:08.787065983 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:08.787153959 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:08.787467003 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:08.787477970 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.259497881 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.259589911 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.261116028 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.261128902 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.261373043 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.262583971 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.262615919 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.262651920 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.681730032 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.681816101 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.681873083 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.682040930 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.682060003 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.682071924 CEST | 58442 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.682076931 CEST | 443 | 58442 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.699951887 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.699987888 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:09.700068951 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.700406075 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:09.700417995 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.171736956 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.172267914 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.175757885 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.175770998 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.176037073 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.177234888 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.177234888 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.177319050 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.618087053 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.618163109 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.618208885 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.618406057 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.618424892 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.618432045 CEST | 58443 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:10.618437052 CEST | 443 | 58443 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:10.635591030 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:10.635704041 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:10.635813951 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:10.636113882 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:10.636142969 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.097271919 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.097484112 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.098959923 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.098992109 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.099246025 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.100389004 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.100429058 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.100517988 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.567774057 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.567866087 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.567938089 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.568167925 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.568197966 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.568213940 CEST | 58444 | 443 | 192.168.2.4 | 104.21.58.182 |
Sep 26, 2024 09:52:11.568222046 CEST | 443 | 58444 | 104.21.58.182 | 192.168.2.4 |
Sep 26, 2024 09:52:11.583832026 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:11.583856106 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:11.583940029 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:11.584225893 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:11.584235907 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.055355072 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.055505037 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.057269096 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.057284117 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.057506084 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.058676958 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.058676958 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.058765888 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.512480974 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.512564898 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.512732983 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.512907028 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.512907028 CEST | 58445 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 09:52:12.512921095 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.512926102 CEST | 443 | 58445 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.529490948 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.529534101 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.529850006 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.529902935 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.529911041 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.995942116 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.996046066 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.997726917 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.997739077 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.998158932 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:12.999403954 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.999425888 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:12.999475002 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:13.467782974 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:13.467864037 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:13.467915058 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:13.468043089 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:13.468060017 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:13.468070030 CEST | 58446 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 09:52:13.468075991 CEST | 443 | 58446 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 09:52:13.483549118 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.483597994 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:13.483670950 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.484085083 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.484097004 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:13.943201065 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:13.943311930 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.946155071 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.946166992 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:13.946417093 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:13.947573900 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.947616100 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:13.947649002 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:14.417603970 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:14.417714119 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:14.417798042 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:14.417922020 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:14.417973042 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:14.418004036 CEST | 58447 | 443 | 192.168.2.4 | 104.21.77.130 |
Sep 26, 2024 09:52:14.418020964 CEST | 443 | 58447 | 104.21.77.130 | 192.168.2.4 |
Sep 26, 2024 09:52:14.426839113 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:14.426933050 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:14.427021980 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:14.427283049 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:14.427318096 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.081146002 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.081363916 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.083007097 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.083024979 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.083446026 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.084763050 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.127412081 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.598932028 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.598992109 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.599037886 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.599121094 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.599158049 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.599175930 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.599216938 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.890916109 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.890950918 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.890999079 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891004086 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891037941 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891052008 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891072989 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891093016 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891155005 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891206980 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891233921 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891272068 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891278028 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891313076 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891352892 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891547918 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891561985 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.891577959 CEST | 58448 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 09:52:15.891582966 CEST | 443 | 58448 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 09:52:15.909923077 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:15.909967899 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:15.910048008 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:15.910383940 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:15.910396099 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.404989958 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.405065060 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.406891108 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.406898975 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.407124996 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.408201933 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.408235073 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.408262968 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.842016935 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.842117071 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.842195988 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.842317104 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.842338085 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Sep 26, 2024 09:52:16.842354059 CEST | 58449 | 443 | 192.168.2.4 | 172.67.189.2 |
Sep 26, 2024 09:52:16.842359066 CEST | 443 | 58449 | 172.67.189.2 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 09:52:06.643739939 CEST | 63148 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:06.721266985 CEST | 53 | 63148 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:06.724512100 CEST | 60602 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:06.733890057 CEST | 53 | 60602 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:07.792671919 CEST | 52810 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:07.805356979 CEST | 53 | 52810 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:08.773381948 CEST | 60842 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:08.786127090 CEST | 53 | 60842 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:09.685195923 CEST | 55892 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:09.699177980 CEST | 53 | 55892 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:10.620207071 CEST | 64598 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:10.633261919 CEST | 53 | 64598 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:11.569454908 CEST | 53726 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:11.583125114 CEST | 53 | 53726 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:12.513950109 CEST | 53338 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:12.528748035 CEST | 53 | 53338 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:13.469352961 CEST | 64447 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:13.482624054 CEST | 53 | 64447 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:14.419151068 CEST | 60320 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:14.426199913 CEST | 53 | 60320 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 09:52:15.894535065 CEST | 51319 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 09:52:15.908334970 CEST | 53 | 51319 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:52:06.643739939 CEST | 192.168.2.4 | 1.1.1.1 | 0x73c6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:06.724512100 CEST | 192.168.2.4 | 1.1.1.1 | 0x8cea | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:07.792671919 CEST | 192.168.2.4 | 1.1.1.1 | 0x68cb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:08.773381948 CEST | 192.168.2.4 | 1.1.1.1 | 0xcd28 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:09.685195923 CEST | 192.168.2.4 | 1.1.1.1 | 0xef53 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:10.620207071 CEST | 192.168.2.4 | 1.1.1.1 | 0x1c9e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:11.569454908 CEST | 192.168.2.4 | 1.1.1.1 | 0xfd4f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:12.513950109 CEST | 192.168.2.4 | 1.1.1.1 | 0xdc89 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:13.469352961 CEST | 192.168.2.4 | 1.1.1.1 | 0xff22 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:14.419151068 CEST | 192.168.2.4 | 1.1.1.1 | 0x248b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:15.894535065 CEST | 192.168.2.4 | 1.1.1.1 | 0x481c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2024 09:52:06.721266985 CEST | 1.1.1.1 | 192.168.2.4 | 0x73c6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 09:52:06.733890057 CEST | 1.1.1.1 | 192.168.2.4 | 0x8cea | No error (0) | 104.21.4.136 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:06.733890057 CEST | 1.1.1.1 | 192.168.2.4 | 0x8cea | No error (0) | 172.67.132.32 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:07.805356979 CEST | 1.1.1.1 | 192.168.2.4 | 0x68cb | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:07.805356979 CEST | 1.1.1.1 | 192.168.2.4 | 0x68cb | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:08.786127090 CEST | 1.1.1.1 | 192.168.2.4 | 0xcd28 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:08.786127090 CEST | 1.1.1.1 | 192.168.2.4 | 0xcd28 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:09.699177980 CEST | 1.1.1.1 | 192.168.2.4 | 0xef53 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:09.699177980 CEST | 1.1.1.1 | 192.168.2.4 | 0xef53 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:10.633261919 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c9e | No error (0) | 104.21.58.182 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:10.633261919 CEST | 1.1.1.1 | 192.168.2.4 | 0x1c9e | No error (0) | 172.67.162.108 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:11.583125114 CEST | 1.1.1.1 | 192.168.2.4 | 0xfd4f | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:11.583125114 CEST | 1.1.1.1 | 192.168.2.4 | 0xfd4f | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:12.528748035 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc89 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:12.528748035 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc89 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:13.482624054 CEST | 1.1.1.1 | 192.168.2.4 | 0xff22 | No error (0) | 104.21.77.130 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:13.482624054 CEST | 1.1.1.1 | 192.168.2.4 | 0xff22 | No error (0) | 172.67.208.139 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:14.426199913 CEST | 1.1.1.1 | 192.168.2.4 | 0x248b | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:15.908334970 CEST | 1.1.1.1 | 192.168.2.4 | 0x481c | No error (0) | 172.67.189.2 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 09:52:15.908334970 CEST | 1.1.1.1 | 192.168.2.4 | 0x481c | No error (0) | 104.21.51.224 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 58440 | 104.21.4.136 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:07 UTC | 264 | OUT | |
2024-09-26 07:52:07 UTC | 8 | OUT | |
2024-09-26 07:52:07 UTC | 772 | IN | |
2024-09-26 07:52:07 UTC | 15 | IN | |
2024-09-26 07:52:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 58441 | 188.114.97.3 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:08 UTC | 264 | OUT | |
2024-09-26 07:52:08 UTC | 8 | OUT | |
2024-09-26 07:52:08 UTC | 772 | IN | |
2024-09-26 07:52:08 UTC | 15 | IN | |
2024-09-26 07:52:08 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 58442 | 188.114.96.3 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:09 UTC | 266 | OUT | |
2024-09-26 07:52:09 UTC | 8 | OUT | |
2024-09-26 07:52:09 UTC | 770 | IN | |
2024-09-26 07:52:09 UTC | 15 | IN | |
2024-09-26 07:52:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 58443 | 188.114.96.3 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:10 UTC | 263 | OUT | |
2024-09-26 07:52:10 UTC | 8 | OUT | |
2024-09-26 07:52:10 UTC | 768 | IN | |
2024-09-26 07:52:10 UTC | 15 | IN | |
2024-09-26 07:52:10 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 58444 | 104.21.58.182 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:11 UTC | 263 | OUT | |
2024-09-26 07:52:11 UTC | 8 | OUT | |
2024-09-26 07:52:11 UTC | 766 | IN | |
2024-09-26 07:52:11 UTC | 15 | IN | |
2024-09-26 07:52:11 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 58445 | 188.114.97.3 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:12 UTC | 263 | OUT | |
2024-09-26 07:52:12 UTC | 8 | OUT | |
2024-09-26 07:52:12 UTC | 762 | IN | |
2024-09-26 07:52:12 UTC | 15 | IN | |
2024-09-26 07:52:12 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 58446 | 188.114.96.3 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:12 UTC | 265 | OUT | |
2024-09-26 07:52:12 UTC | 8 | OUT | |
2024-09-26 07:52:13 UTC | 772 | IN | |
2024-09-26 07:52:13 UTC | 15 | IN | |
2024-09-26 07:52:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 58447 | 104.21.77.130 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:13 UTC | 263 | OUT | |
2024-09-26 07:52:13 UTC | 8 | OUT | |
2024-09-26 07:52:14 UTC | 764 | IN | |
2024-09-26 07:52:14 UTC | 15 | IN | |
2024-09-26 07:52:14 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 58448 | 104.102.49.254 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:15 UTC | 219 | OUT | |
2024-09-26 07:52:15 UTC | 1870 | IN | |
2024-09-26 07:52:15 UTC | 14514 | IN | |
2024-09-26 07:52:15 UTC | 16384 | IN | |
2024-09-26 07:52:15 UTC | 3768 | IN | |
2024-09-26 07:52:15 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 58449 | 172.67.189.2 | 443 | 6596 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 07:52:16 UTC | 262 | OUT | |
2024-09-26 07:52:16 UTC | 8 | OUT | |
2024-09-26 07:52:16 UTC | 776 | IN | |
2024-09-26 07:52:16 UTC | 15 | IN | |
2024-09-26 07:52:16 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:52:04 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\a7HdB2dU5P.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x5d0000 |
File size: | 374'784 bytes |
MD5 hash: | EC5818DECCA5D6703E23C9DB8A772997 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:52:04 |
Start date: | 26/09/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7699e0000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 03:52:06 |
Start date: | 26/09/2024 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc40000 |
File size: | 65'440 bytes |
MD5 hash: | 0D5DF43AF2916F47D00C1573797C1A13 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 44.4% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 15.4% |
Total number of Nodes: | 39 |
Total number of Limit Nodes: | 0 |
Graph
Callgraph
Function 028C2145 Relevance: 42.3, APIs: 10, Strings: 14, Instructions: 282threadinjectionmemoryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C61268 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00C61270 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 1.2% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 71.9% |
Total number of Nodes: | 57 |
Total number of Limit Nodes: | 14 |
Graph
Function 00410480 Relevance: 25.4, Strings: 20, Instructions: 435COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FEBC Relevance: 13.2, Strings: 10, Instructions: 710COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D2C0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 159threadCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447600 Relevance: 6.9, Strings: 5, Instructions: 614COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040EFFC Relevance: 6.8, Strings: 5, Instructions: 550COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447560 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 14libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A7E0 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040ED90 Relevance: 1.6, APIs: 1, Instructions: 87libraryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444282 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444200 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00439000 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 100clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043FD0E Relevance: 14.4, APIs: 5, Strings: 3, Instructions: 403memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401000 Relevance: 11.9, Strings: 8, Instructions: 1867COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00427B0F Relevance: 10.8, Strings: 8, Instructions: 813COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041DD64 Relevance: 10.6, Strings: 8, Instructions: 613COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004012A7 Relevance: 8.4, Strings: 6, Instructions: 940COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C891 Relevance: 8.3, Strings: 6, Instructions: 837COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004204A0 Relevance: 6.9, Strings: 5, Instructions: 683COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042BB00 Relevance: 6.7, Strings: 5, Instructions: 428COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040F7E0 Relevance: 6.6, Strings: 5, Instructions: 400COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A345 Relevance: 4.3, Strings: 3, Instructions: 529COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426F20 Relevance: 4.2, Strings: 3, Instructions: 405COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004450E0 Relevance: 3.1, Strings: 2, Instructions: 576COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D56C Relevance: 3.1, Strings: 2, Instructions: 553COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403790 Relevance: 2.9, Strings: 2, Instructions: 445COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CFF0 Relevance: 2.9, Strings: 2, Instructions: 428COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042D58E Relevance: 2.9, Strings: 2, Instructions: 396COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042C390 Relevance: 2.9, Strings: 2, Instructions: 361COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434DF6 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437620 Relevance: 2.7, Strings: 2, Instructions: 225COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A2F9 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042A274 Relevance: 2.7, Strings: 2, Instructions: 202COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AF10 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405400 Relevance: 1.8, Strings: 1, Instructions: 570COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00426CA0 Relevance: 1.8, APIs: 1, Instructions: 255comCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449390 Relevance: 1.6, Strings: 1, Instructions: 384COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00431370 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DEF8 Relevance: 1.6, Strings: 1, Instructions: 338COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434A2F Relevance: 1.6, Strings: 1, Instructions: 305COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448BE0 Relevance: 1.5, Strings: 1, Instructions: 287COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B300 Relevance: 1.5, Strings: 1, Instructions: 282COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B020 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445AD0 Relevance: 1.5, Strings: 1, Instructions: 233COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00414E26 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004489F0 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444970 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E470 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042DFE0 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AC00 Relevance: 1.4, Strings: 1, Instructions: 143COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AD90 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424490 Relevance: 1.3, Strings: 1, Instructions: 99COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BF80 Relevance: .9, Instructions: 852COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B470 Relevance: .7, Instructions: 670COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407470 Relevance: .7, Instructions: 657COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449E60 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407E70 Relevance: .6, Instructions: 592COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409737 Relevance: .5, Instructions: 536COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447EDE Relevance: .5, Instructions: 476COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040A3C0 Relevance: .4, Instructions: 448COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409A02 Relevance: .3, Instructions: 334COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AFD0 Relevance: .3, Instructions: 315COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449970 Relevance: .3, Instructions: 304COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004146B5 Relevance: .3, Instructions: 277COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00413AE6 Relevance: .3, Instructions: 274COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448F80 Relevance: .3, Instructions: 263COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00415078 Relevance: .3, Instructions: 251COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F5B7 Relevance: .2, Instructions: 218COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004091F0 Relevance: .2, Instructions: 202COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043EF50 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438C00 Relevance: .2, Instructions: 185COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00405D20 Relevance: .2, Instructions: 163COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00449B60 Relevance: .1, Instructions: 142COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411420 Relevance: .1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404C10 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B510 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004381AA Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00430BD0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00445D80 Relevance: .1, Instructions: 52COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407120 Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A880 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442280 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004361D5 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 165memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|