Windows
Analysis Report
SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe (PID: 6412 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Win 32.Crypt.2 4800.18482 .exe" MD5: AAF6F0C0F007E9462C8BF58ACD555CAF) - SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe (PID: 7016 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Trojan.Win 32.Crypt.2 4800.18482 .exe" MD5: AAF6F0C0F007E9462C8BF58ACD555CAF)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["offensivedzvju.shop", "fragnantbui.shop", "stogeneratmns.shop", "reinforcenh.shop", "vozmeatillu.shop", "gutterydhowi.shop", "ghostreedmnu.shop", "drawzhotdog.shop"], "Build id": "sG8pjw--MagooBR"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
System Summary |
---|
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:17.076987+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.061879+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
2024-09-26T21:26:18.985344+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:19.968358+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:20.986518+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:22.456694+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
2024-09-26T21:26:23.482099+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:24.736633+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:25.664023+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
2024-09-26T21:26:28.033341+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 172.67.128.144 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:17.076987+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.061879+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
2024-09-26T21:26:18.985344+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:19.968358+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:20.986518+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:22.456694+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
2024-09-26T21:26:23.482099+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:24.736633+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:25.664023+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
2024-09-26T21:26:28.033341+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 172.67.128.144 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:21.992400+0200 | 2056157 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:22.980219+0200 | 2056155 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:16.584078+0200 | 2056163 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.561343+0200 | 2056163 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:17.624090+0200 | 2056165 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:19.520948+0200 | 2056161 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:25.242032+0200 | 2056151 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:24.184473+0200 | 2056153 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:20.494914+0200 | 2056159 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:21.498032+0200 | 2056156 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 60290 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:22.460224+0200 | 2056154 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 53798 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:16.070452+0200 | 2056162 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 54940 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:17.088211+0200 | 2056164 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 53409 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:18.999445+0200 | 2056160 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 61718 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:24.738372+0200 | 2056150 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 52359 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:23.625768+0200 | 2056152 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 52289 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:20.003264+0200 | 2056158 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 54999 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | File dump: | Jump to dropped file |
Source: | Code function: | 0_2_004B323E | |
Source: | Code function: | 0_2_004B3B60 | |
Source: | Code function: | 0_2_004B4040 | |
Source: | Code function: | 0_2_004B305B | |
Source: | Code function: | 0_2_004B3462 | |
Source: | Code function: | 0_2_004B3C30 | |
Source: | Code function: | 0_2_004B3CFF | |
Source: | Code function: | 0_2_004B30F3 | |
Source: | Code function: | 0_2_004B3553 | |
Source: | Code function: | 0_2_004B3DAB | |
Source: | Code function: | 0_2_0087A9F1 | |
Source: | Code function: | 0_2_0087C4CF | |
Source: | Code function: | 0_2_0087D018 | |
Source: | Code function: | 0_2_0087C46D | |
Source: | Code function: | 0_2_0085C99A | |
Source: | Code function: | 0_2_0087D131 | |
Source: | Code function: | 0_2_0085D168 | |
Source: | Code function: | 0_2_0087D3AC | |
Source: | Code function: | 0_2_0087CBD0 | |
Source: | Code function: | 0_2_0087C7FF | |
Source: | Code function: | 0_2_0087C37E |
Source: | Code function: | 0_2_004B323E | |
Source: | Code function: | 0_2_004BAB04 | |
Source: | Code function: | 0_2_004A6168 | |
Source: | Code function: | 0_2_004A560A | |
Source: | Code function: | 0_2_004A56E8 | |
Source: | Code function: | 0_2_004A636A | |
Source: | Code function: | 0_2_00833816 | |
Source: | Code function: | 0_2_0082ED6C | |
Source: | Code function: | 0_2_00834097 | |
Source: | Code function: | 0_2_008330B1 | |
Source: | Code function: | 0_2_008338B1 | |
Source: | Code function: | 0_2_0082F4C8 | |
Source: | Code function: | 0_2_008334C9 | |
Source: | Code function: | 0_2_008338E3 | |
Source: | Code function: | 0_2_00833CFB | |
Source: | Code function: | 0_2_00833C0D | |
Source: | Code function: | 0_2_0082F816 | |
Source: | Code function: | 0_2_00833830 | |
Source: | Code function: | 0_2_00834040 | |
Source: | Code function: | 0_2_00834072 | |
Source: | Code function: | 0_2_00834986 | |
Source: | Code function: | 0_2_00833DB2 | |
Source: | Code function: | 0_2_00833DCD | |
Source: | Code function: | 0_2_0082F9E3 | |
Source: | Code function: | 0_2_0082FDF5 | |
Source: | Code function: | 0_2_00833908 | |
Source: | Code function: | 0_2_0082F90E | |
Source: | Code function: | 0_2_00833D21 | |
Source: | Code function: | 0_2_0082F946 | |
Source: | Code function: | 0_2_00833553 | |
Source: | Code function: | 0_2_0082F566 | |
Source: | Code function: | 0_2_00833680 | |
Source: | Code function: | 0_2_00833E8E | |
Source: | Code function: | 0_2_0082FA94 | |
Source: | Code function: | 0_2_0082FAA5 | |
Source: | Code function: | 0_2_0082EEAD | |
Source: | Code function: | 0_2_008332B5 | |
Source: | Code function: | 0_2_0082F6C3 | |
Source: | Code function: | 0_2_0082FAC8 | |
Source: | Code function: | 0_2_008342C8 | |
Source: | Code function: | 0_2_0082EECE | |
Source: | Code function: | 0_2_008336DA | |
Source: | Code function: | 0_2_008346DA | |
Source: | Code function: | 0_2_00833EF3 | |
Source: | Code function: | 0_2_0082FA69 | |
Source: | Code function: | 0_2_0083366E | |
Source: | Code function: | 0_2_0082FE76 | |
Source: | Code function: | 0_2_00833B8F | |
Source: | Code function: | 0_2_00833793 | |
Source: | Code function: | 0_2_0082FB99 | |
Source: | Code function: | 0_2_0082F7E4 | |
Source: | Code function: | 0_2_0082F3FC | |
Source: | Code function: | 0_2_008337FD | |
Source: | Code function: | 0_2_00833F0C | |
Source: | Code function: | 0_2_00833315 | |
Source: | Code function: | 0_2_0082FF1D | |
Source: | Code function: | 0_2_00833F27 | |
Source: | Code function: | 0_2_0082F333 | |
Source: | Code function: | 0_2_00833336 | |
Source: | Code function: | 0_2_00833B39 | |
Source: | Code function: | 0_2_0082FB42 | |
Source: | Code function: | 0_2_00834B5B | |
Source: | Code function: | 0_2_0082FB74 | |
Source: | Code function: | 0_2_00833B7E | |
Source: | Code function: | 0_2_0083C123 | |
Source: | Code function: | 0_2_0083E752 | |
Source: | Code function: | 0_2_0084536D | |
Source: | Code function: | 0_2_0084559A | |
Source: | Code function: | 0_2_008456F6 | |
Source: | Code function: | 0_2_00845410 | |
Source: | Code function: | 0_2_00845531 | |
Source: | Code function: | 0_2_0084565F | |
Source: | Code function: | 0_2_0087A9F1 | |
Source: | Code function: | 0_2_0086E5FA | |
Source: | Code function: | 0_2_0086BEA0 | |
Source: | Code function: | 0_2_0087920C | |
Source: | Code function: | 0_2_0086DB31 | |
Source: | Code function: | 0_2_0087C4CF | |
Source: | Code function: | 0_2_0087E417 | |
Source: | Code function: | 0_2_0087BC13 | |
Source: | Code function: | 0_2_0087D018 | |
Source: | Code function: | 0_2_0087A84D | |
Source: | Code function: | 0_2_0086BC58 | |
Source: | Code function: | 0_2_0087A467 | |
Source: | Code function: | 0_2_0087C46D | |
Source: | Code function: | 0_2_00866473 | |
Source: | Code function: | 0_2_00864D8B | |
Source: | Code function: | 0_2_008655AD | |
Source: | Code function: | 0_2_0086E9C4 | |
Source: | Code function: | 0_2_0087BDD7 | |
Source: | Code function: | 0_2_0087B5D9 | |
Source: | Code function: | 0_2_008799E4 | |
Source: | Code function: | 0_2_0085B9F6 | |
Source: | Code function: | 0_2_0087BD0E | |
Source: | Code function: | 0_2_0087B509 | |
Source: | Code function: | 0_2_0086352E | |
Source: | Code function: | 0_2_00855D31 | |
Source: | Code function: | 0_2_0087D131 | |
Source: | Code function: | 0_2_0086D945 | |
Source: | Code function: | 0_2_0087A94E | |
Source: | Code function: | 0_2_00866977 | |
Source: | Code function: | 0_2_0087AE8E | |
Source: | Code function: | 0_2_00863AC8 | |
Source: | Code function: | 0_2_0087B2D3 | |
Source: | Code function: | 0_2_00879ED3 | |
Source: | Code function: | 0_2_00859AF2 | |
Source: | Code function: | 0_2_0085B610 | |
Source: | Code function: | 0_2_0087A219 | |
Source: | Code function: | 0_2_0085BA29 | |
Source: | Code function: | 0_2_0085BA32 | |
Source: | Code function: | 0_2_00867A51 | |
Source: | Code function: | 0_2_00866386 | |
Source: | Code function: | 0_2_00852786 | |
Source: | Code function: | 0_2_00869789 | |
Source: | Code function: | 0_2_0087DB88 | |
Source: | Code function: | 0_2_00863B94 | |
Source: | Code function: | 0_2_00878B99 | |
Source: | Code function: | 0_2_0087D3AC | |
Source: | Code function: | 0_2_0087CBD0 | |
Source: | Code function: | 0_2_0087B7DA | |
Source: | Code function: | 0_2_0087C7FF | |
Source: | Code function: | 0_2_00879B09 | |
Source: | Code function: | 0_2_0085A33F | |
Source: | Code function: | 0_2_0087C37E | |
Source: | Code function: | 0_2_0086D37A | |
Source: | Code function: | 0_2_0089A2D1 | |
Source: | Code function: | 0_2_008AC0B3 | |
Source: | Code function: | 0_2_0088801C | |
Source: | Code function: | 0_2_0089743B | |
Source: | Code function: | 0_2_00897047 | |
Source: | Code function: | 0_2_0089685E | |
Source: | Code function: | 0_2_00896DBE | |
Source: | Code function: | 0_2_00897506 | |
Source: | Code function: | 0_2_0089751E | |
Source: | Code function: | 0_2_0089597E | |
Source: | Code function: | 0_2_00897AC8 | |
Source: | Code function: | 0_2_008ABEC8 | |
Source: | Code function: | 0_2_008AC640 | |
Source: | Code function: | 0_2_00895B80 | |
Source: | Code function: | 0_2_0089A7B6 | |
Source: | Code function: | 0_2_008997CE | |
Source: | Code function: | 0_2_008967C5 | |
Source: | Code function: | 0_2_00898BD0 | |
Source: | Code function: | 0_2_00896305 | |
Source: | Code function: | 0_2_00898369 | |
Source: | Code function: | 0_2_0089777C |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00856893 | |
Source: | Code function: | 0_2_00856899 | |
Source: | Code function: | 0_2_00856D9C | |
Source: | Code function: | 0_2_00856DAB | |
Source: | Code function: | 0_2_00856D3B | |
Source: | Code function: | 0_2_0085529D | |
Source: | Code function: | 0_2_00855303 | |
Source: | Code function: | 0_2_00856F55 | |
Source: | Code function: | 0_2_00889C6B | |
Source: | Code function: | 0_2_00889C65 | |
Source: | Code function: | 0_2_00889C7A | |
Source: | Code function: | 0_2_00889C74 |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process created: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 Registry Run Keys / Startup Folder | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Query Registry | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | 1 DLL Side-Loading | 1 Registry Run Keys / Startup Folder | 1 Virtualization/Sandbox Evasion | LSASS Memory | 11 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 11 Process Injection | NTDS | 2 System Information Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Deobfuscate/Decode Files or Information | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Obfuscated Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
fragnantbui.shop | 188.114.97.3 | true | true | unknown | |
gutterydhowi.shop | 104.21.4.136 | true | true | unknown | |
steamcommunity.com | 104.102.49.254 | true | false | unknown | |
offensivedzvju.shop | 188.114.97.3 | true | true | unknown | |
stogeneratmns.shop | 188.114.96.3 | true | true | unknown | |
reinforcenh.shop | 172.67.208.139 | true | true | unknown | |
drawzhotdog.shop | 172.67.162.108 | true | true | unknown | |
ghostreedmnu.shop | 188.114.97.3 | true | true | unknown | |
vozmeatillu.shop | 188.114.96.3 | true | true | unknown | |
ballotnwu.site | 172.67.128.144 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.4.136 | gutterydhowi.shop | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | fragnantbui.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.162.108 | drawzhotdog.shop | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.128.144 | ballotnwu.site | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | stogeneratmns.shop | European Union | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | false | |
172.67.208.139 | reinforcenh.shop | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1519702 |
Start date and time: | 2024-09-26 21:25:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 15s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/1@10/7 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe
Time | Type | Description |
---|---|---|
15:26:16 | API Interceptor | |
20:26:21 | Autostart | |
20:26:29 | Autostart |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.4.136 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
188.114.97.3 | Get hash | malicious | FormBook | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Lokibot | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
172.67.162.108 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC, Stealc, Vidar | Browse | |||
Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
offensivedzvju.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
gutterydhowi.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
fragnantbui.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Bazar Loader, BruteRatel, Latrodectus | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 976635604 |
Entropy (8bit): | 0.06714450256170998 |
Encrypted: | false |
SSDEEP: | |
MD5: | 8BE4BFF57BE5FD22245CC37F593A8403 |
SHA1: | D60EE5C2C022DA0C44BD8DF6C3DD92F0770B1252 |
SHA-256: | 5F9DF9BC97FF925BF63CA3D131F02029A02AA15BE6646545A26B864349EC671A |
SHA-512: | EC75CBB84F8BE0A4892FA90A4386BE61D894FB76ECF99CED18E29962EB641819585A287BD2B5DFF855CCB4427E1E24F5C6186BE2460B12208382147AEAA32B32 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.916936552707879 |
TrID: |
|
File name: | SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
File size: | 4'547'072 bytes |
MD5: | aaf6f0c0f007e9462c8bf58acd555caf |
SHA1: | 0125e82a9f1ec4297c6d3bf8f541882b5531f5f6 |
SHA256: | 927f2074ad7b76b46535cc94eb1fb357e528258dd0e55d828decb5ff5e70d2b9 |
SHA512: | 10dda1dd3d3f314f121402ed68e7647ace982837d2a2806be59e202efe1a4d5b5327a697b78db2a5bb610e3219e5bb7180b60fd5f90efa3c239aa9c7c737034b |
SSDEEP: | 98304:tUimFOVwFe8GZ0BbNiiFEqTMij7I6Z53T1J:q1E6dTX |
TLSH: | AB267DDE72C6243EC067163359264960D83BBB3125B788CFFAA46D0CCE35253A935E5B |
File Content Preview: | MZP.....................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 3279ece68ccc7186 |
Entrypoint: | 0x692944 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x5F44F5B2 [Tue Aug 25 11:27:46 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 3b9a78dc6660323834e59d95d337069d |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 00689774h |
call 00007F9FDC3F4581h |
mov eax, dword ptr [0069CA38h] |
mov eax, dword ptr [eax] |
call 00007F9FDC5BA449h |
mov cl, 01h |
mov edx, 006929B8h |
mov eax, dword ptr [005800D8h] |
call 00007F9FDC579A6Ch |
mov eax, dword ptr [0069CA38h] |
mov eax, dword ptr [eax] |
mov edx, 006929E4h |
call 00007F9FDC5B9DD7h |
mov ecx, dword ptr [0069C6F0h] |
mov eax, dword ptr [0069CA38h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [00645DE8h] |
call 00007F9FDC5BA427h |
mov eax, dword ptr [0069CA38h] |
mov eax, dword ptr [eax] |
call 00007F9FDC5BA57Fh |
call 00007F9FDC3EF55Eh |
add byte ptr [eax-00FFFDFCh], dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2bc000 | 0x5e | .edata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2b7000 | 0x3b14 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x2f7000 | 0x1b6260 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x2bf000 | 0x37b08 | .rdata |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x2be000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2b7adc | 0x924 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x2bb000 | 0x9c8 | .didata |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x290000 | 0x28f800 | 2a15afc612f88bad6fc9959d1810be9a | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x291000 | 0x2000 | 0x1a00 | 504965db41100728bc9070db8befe522 | False | 0.548828125 | data | 6.36148269338948 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x293000 | 0xa000 | 0x9e00 | dc136f9e391b47d45742c91a2dbda720 | False | 0.5509790348101266 | data | 6.09210320597965 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x29d000 | 0x1a000 | 0x1a000 | e2dea636cc20a1561f745ca26dc8a00d | False | 0.45229867788461536 | COM executable for DOS | 6.282720732739078 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x2b7000 | 0x4000 | 0x3c00 | 258fa3952c7b35db824065c72de12a90 | False | 0.30703125 | COM executable for DOS | 5.206596534218449 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.didata | 0x2bb000 | 0x1000 | 0xa00 | 5bf853b0d8341fdcf019a37d6ec39315 | False | 0.3609375 | data | 4.222908981473441 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.edata | 0x2bc000 | 0x1000 | 0x200 | c716644d620d407bb607fc2d4f6b41b1 | False | 0.1640625 | data | 1.103632065510809 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.tls | 0x2bd000 | 0x1000 | 0x1000 | d4256c41ce19c2cb5cf615cbc31e10c9 | False | 0.305419921875 | data | 3.110284690356277 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x2be000 | 0x39000 | 0x200 | 3986a1c707994a5e9b5e883e279780fa | False | 0.05078125 | data | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x2f7000 | 0x1b6260 | 0x1b6400 | 282b2930746de2dc39d35f781bcea3eb | False | 0.41272606335567597 | data | 7.1817091597183715 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
BRANDING | 0x2fa24c | 0xf2d8 | PE32 executable (DLL) (GUI) Intel 80386, for MS Windows | English | Great Britain | 0.5785452322738386 |
INI | 0x309524 | 0x4338 | ISO-8859 text, with CRLF line terminators | English | United States | 0.19217805671780566 |
INI | 0x30d85c | 0x701 | Generic INItialization configuration [Missing Shared DLLs] | English | United States | 0.36698271054099274 |
INI | 0x30df60 | 0x2d2fe | ISO-8859 text, with CRLF line terminators | English | United States | 0.14998433160800925 |
VCLSTYLE | 0x33b260 | 0x12e5b | data | English | United States | 0.9555960363293412 |
RT_CURSOR | 0x34e0bc | 0x134 | data | English | United States | 0.43506493506493504 |
RT_CURSOR | 0x34e1f0 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x34e324 | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x34e458 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x34e58c | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x34e6c0 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x34e7f4 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_CURSOR | 0x34e928 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_BITMAP | 0x34ea5c | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x34ec2c | 0x1e4 | Device independent bitmap graphic, 36 x 19 x 4, image size 380 | English | United States | 0.46487603305785125 |
RT_BITMAP | 0x34ee10 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.43103448275862066 |
RT_BITMAP | 0x34efe0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39870689655172414 |
RT_BITMAP | 0x34f1b0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.4245689655172414 |
RT_BITMAP | 0x34f380 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5021551724137931 |
RT_BITMAP | 0x34f550 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5064655172413793 |
RT_BITMAP | 0x34f720 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x34f8f0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.5344827586206896 |
RT_BITMAP | 0x34fac0 | 0x1d0 | Device independent bitmap graphic, 36 x 18 x 4, image size 360 | English | United States | 0.39655172413793105 |
RT_BITMAP | 0x34fc90 | 0x98 | Device independent bitmap graphic, 9 x 6 x 4, image size 48, 16 important colors | English | United States | 0.5197368421052632 |
RT_BITMAP | 0x34fd28 | 0x98 | Device independent bitmap graphic, 9 x 6 x 4, image size 48, 16 important colors | English | United States | 0.506578947368421 |
RT_ICON | 0x34fdc0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 3779 x 3779 px/m | English | United States | 0.3608156028368794 |
RT_ICON | 0x350228 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 3779 x 3779 px/m | English | United States | 0.2098968105065666 |
RT_ICON | 0x3512d0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 3779 x 3779 px/m | English | United States | 0.15809128630705394 |
RT_ICON | 0x353878 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 3779 x 3779 px/m | English | United States | 0.12688946622579123 |
RT_ICON | 0x357aa0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 3779 x 3779 px/m | English | United States | 0.07723589258251508 |
RT_MENU | 0x3682c8 | 0x5e | data | English | Great Britain | 0.8617021276595744 |
RT_MENU | 0x368328 | 0x13c | data | English | Great Britain | 0.49683544303797467 |
RT_MENU | 0x368464 | 0x8e | data | English | Great Britain | 0.6971830985915493 |
RT_MENU | 0x3684f4 | 0x1aa | data | English | Great Britain | 0.42018779342723006 |
RT_MENU | 0x3686a0 | 0xda | data | English | Great Britain | 0.6238532110091743 |
RT_MENU | 0x36877c | 0x164 | data | English | Great Britain | 0.547752808988764 |
RT_MENU | 0x3688e0 | 0xbe | data | English | Great Britain | 0.6368421052631579 |
RT_MENU | 0x3689a0 | 0xae | data | English | Great Britain | 0.632183908045977 |
RT_MENU | 0x368a50 | 0xb8 | data | English | Great Britain | 0.657608695652174 |
RT_DIALOG | 0x368b08 | 0x530 | data | English | Great Britain | 0.42846385542168675 |
RT_DIALOG | 0x369038 | 0x238 | data | English | Great Britain | 0.4982394366197183 |
RT_DIALOG | 0x369270 | 0xe8 | data | English | Great Britain | 0.6508620689655172 |
RT_DIALOG | 0x369358 | 0x1c8 | data | English | Great Britain | 0.5657894736842105 |
RT_DIALOG | 0x369520 | 0x1e0 | data | English | Great Britain | 0.49166666666666664 |
RT_DIALOG | 0x369700 | 0x1ac | data | English | Great Britain | 0.5607476635514018 |
RT_DIALOG | 0x3698ac | 0x1cc | data | English | Great Britain | 0.5 |
RT_DIALOG | 0x369a78 | 0x1e4 | data | English | Great Britain | 0.5206611570247934 |
RT_DIALOG | 0x369c5c | 0x33c | data | English | Great Britain | 0.358695652173913 |
RT_DIALOG | 0x369f98 | 0x6b6 | data | English | Great Britain | 0.3911525029103609 |
RT_DIALOG | 0x36a650 | 0x1a4 | data | English | Great Britain | 0.5166666666666667 |
RT_DIALOG | 0x36a7f4 | 0x1ce | data | English | Great Britain | 0.48268398268398266 |
RT_DIALOG | 0x36a9c4 | 0x4e4 | data | English | Great Britain | 0.40814696485623003 |
RT_DIALOG | 0x36aea8 | 0x57e | data | English | Great Britain | 0.4139402560455192 |
RT_DIALOG | 0x36b428 | 0x54 | data | English | Great Britain | 0.8095238095238095 |
RT_DIALOG | 0x36b47c | 0xe0 | data | English | Great Britain | 0.6517857142857143 |
RT_DIALOG | 0x36b55c | 0x29a | data | English | Great Britain | 0.47297297297297297 |
RT_DIALOG | 0x36b7f8 | 0xdc | data | English | Great Britain | 0.6363636363636364 |
RT_DIALOG | 0x36b8d4 | 0x70 | data | English | Great Britain | 0.7857142857142857 |
RT_DIALOG | 0x36b944 | 0x1ce | data | English | Great Britain | 0.48484848484848486 |
RT_DIALOG | 0x36bb14 | 0x180 | data | English | Great Britain | 0.5755208333333334 |
RT_DIALOG | 0x36bc94 | 0x230 | data | English | Great Britain | 0.4446428571428571 |
RT_DIALOG | 0x36bec4 | 0xc4 | data | English | Great Britain | 0.7244897959183674 |
RT_DIALOG | 0x36bf88 | 0x14c | data | English | Great Britain | 0.5993975903614458 |
RT_DIALOG | 0x36c0d4 | 0x462 | data | English | Great Britain | 0.43137254901960786 |
RT_DIALOG | 0x36c538 | 0x468 | data | English | Great Britain | 0.43351063829787234 |
RT_DIALOG | 0x36c9a0 | 0x224 | data | English | Great Britain | 0.5091240875912408 |
RT_DIALOG | 0x36cbc4 | 0x286 | data | English | Great Britain | 0.5046439628482973 |
RT_DIALOG | 0x36ce4c | 0x1e8 | data | English | Great Britain | 0.5758196721311475 |
RT_DIALOG | 0x36d034 | 0xc8 | dBase III DBT, next free block index 4294901761 | English | Great Britain | 0.665 |
RT_DIALOG | 0x36d0fc | 0x938 | data | English | Great Britain | 0.3771186440677966 |
RT_DIALOG | 0x36da34 | 0x462 | data | English | Great Britain | 0.446524064171123 |
RT_DIALOG | 0x36de98 | 0x48a | data | English | Great Britain | 0.3717728055077453 |
RT_DIALOG | 0x36e324 | 0x34 | data | English | Great Britain | 0.9038461538461539 |
RT_DIALOG | 0x36e358 | 0x336 | data | English | Great Britain | 0.38929440389294406 |
RT_DIALOG | 0x36e690 | 0x462 | data | English | Great Britain | 0.44563279857397503 |
RT_DIALOG | 0x36eaf4 | 0xd6 | dBase III DBT, next free block index 4294901761 | English | Great Britain | 0.7009345794392523 |
RT_DIALOG | 0x36ebcc | 0x37c | data | English | Great Britain | 0.4461883408071749 |
RT_DIALOG | 0x36ef48 | 0xd4 | data | English | Great Britain | 0.6037735849056604 |
RT_DIALOG | 0x36f01c | 0x2c8 | data | English | Great Britain | 0.44662921348314605 |
RT_DIALOG | 0x36f2e4 | 0x1a2 | data | English | Great Britain | 0.5239234449760766 |
RT_DIALOG | 0x36f488 | 0x186 | data | English | Great Britain | 0.5948717948717949 |
RT_DIALOG | 0x36f610 | 0x3b4 | data | English | Great Britain | 0.4588607594936709 |
RT_DIALOG | 0x36f9c4 | 0x38a | data | English | Great Britain | 0.45916114790286977 |
RT_DIALOG | 0x36fd50 | 0x3c8 | data | English | Great Britain | 0.3894628099173554 |
RT_DIALOG | 0x370118 | 0x428 | data | English | Great Britain | 0.36654135338345867 |
RT_DIALOG | 0x370540 | 0x92 | data | English | Great Britain | 0.6027397260273972 |
RT_DIALOG | 0x3705d4 | 0x39c | data | English | Great Britain | 0.4090909090909091 |
RT_DIALOG | 0x370970 | 0x248 | data | English | Great Britain | 0.488013698630137 |
RT_DIALOG | 0x370bb8 | 0x51c | data | English | Great Britain | 0.4258409785932722 |
RT_DIALOG | 0x3710d4 | 0x558 | data | English | Great Britain | 0.4159356725146199 |
RT_DIALOG | 0x37162c | 0x4fe | data | English | Great Britain | 0.4460093896713615 |
RT_DIALOG | 0x371b2c | 0x544 | data | English | Great Britain | 0.41839762611275966 |
RT_DIALOG | 0x372070 | 0x454 | data | English | Great Britain | 0.4575812274368231 |
RT_DIALOG | 0x3724c4 | 0x144 | data | English | Great Britain | 0.6172839506172839 |
RT_DIALOG | 0x372608 | 0x514 | data | English | Great Britain | 0.4276923076923077 |
RT_DIALOG | 0x372b1c | 0x248 | data | English | Great Britain | 0.4674657534246575 |
RT_DIALOG | 0x372d64 | 0x1dc | data | English | Great Britain | 0.5189075630252101 |
RT_DIALOG | 0x372f40 | 0xfc | data | English | Great Britain | 0.6746031746031746 |
RT_DIALOG | 0x37303c | 0x40 | data | English | Great Britain | 0.875 |
RT_DIALOG | 0x37307c | 0x334 | data | English | Great Britain | 0.44390243902439025 |
RT_STRING | 0x3733b0 | 0x66 | Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0 | English | Great Britain | 0.5882352941176471 |
RT_STRING | 0x373418 | 0x3a0 | data | English | Great Britain | 0.3426724137931034 |
RT_STRING | 0x3737b8 | 0x14e | data | English | Great Britain | 0.45209580838323354 |
RT_STRING | 0x373908 | 0x112 | data | English | Great Britain | 0.5656934306569343 |
RT_STRING | 0x373a1c | 0x10e | data | English | Great Britain | 0.5962962962962963 |
RT_STRING | 0x373b2c | 0xbc | data | English | Great Britain | 0.6223404255319149 |
RT_STRING | 0x373be8 | 0x10e | data | English | Great Britain | 0.5296296296296297 |
RT_STRING | 0x373cf8 | 0x64 | Matlab v4 mat-file (little endian) W, numeric, rows 0, columns 0 | English | Great Britain | 0.76 |
RT_STRING | 0x373d5c | 0x8c | data | English | Great Britain | 0.5214285714285715 |
RT_STRING | 0x373de8 | 0x90 | data | English | Great Britain | 0.7013888888888888 |
RT_STRING | 0x373e78 | 0x3e6 | data | English | Great Britain | 0.3897795591182365 |
RT_STRING | 0x374260 | 0x200 | data | English | Great Britain | 0.455078125 |
RT_STRING | 0x374460 | 0xe4 | data | English | Great Britain | 0.631578947368421 |
RT_STRING | 0x374544 | 0x40 | data | English | Great Britain | 0.65625 |
RT_STRING | 0x374584 | 0xe2 | data | English | Great Britain | 0.4911504424778761 |
RT_STRING | 0x374668 | 0x30a | data | English | Great Britain | 0.32005141388174807 |
RT_STRING | 0x374974 | 0x4e | Matlab v4 mat-file (little endian) %, numeric, rows 0, columns 0 | English | Great Britain | 0.5641025641025641 |
RT_STRING | 0x3749c4 | 0x54 | data | English | Great Britain | 0.75 |
RT_STRING | 0x374a18 | 0x2ce | data | English | Great Britain | 0.38997214484679665 |
RT_STRING | 0x374ce8 | 0x1ce | data | English | Great Britain | 0.49783549783549785 |
RT_STRING | 0x374eb8 | 0x2dc | data | English | Great Britain | 0.43579234972677594 |
RT_STRING | 0x375194 | 0x48a | data | English | Great Britain | 0.33304647160068845 |
RT_STRING | 0x375620 | 0x466 | data | English | Great Britain | 0.35790408525754885 |
RT_STRING | 0x375a88 | 0x45e | data | English | Great Britain | 0.35778175313059035 |
RT_STRING | 0x375ee8 | 0xe8 | data | English | Great Britain | 0.5775862068965517 |
RT_STRING | 0x375fd0 | 0x36e | data | English | Great Britain | 0.36446469248291574 |
RT_STRING | 0x376340 | 0x244 | data | English | Great Britain | 0.41551724137931034 |
RT_STRING | 0x376584 | 0x30 | data | English | Great Britain | 0.6666666666666666 |
RT_STRING | 0x3765b4 | 0x84 | data | English | Great Britain | 0.6060606060606061 |
RT_STRING | 0x376638 | 0x160 | data | English | Great Britain | 0.5340909090909091 |
RT_STRING | 0x376798 | 0x1d4 | data | English | Great Britain | 0.5042735042735043 |
RT_STRING | 0x37696c | 0xb0 | data | English | Great Britain | 0.6704545454545454 |
RT_STRING | 0x376a1c | 0x120 | data | English | Great Britain | 0.5798611111111112 |
RT_STRING | 0x376b3c | 0x8e | data | English | Great Britain | 0.5915492957746479 |
RT_STRING | 0x376bcc | 0x240 | Matlab v4 mat-file (little endian) C, numeric, rows 0, columns 0 | English | Great Britain | 0.4409722222222222 |
RT_STRING | 0x376e0c | 0x3e2 | data | English | Great Britain | 0.3983903420523139 |
RT_STRING | 0x3771f0 | 0x390 | data | English | Great Britain | 0.4144736842105263 |
RT_STRING | 0x377580 | 0x17e | data | English | Great Britain | 0.5523560209424084 |
RT_STRING | 0x377700 | 0x220 | data | English | Great Britain | 0.43566176470588236 |
RT_STRING | 0x377920 | 0x134 | data | English | Great Britain | 0.5162337662337663 |
RT_STRING | 0x377a54 | 0x3ba | data | English | Great Britain | 0.4025157232704403 |
RT_STRING | 0x377e10 | 0x37e | data | English | Great Britain | 0.3680089485458613 |
RT_STRING | 0x378190 | 0x1ca | data | English | Great Britain | 0.425764192139738 |
RT_STRING | 0x37835c | 0x24c | data | English | Great Britain | 0.4744897959183674 |
RT_STRING | 0x3785a8 | 0x7e | data | English | Great Britain | 0.6111111111111112 |
RT_STRING | 0x378628 | 0x128 | data | English | Great Britain | 0.46621621621621623 |
RT_STRING | 0x378750 | 0x162 | Matlab v4 mat-file (little endian) M, numeric, rows 0, columns 0 | English | Great Britain | 0.4943502824858757 |
RT_STRING | 0x3788b4 | 0x3e8 | data | English | Great Britain | 0.288 |
RT_STRING | 0x378c9c | 0x322 | AmigaOS bitmap font "r", fc_YSize 29696, 16896 elements, 2nd "r", 3rd "" | English | Great Britain | 0.3640897755610973 |
RT_STRING | 0x378fc0 | 0xa8 | data | English | Great Britain | 0.4880952380952381 |
RT_STRING | 0x379068 | 0x1c8 | data | English | Great Britain | 0.5263157894736842 |
RT_STRING | 0x379230 | 0xfc | data | English | Great Britain | 0.623015873015873 |
RT_STRING | 0x37932c | 0x2b2 | data | English | Great Britain | 0.463768115942029 |
RT_STRING | 0x3795e0 | 0x7c | data | English | Great Britain | 0.717741935483871 |
RT_STRING | 0x37965c | 0x5e | data | English | Great Britain | 0.6808510638297872 |
RT_STRING | 0x3796bc | 0x82 | data | English | Great Britain | 0.7 |
RT_STRING | 0x379740 | 0x84 | data | English | Great Britain | 0.7424242424242424 |
RT_STRING | 0x3797c4 | 0x2c2 | data | English | Great Britain | 0.41076487252124644 |
RT_STRING | 0x379a88 | 0x178 | Matlab v4 mat-file (little endian) K, numeric, rows 0, columns 0 | English | Great Britain | 0.5132978723404256 |
RT_STRING | 0x379c00 | 0x2c8 | data | English | Great Britain | 0.4705056179775281 |
RT_STRING | 0x379ec8 | 0xe2 | AmigaOS bitmap font "s", 16640 elements, 2nd, 3rd | English | Great Britain | 0.5265486725663717 |
RT_STRING | 0x379fac | 0x138 | Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0 | English | Great Britain | 0.5 |
RT_STRING | 0x37a0e4 | 0x46 | data | English | Great Britain | 0.6857142857142857 |
RT_STRING | 0x37a12c | 0xfc | data | English | Great Britain | 0.5634920634920635 |
RT_STRING | 0x37a228 | 0x416 | data | English | Great Britain | 0.4435946462715105 |
RT_STRING | 0x37a640 | 0x26 | data | English | Great Britain | 0.42105263157894735 |
RT_STRING | 0x37a668 | 0x192 | data | English | Great Britain | 0.5149253731343284 |
RT_STRING | 0x37a7fc | 0x126 | data | English | Great Britain | 0.6020408163265306 |
RT_STRING | 0x37a924 | 0x31e | data | English | Great Britain | 0.41729323308270677 |
RT_STRING | 0x37ac44 | 0x9a | Matlab v4 mat-file (little endian) I, numeric, rows 0, columns 0 | English | Great Britain | 0.6558441558441559 |
RT_STRING | 0x37ace0 | 0x5c | data | English | Great Britain | 0.7065217391304348 |
RT_STRING | 0x37ad3c | 0xae | data | English | Great Britain | 0.6551724137931034 |
RT_STRING | 0x37adec | 0x6c | data | English | Great Britain | 0.6944444444444444 |
RT_STRING | 0x37ae58 | 0x11c | data | English | Great Britain | 0.6126760563380281 |
RT_STRING | 0x37af74 | 0x238 | Targa image data 110 x 116 x 32 +99 +101 | English | Great Britain | 0.5017605633802817 |
RT_STRING | 0x37b1ac | 0x16a | data | English | Great Britain | 0.5497237569060773 |
RT_STRING | 0x37b318 | 0x19c | data | English | Great Britain | 0.5 |
RT_STRING | 0x37b4b4 | 0x5c | data | English | Great Britain | 0.6413043478260869 |
RT_STRING | 0x37b510 | 0x6a0 | data | English | Great Britain | 0.35200471698113206 |
RT_STRING | 0x37bbb0 | 0x5c | data | English | Great Britain | 0.7065217391304348 |
RT_STRING | 0x37bc0c | 0x1e8 | data | English | Great Britain | 0.514344262295082 |
RT_STRING | 0x37bdf4 | 0x58 | data | English | Great Britain | 0.6931818181818182 |
RT_STRING | 0x37be4c | 0x1e0 | data | English | Great Britain | 0.4666666666666667 |
RT_STRING | 0x37c02c | 0x22a | data | English | Great Britain | 0.37906137184115524 |
RT_STRING | 0x37c258 | 0x672 | Matlab v4 mat-file (little endian) T, numeric, rows 0, columns 0 | English | Great Britain | 0.18424242424242424 |
RT_STRING | 0x37c8cc | 0xdb8 | data | English | Great Britain | 0.10763097949886105 |
RT_STRING | 0x37d684 | 0x108 | data | English | Great Britain | 0.375 |
RT_STRING | 0x37d78c | 0x14a | data | English | Great Britain | 0.5878787878787879 |
RT_STRING | 0x37d8d8 | 0x276 | data | English | Great Britain | 0.4365079365079365 |
RT_STRING | 0x37db50 | 0x186 | data | English | Great Britain | 0.517948717948718 |
RT_STRING | 0x37dcd8 | 0x3c6 | data | English | Great Britain | 0.40372670807453415 |
RT_STRING | 0x37e0a0 | 0x4e | data | English | Great Britain | 0.6538461538461539 |
RT_STRING | 0x37e0f0 | 0x244 | data | 0.4810344827586207 | ||
RT_STRING | 0x37e334 | 0x3f4 | data | 0.3922924901185771 | ||
RT_STRING | 0x37e728 | 0x71c | data | 0.3423076923076923 | ||
RT_STRING | 0x37ee44 | 0xbf0 | data | 0.23036649214659685 | ||
RT_STRING | 0x37fa34 | 0x420 | data | 0.3475378787878788 | ||
RT_STRING | 0x37fe54 | 0x33c | data | 0.38768115942028986 | ||
RT_STRING | 0x380190 | 0x430 | data | 0.4048507462686567 | ||
RT_STRING | 0x3805c0 | 0xd4 | data | 0.6698113207547169 | ||
RT_STRING | 0x380694 | 0xcc | data | 0.6715686274509803 | ||
RT_STRING | 0x380760 | 0x128 | data | 0.6013513513513513 | ||
RT_STRING | 0x380888 | 0x350 | data | 0.42806603773584906 | ||
RT_STRING | 0x380bd8 | 0x40c | data | 0.36196911196911197 | ||
RT_STRING | 0x380fe4 | 0x3c0 | data | 0.3885416666666667 | ||
RT_STRING | 0x3813a4 | 0x340 | data | 0.33052884615384615 | ||
RT_STRING | 0x3816e4 | 0x444 | data | 0.4157509157509158 | ||
RT_STRING | 0x381b28 | 0x680 | data | 0.34194711538461536 | ||
RT_STRING | 0x3821a8 | 0x498 | data | 0.32908163265306123 | ||
RT_STRING | 0x382640 | 0x318 | data | 0.41414141414141414 | ||
RT_STRING | 0x382958 | 0x340 | data | 0.35697115384615385 | ||
RT_STRING | 0x382c98 | 0x3e0 | data | 0.39314516129032256 | ||
RT_STRING | 0x383078 | 0x19c | data | 0.441747572815534 | ||
RT_STRING | 0x383214 | 0xcc | data | 0.6274509803921569 | ||
RT_STRING | 0x3832e0 | 0x198 | data | 0.5612745098039216 | ||
RT_STRING | 0x383478 | 0x3c8 | data | 0.37913223140495866 | ||
RT_STRING | 0x383840 | 0x408 | data | 0.3313953488372093 | ||
RT_STRING | 0x383c48 | 0x318 | data | 0.3787878787878788 | ||
RT_STRING | 0x383f60 | 0x31c | data | 0.34296482412060303 | ||
RT_ACCELERATOR | 0x38427c | 0x70 | data | English | Great Britain | 0.6785714285714286 |
RT_RCDATA | 0x3842ec | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x3842fc | 0x748 | data | 0.5198497854077253 | ||
RT_RCDATA | 0x384a44 | 0x2 | data | English | United States | 5.0 |
RT_RCDATA | 0x384a48 | 0x415c8 | TrueType Font data, 19 tables, 1st "GPOS", 16 names, Macintosh, \(g\)\252 fonts 1999\251ElektraMediumTransType 3 MAC;Elektra;001.000;18/07/06 23:22:47ElektraVer | English | United States | 0.10237935156133274 |
RT_RCDATA | 0x3c6010 | 0x5f80 | TrueType Font data, 15 tables, 1st "OS/2", 21 names, Unicode | English | United States | 0.3445271596858639 |
RT_RCDATA | 0x3cbf90 | 0x48f6 | Delphi compiled form 'TQt5QWindowOwnDCIcon' | 0.6848699004176036 | ||
RT_GROUP_CURSOR | 0x3d0888 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x3d089c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3d08b0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x3d08c4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3d08d8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3d08ec | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3d0900 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x3d0914 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x3d0928 | 0x4c | data | English | United States | 0.75 |
RT_VERSION | 0x3d0974 | 0x2e8 | data | English | United States | 0.40053763440860213 |
RT_DLGINCLUDE | 0x3d0c5c | 0x59236 | PC bitmap, Windows 3.x format, 46076 x 2 x 37, image size 365936, cbSize 365110, bits offset 54 | 0.7019939196406563 | ||
RT_ANIICON | 0x429e94 | 0xb925 | PC bitmap, Windows 3.x format, 6090 x 2 x 47, image size 47566, cbSize 47397, bits offset 54 | 0.4692491085933709 | ||
RT_ANIICON | 0x4357bc | 0x9c23 | PC bitmap, Windows 3.x format, 5713 x 2 x 46, image size 40204, cbSize 39971, bits offset 54 | 0.3640639463611118 | ||
RT_ANIICON | 0x43f3e0 | 0xacc8 | PC bitmap, Windows 3.x format, 6090 x 2 x 46, image size 44832, cbSize 44232, bits offset 54 | 0.3851510218846084 | ||
RT_ANIICON | 0x44a0a8 | 0x348e1 | PC bitmap, Windows 3.x format, 27559 x 2 x 54, image size 215900, cbSize 215265, bits offset 54 | 0.47608761294218754 | ||
RT_ANIICON | 0x47e98c | 0x2e8d3 | PC bitmap, Windows 3.x format, 24824 x 2 x 52, image size 191526, cbSize 190675, bits offset 54 | 0.48223416808705916 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | MessageBoxA, CharNextW, LoadStringW |
kernel32.dll | Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, SetCurrentDirectoryW, GetCurrentDirectoryW, WriteFile, GetStdHandle, CloseHandle |
kernel32.dll | GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary |
user32.dll | SetClassLongW, GetClassLongW, SetWindowLongW, GetWindowLongW, CreateWindowExW, mouse_event, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, OffsetRect, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetAsyncKeyState, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | WidenPath, UnrealizeObject, TextOutW, StrokePath, StrokeAndFillPath, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetROP2, SetPixel, SetGraphicsMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetArcDirection, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, PtVisible, PolylineTo, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PathToRegion, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetViewportOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextColor, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetCurrentObject, GetClipRgn, GetClipBox, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, FrameRgn, FillPath, ExtTextOutW, ExtSelectClipRgn, ExtFloodFill, ExtCreateRegion, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPath, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, CloseFigure, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc, AbortDoc |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
kernel32.dll | WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, RaiseException, IsDebuggerPresent, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTickCount, GetThreadPriority, GetThreadLocale, GetSystemInfo, GetSystemTimes, GetStdHandle, GetProcAddress, GetPrivateProfileStringW, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, InterlockedExchange, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CompareStringW, CloseHandle, Beep |
advapi32.dll | RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
oleaut32.dll | GetErrorInfo, SysFreeString |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
user32.dll | EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow |
msvcrt.dll | memset, memcpy |
shell32.dll | Shell_NotifyIconW |
winspool.drv | OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter |
winspool.drv | GetDefaultPrinterW |
winmm.dll | timeGetTime |
Name | Ordinal | Address |
---|---|---|
TMethodImplementationIntercept | 1 | 0x461524 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | Great Britain | |
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-26T21:26:16.070452+0200 | 2056162 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ghostreedmnu .shop) | 1 | 192.168.2.4 | 54940 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:16.584078+0200 | 2056163 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) | 1 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:17.076987+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:17.076987+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:17.088211+0200 | 2056164 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gutterydhowi .shop) | 1 | 192.168.2.4 | 53409 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:17.624090+0200 | 2056165 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (gutterydhowi .shop in TLS SNI) | 1 | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
2024-09-26T21:26:18.061879+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
2024-09-26T21:26:18.061879+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | TCP |
2024-09-26T21:26:18.561343+0200 | 2056163 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ghostreedmnu .shop in TLS SNI) | 1 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.985344+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.985344+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:18.999445+0200 | 2056160 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (offensivedzvju .shop) | 1 | 192.168.2.4 | 61718 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:19.520948+0200 | 2056161 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (offensivedzvju .shop in TLS SNI) | 1 | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:19.968358+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:19.968358+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:20.003264+0200 | 2056158 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vozmeatillu .shop) | 1 | 192.168.2.4 | 54999 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:20.494914+0200 | 2056159 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vozmeatillu .shop in TLS SNI) | 1 | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:20.986518+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:20.986518+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:21.498032+0200 | 2056156 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawzhotdog .shop) | 1 | 192.168.2.4 | 60290 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:21.992400+0200 | 2056157 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawzhotdog .shop in TLS SNI) | 1 | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
2024-09-26T21:26:22.456694+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
2024-09-26T21:26:22.456694+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | TCP |
2024-09-26T21:26:22.460224+0200 | 2056154 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (fragnantbui .shop) | 1 | 192.168.2.4 | 53798 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:22.980219+0200 | 2056155 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (fragnantbui .shop in TLS SNI) | 1 | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:23.482099+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:23.482099+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | TCP |
2024-09-26T21:26:23.625768+0200 | 2056152 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (stogeneratmns .shop) | 1 | 192.168.2.4 | 52289 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:24.184473+0200 | 2056153 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (stogeneratmns .shop in TLS SNI) | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:24.736633+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:24.736633+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-09-26T21:26:24.738372+0200 | 2056150 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (reinforcenh .shop) | 1 | 192.168.2.4 | 52359 | 1.1.1.1 | 53 | UDP |
2024-09-26T21:26:25.242032+0200 | 2056151 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (reinforcenh .shop in TLS SNI) | 1 | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
2024-09-26T21:26:25.664023+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
2024-09-26T21:26:25.664023+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | TCP |
2024-09-26T21:26:28.033341+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49746 | 172.67.128.144 | 443 | TCP |
2024-09-26T21:26:28.033341+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49746 | 172.67.128.144 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 21:26:16.108561039 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.108609915 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:16.108690977 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.113039970 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.113059998 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:16.584002972 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:16.584078074 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.587587118 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.587605000 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:16.588032961 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:16.642267942 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.642337084 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:16.642487049 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:17.077060938 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:17.077286005 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:17.077380896 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:17.079391956 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:17.079426050 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:17.107861042 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.107901096 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:17.107994080 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.108330011 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.108340979 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:17.623980045 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:17.624089956 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.630017996 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.630033970 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:17.630435944 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:17.637546062 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.637727022 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:17.637793064 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:18.061585903 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:18.061791897 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:18.061897993 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:18.062787056 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:18.062787056 CEST | 49736 | 443 | 192.168.2.4 | 104.21.4.136 |
Sep 26, 2024 21:26:18.062803030 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:18.062809944 CEST | 443 | 49736 | 104.21.4.136 | 192.168.2.4 |
Sep 26, 2024 21:26:18.083444118 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.083467960 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.083585024 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.092777014 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.092787027 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.561261892 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.561342955 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.562421083 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.562444925 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.562812090 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.569822073 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.569840908 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.569997072 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.985371113 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.985518932 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.985586882 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.985790014 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.985809088 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:18.985817909 CEST | 49738 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:18.985824108 CEST | 443 | 49738 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.027756929 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.027841091 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.027935028 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.028254986 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.028275967 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.520780087 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.520947933 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.538970947 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.539071083 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.539505959 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.550236940 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.550292015 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.550369978 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.968388081 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.968512058 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:19.968600988 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.968741894 CEST | 49739 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:19.968782902 CEST | 443 | 49739 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.025494099 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.025531054 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.025599957 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.025963068 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.025979042 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.494852066 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.494914055 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.496798992 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.496810913 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.497142076 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.498338938 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.498370886 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:20.498419046 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.986597061 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.986772060 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:20.986818075 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:21.323574066 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:21.323604107 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:21.323621988 CEST | 49740 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:21.323630095 CEST | 443 | 49740 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:21.514677048 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.514786005 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:21.514889002 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.515316963 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.515357018 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:21.992304087 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:21.992399931 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.994525909 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.994544983 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:21.994885921 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:21.996669054 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.996714115 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:21.996761084 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:22.456778049 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:22.457015991 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:22.457099915 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:22.457307100 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:22.457364082 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:22.457396030 CEST | 49741 | 443 | 192.168.2.4 | 172.67.162.108 |
Sep 26, 2024 21:26:22.457412004 CEST | 443 | 49741 | 172.67.162.108 | 192.168.2.4 |
Sep 26, 2024 21:26:22.475730896 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.475816965 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:22.475908995 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.476278067 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.476314068 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:22.980078936 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:22.980218887 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.989341974 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.989370108 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:22.989790916 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:22.992459059 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.992496967 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:22.992558956 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.482184887 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.482472897 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.482647896 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:23.482803106 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:23.482846975 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.482877970 CEST | 49742 | 443 | 192.168.2.4 | 188.114.97.3 |
Sep 26, 2024 21:26:23.482894897 CEST | 443 | 49742 | 188.114.97.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.672992945 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:23.673039913 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:23.673124075 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:23.673470974 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:23.673484087 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.184247971 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.184473038 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.328013897 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.328030109 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.329027891 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.335340977 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.335397005 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.335519075 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.736649036 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.736766100 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.736807108 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.736903906 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.736921072 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.736931086 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Sep 26, 2024 21:26:24.736936092 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Sep 26, 2024 21:26:24.755954027 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:24.756089926 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:24.756170034 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:24.756663084 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:24.756704092 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.241941929 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.242032051 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.243489981 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.243541956 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.243952036 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.245131969 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.245176077 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.245239973 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.664123058 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.664361954 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.664433956 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.666843891 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.666914940 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.666965961 CEST | 49744 | 443 | 192.168.2.4 | 172.67.208.139 |
Sep 26, 2024 21:26:25.667002916 CEST | 443 | 49744 | 172.67.208.139 | 192.168.2.4 |
Sep 26, 2024 21:26:25.757353067 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:25.757392883 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:25.757456064 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:25.757725000 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:25.757740021 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.397069931 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.397182941 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:26.401381016 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:26.401412010 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.401768923 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.402882099 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:26.447402000 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.950088978 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.950120926 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.950145960 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:26.950182915 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:26.950197935 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:26.950246096 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.051290989 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.051318884 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.051352978 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.051408052 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.051430941 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.051459074 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057090998 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.057166100 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057185888 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.057223082 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057260990 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.057281017 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057307959 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.057320118 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057320118 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Sep 26, 2024 21:26:27.057327986 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.057333946 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Sep 26, 2024 21:26:27.072716951 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.072829962 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:27.075135946 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.075900078 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.075936079 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:27.581589937 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:27.581682920 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.583129883 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.583168983 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:27.583530903 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:27.584635973 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.584681034 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:27.584733963 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:28.033375025 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:28.033488035 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:28.033555984 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:28.033736944 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:28.033782005 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Sep 26, 2024 21:26:28.033808947 CEST | 49746 | 443 | 192.168.2.4 | 172.67.128.144 |
Sep 26, 2024 21:26:28.033824921 CEST | 443 | 49746 | 172.67.128.144 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 26, 2024 21:26:16.070451975 CEST | 54940 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:16.095346928 CEST | 53 | 54940 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:17.088211060 CEST | 53409 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:17.106355906 CEST | 53 | 53409 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:18.999444962 CEST | 61718 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:19.026995897 CEST | 53 | 61718 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:20.003263950 CEST | 54999 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:20.024143934 CEST | 53 | 54999 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:21.498032093 CEST | 60290 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:21.513864040 CEST | 53 | 60290 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:22.460223913 CEST | 53798 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:22.474739075 CEST | 53 | 53798 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:23.625767946 CEST | 52289 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:23.641207933 CEST | 53 | 52289 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:24.738372087 CEST | 52359 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:24.755327940 CEST | 53 | 52359 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:25.749514103 CEST | 50878 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:25.756768942 CEST | 53 | 50878 | 1.1.1.1 | 192.168.2.4 |
Sep 26, 2024 21:26:27.058583021 CEST | 49665 | 53 | 192.168.2.4 | 1.1.1.1 |
Sep 26, 2024 21:26:27.070909977 CEST | 53 | 49665 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 26, 2024 21:26:16.070451975 CEST | 192.168.2.4 | 1.1.1.1 | 0x96a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:17.088211060 CEST | 192.168.2.4 | 1.1.1.1 | 0x6542 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:18.999444962 CEST | 192.168.2.4 | 1.1.1.1 | 0x1f2d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:20.003263950 CEST | 192.168.2.4 | 1.1.1.1 | 0x14c2 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:21.498032093 CEST | 192.168.2.4 | 1.1.1.1 | 0xa3c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:22.460223913 CEST | 192.168.2.4 | 1.1.1.1 | 0x85a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:23.625767946 CEST | 192.168.2.4 | 1.1.1.1 | 0xc511 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:24.738372087 CEST | 192.168.2.4 | 1.1.1.1 | 0x5fa5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:25.749514103 CEST | 192.168.2.4 | 1.1.1.1 | 0x856a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 26, 2024 21:26:27.058583021 CEST | 192.168.2.4 | 1.1.1.1 | 0xcef9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 26, 2024 21:26:16.095346928 CEST | 1.1.1.1 | 192.168.2.4 | 0x96a6 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:16.095346928 CEST | 1.1.1.1 | 192.168.2.4 | 0x96a6 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:17.106355906 CEST | 1.1.1.1 | 192.168.2.4 | 0x6542 | No error (0) | 104.21.4.136 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:17.106355906 CEST | 1.1.1.1 | 192.168.2.4 | 0x6542 | No error (0) | 172.67.132.32 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:19.026995897 CEST | 1.1.1.1 | 192.168.2.4 | 0x1f2d | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:19.026995897 CEST | 1.1.1.1 | 192.168.2.4 | 0x1f2d | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:20.024143934 CEST | 1.1.1.1 | 192.168.2.4 | 0x14c2 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:20.024143934 CEST | 1.1.1.1 | 192.168.2.4 | 0x14c2 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:21.513864040 CEST | 1.1.1.1 | 192.168.2.4 | 0xa3c7 | No error (0) | 172.67.162.108 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:21.513864040 CEST | 1.1.1.1 | 192.168.2.4 | 0xa3c7 | No error (0) | 104.21.58.182 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:22.474739075 CEST | 1.1.1.1 | 192.168.2.4 | 0x85a8 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:22.474739075 CEST | 1.1.1.1 | 192.168.2.4 | 0x85a8 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:23.641207933 CEST | 1.1.1.1 | 192.168.2.4 | 0xc511 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:23.641207933 CEST | 1.1.1.1 | 192.168.2.4 | 0xc511 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:24.755327940 CEST | 1.1.1.1 | 192.168.2.4 | 0x5fa5 | No error (0) | 172.67.208.139 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:24.755327940 CEST | 1.1.1.1 | 192.168.2.4 | 0x5fa5 | No error (0) | 104.21.77.130 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:25.756768942 CEST | 1.1.1.1 | 192.168.2.4 | 0x856a | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:27.070909977 CEST | 1.1.1.1 | 192.168.2.4 | 0xcef9 | No error (0) | 172.67.128.144 | A (IP address) | IN (0x0001) | false | ||
Sep 26, 2024 21:26:27.070909977 CEST | 1.1.1.1 | 192.168.2.4 | 0xcef9 | No error (0) | 104.21.2.13 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:16 UTC | 264 | OUT | |
2024-09-26 19:26:16 UTC | 8 | OUT | |
2024-09-26 19:26:17 UTC | 772 | IN | |
2024-09-26 19:26:17 UTC | 15 | IN | |
2024-09-26 19:26:17 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 104.21.4.136 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:17 UTC | 264 | OUT | |
2024-09-26 19:26:17 UTC | 8 | OUT | |
2024-09-26 19:26:18 UTC | 774 | IN | |
2024-09-26 19:26:18 UTC | 15 | IN | |
2024-09-26 19:26:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49738 | 188.114.97.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:18 UTC | 264 | OUT | |
2024-09-26 19:26:18 UTC | 8 | OUT | |
2024-09-26 19:26:18 UTC | 774 | IN | |
2024-09-26 19:26:18 UTC | 15 | IN | |
2024-09-26 19:26:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49739 | 188.114.97.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:19 UTC | 266 | OUT | |
2024-09-26 19:26:19 UTC | 8 | OUT | |
2024-09-26 19:26:19 UTC | 768 | IN | |
2024-09-26 19:26:19 UTC | 15 | IN | |
2024-09-26 19:26:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49740 | 188.114.96.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:20 UTC | 263 | OUT | |
2024-09-26 19:26:20 UTC | 8 | OUT | |
2024-09-26 19:26:20 UTC | 782 | IN | |
2024-09-26 19:26:20 UTC | 15 | IN | |
2024-09-26 19:26:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49741 | 172.67.162.108 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:21 UTC | 263 | OUT | |
2024-09-26 19:26:21 UTC | 8 | OUT | |
2024-09-26 19:26:22 UTC | 772 | IN | |
2024-09-26 19:26:22 UTC | 15 | IN | |
2024-09-26 19:26:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49742 | 188.114.97.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:22 UTC | 263 | OUT | |
2024-09-26 19:26:22 UTC | 8 | OUT | |
2024-09-26 19:26:23 UTC | 766 | IN | |
2024-09-26 19:26:23 UTC | 15 | IN | |
2024-09-26 19:26:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:24 UTC | 265 | OUT | |
2024-09-26 19:26:24 UTC | 8 | OUT | |
2024-09-26 19:26:24 UTC | 780 | IN | |
2024-09-26 19:26:24 UTC | 15 | IN | |
2024-09-26 19:26:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49744 | 172.67.208.139 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:25 UTC | 263 | OUT | |
2024-09-26 19:26:25 UTC | 8 | OUT | |
2024-09-26 19:26:25 UTC | 766 | IN | |
2024-09-26 19:26:25 UTC | 15 | IN | |
2024-09-26 19:26:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49745 | 104.102.49.254 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:26 UTC | 219 | OUT | |
2024-09-26 19:26:26 UTC | 1870 | IN | |
2024-09-26 19:26:26 UTC | 14514 | IN | |
2024-09-26 19:26:27 UTC | 16384 | IN | |
2024-09-26 19:26:27 UTC | 3765 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49746 | 172.67.128.144 | 443 | 7016 | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-26 19:26:27 UTC | 261 | OUT | |
2024-09-26 19:26:27 UTC | 8 | OUT | |
2024-09-26 19:26:28 UTC | 770 | IN | |
2024-09-26 19:26:28 UTC | 15 | IN | |
2024-09-26 19:26:28 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 15:25:57 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4'547'072 bytes |
MD5 hash: | AAF6F0C0F007E9462C8BF58ACD555CAF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 15:26:14 |
Start date: | 26/09/2024 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win32.Crypt.24800.18482.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 4'547'072 bytes |
MD5 hash: | AAF6F0C0F007E9462C8BF58ACD555CAF |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Execution Graph
Execution Coverage: | 1.6% |
Dynamic/Decrypted Code Coverage: | 65.9% |
Signature Coverage: | 75.6% |
Total number of Nodes: | 135 |
Total number of Limit Nodes: | 11 |
Graph
Function 0087920C Relevance: 84.9, APIs: 1, Strings: 47, Instructions: 857injectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082F6C3 Relevance: 77.7, APIs: 2, Strings: 42, Instructions: 701libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082F90E Relevance: 54.9, APIs: 2, Strings: 29, Instructions: 683libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082F9E3 Relevance: 53.3, APIs: 2, Strings: 28, Instructions: 778libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FAC8 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 699libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FDF5 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 683libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FB99 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 681libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FB42 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 681libraryCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FB74 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 681libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FE76 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 655libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082F7E4 Relevance: 53.2, APIs: 2, Strings: 28, Instructions: 652libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FF1D Relevance: 53.1, APIs: 2, Strings: 28, Instructions: 645libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FA69 Relevance: 53.1, APIs: 2, Strings: 28, Instructions: 641libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FA94 Relevance: 53.1, APIs: 2, Strings: 28, Instructions: 626libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082FAA5 Relevance: 53.1, APIs: 2, Strings: 28, Instructions: 623libraryCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00879B09 Relevance: 31.9, Strings: 25, Instructions: 675COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008799E4 Relevance: 31.8, Strings: 25, Instructions: 565COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00859AF2 Relevance: 31.7, Strings: 25, Instructions: 497COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BAB04 Relevance: 30.2, APIs: 1, Strings: 16, Instructions: 462memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087C4CF Relevance: 24.8, APIs: 1, Strings: 13, Instructions: 346nativethreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00833F27 Relevance: 24.4, APIs: 2, Strings: 14, Instructions: 439memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00833B8F Relevance: 24.4, APIs: 2, Strings: 14, Instructions: 394memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087AE8E Relevance: 19.2, Strings: 15, Instructions: 490COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087A219 Relevance: 16.8, Strings: 13, Instructions: 577COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00879ED3 Relevance: 16.8, Strings: 13, Instructions: 542COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087A84D Relevance: 16.7, Strings: 13, Instructions: 457COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087A94E Relevance: 16.7, Strings: 13, Instructions: 449COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087A467 Relevance: 16.6, Strings: 13, Instructions: 395COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083C123 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 369memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086BEA0 Relevance: 9.3, APIs: 1, Strings: 4, Instructions: 528processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086BC58 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 292processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008456F6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 252memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845531 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 217memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084565F Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 213memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087C7FF Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 593nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086D37A Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 426threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087D131 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 404nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086DB31 Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00878B99 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 288injectionCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087D018 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 279nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089A2D1 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 273memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086D945 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 239threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084559A Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 186memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845410 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 166memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085D168 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 149nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3B60 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 143nativeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085C99A Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120nativethreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086E5FA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 552memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087B5D9 Relevance: 2.9, Strings: 2, Instructions: 409COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087BD0E Relevance: 2.8, Strings: 2, Instructions: 269COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087BC13 Relevance: 2.7, Strings: 2, Instructions: 246COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B323E Relevance: 1.8, APIs: 1, Instructions: 341nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008997CE Relevance: 1.7, APIs: 1, Instructions: 237COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00852786 Relevance: 1.7, APIs: 1, Instructions: 194memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867A51 Relevance: 1.7, APIs: 1, Instructions: 188memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B305B Relevance: 1.7, APIs: 1, Instructions: 179COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3DAB Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B30F3 Relevance: 1.6, APIs: 1, Instructions: 116nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3CFF Relevance: 1.6, APIs: 1, Instructions: 98nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3462 Relevance: 1.6, APIs: 1, Instructions: 92nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087B2D3 Relevance: 1.5, Strings: 1, Instructions: 288COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B3553 Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B4040 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087B509 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087B7DA Relevance: 1.5, Strings: 1, Instructions: 235COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087BDD7 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008676EA Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 155memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845435 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 150memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845475 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 140memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00859F6F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 135threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845487 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008454EF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 130memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0084575E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845785 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4389 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884C22 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A436D Relevance: 3.1, APIs: 2, Instructions: 84memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867B35 Relevance: 1.8, APIs: 1, Instructions: 345COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089A134 Relevance: 1.7, APIs: 1, Instructions: 239memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4754 Relevance: 1.7, APIs: 1, Instructions: 215memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899F8C Relevance: 1.7, APIs: 1, Instructions: 201memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085828F Relevance: 1.7, APIs: 1, Instructions: 193memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086761B Relevance: 1.7, APIs: 1, Instructions: 193memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884148 Relevance: 1.7, APIs: 1, Instructions: 178COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867EA4 Relevance: 1.7, APIs: 1, Instructions: 173memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899A8A Relevance: 1.6, APIs: 1, Instructions: 139COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089A4BC Relevance: 1.6, APIs: 1, Instructions: 130COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884718 Relevance: 1.6, APIs: 1, Instructions: 120memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008529D7 Relevance: 1.6, APIs: 1, Instructions: 116memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884735 Relevance: 1.6, APIs: 1, Instructions: 111memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867800 Relevance: 1.6, APIs: 1, Instructions: 106COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008999C8 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867A35 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088479C Relevance: 1.6, APIs: 1, Instructions: 102memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A43DB Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884423 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008847CE Relevance: 1.6, APIs: 1, Instructions: 95memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00852A2D Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008841A2 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008841C7 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884170 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867A99 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867A05 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008453E0 Relevance: 1.6, APIs: 1, Instructions: 92memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083C372 Relevance: 1.6, APIs: 1, Instructions: 91memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008453EB Relevance: 1.6, APIs: 1, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088459D Relevance: 1.6, APIs: 1, Instructions: 88memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845A99 Relevance: 1.6, APIs: 1, Instructions: 86memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0089A29B Relevance: 1.6, APIs: 1, Instructions: 86COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083C3D4 Relevance: 1.6, APIs: 1, Instructions: 85memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845811 Relevance: 1.6, APIs: 1, Instructions: 84memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845843 Relevance: 1.6, APIs: 1, Instructions: 84memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00845868 Relevance: 1.6, APIs: 1, Instructions: 84memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083C377 Relevance: 1.6, APIs: 1, Instructions: 83memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899A6D Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085239F Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884052 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4A13 Relevance: 1.6, APIs: 1, Instructions: 68memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00852AC4 Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A49B3 Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4A26 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899AB0 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4A2C Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A475A Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008848BD Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899AC0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00899EF9 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A4767 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00867F31 Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BBD7A Relevance: 1.5, APIs: 1, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A439B Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008844FD Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088450A Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008840CC Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008840D3 Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884BDC Relevance: 1.5, APIs: 1, Instructions: 40memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884980 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884929 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0088495B Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0082EC31 Relevance: 1.5, APIs: 1, Instructions: 33memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00884C2D Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BB989 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008353ED Relevance: 1.4, APIs: 1, Instructions: 163COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008355B3 Relevance: 1.4, APIs: 1, Instructions: 112COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00834ADB Relevance: 1.3, APIs: 1, Instructions: 89COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0083493D Relevance: 1.3, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008348EB Relevance: 1.3, APIs: 1, Instructions: 73COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00834B34 Relevance: 1.3, APIs: 1, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00834BC3 Relevance: 1.3, APIs: 1, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00835681 Relevance: 1.3, APIs: 1, Instructions: 58COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00834FF6 Relevance: 1.3, APIs: 1, Instructions: 52COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008353F3 Relevance: 1.3, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00835022 Relevance: 1.3, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0086352E Relevance: 16.8, Strings: 13, Instructions: 505COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085B9F6 Relevance: 16.5, Strings: 13, Instructions: 246COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085B610 Relevance: 15.3, Strings: 12, Instructions: 321COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085BA29 Relevance: 15.2, Strings: 12, Instructions: 226COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0085BA32 Relevance: 15.2, Strings: 12, Instructions: 222COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087E417 Relevance: 2.8, Strings: 2, Instructions: 316COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0087DB88 Relevance: 1.7, Strings: 1, Instructions: 491COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00866977 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00869789 Relevance: .6, Instructions: 628COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 008655AD Relevance: .4, Instructions: 373COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00855D31 Relevance: .3, Instructions: 325COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00863B94 Relevance: .3, Instructions: 305COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00866473 Relevance: .3, Instructions: 295COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00866386 Relevance: .2, Instructions: 250COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00863AC8 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00864D8B Relevance: .1, Instructions: 148COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|