Edit tour
Windows
Analysis Report
j8zJ5Jwja4.exe
Overview
General Information
| Sample name: | j8zJ5Jwja4.exerenamed because original name is a hash value |
| Original sample name: | 65a8f223d7e0fb5cca7e8ae22cd51b5e.exe |
| Analysis ID: | 1528610 |
| MD5: | 65a8f223d7e0fb5cca7e8ae22cd51b5e |
| SHA1: | 9b619e477948c5b605597ccab51af24738978501 |
| SHA256: | 61290d28114db41580ed0da7891920ee4f625ebd2ccdd23f3ef6f7d28777c8b7 |
| Tags: | 32exe |
| Infos: |   |
 | |
Detection
LummaC
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
LummaC encrypted strings found
Machine Learning detection for sample
Sample uses string decryption to hide its real strings
Sigma detected: Silenttrinity Stager Msbuild Activity
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
j8zJ5Jwja4.exe (PID: 7736 cmdline: "C:\Users\ user\Deskt op\j8zJ5Jw ja4.exe" MD5: 65A8F223D7E0FB5CCA7E8AE22CD51B5E) 
MSBuild.exe (PID: 7760 cmdline: "C:\Window s\Microsof t.NET\Fram ework\v4.0 .30319\MSB uild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232) 
WerFault.exe (PID: 7880 cmdline: C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 736 -s 272 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["spirittunek.stor", "clearancek.site", "eaglepawnoy.stor", "dissapoiznw.stor", "studennotediw.stor", "bathdoomgaz.stor", "trustterwowqm.shop", "mobbipenju.stor", "licendfilteo.site"], "Build id": "tLYMe5--deli333"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
System Summary |   |
|---|
| Source: | Author: Kiran kumar s, oscd.community: | ||
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:12.028982+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.8 | 49707 | 172.67.206.204 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:12.028982+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.8 | 49707 | 172.67.206.204 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.599645+0200 | 2056477 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 59113 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.642920+0200 | 2056471 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 52964 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.577689+0200 | 2056481 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 49356 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.567420+0200 | 2056483 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 57350 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.620737+0200 | 2056473 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 53560 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.555257+0200 | 2056485 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 53441 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.609733+0200 | 2056475 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 54082 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.588786+0200 | 2056479 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 53572 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.541895+0200 | 2056174 | 1 | Domain Observed Used for C2 Detected | 192.168.2.8 | 50071 | 1.1.1.1 | 53 | UDP |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Avira: | ||
| Source: | URL Reputation: | ||
| Source: | URL Reputation: | ||
| Source: | URL Reputation: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00739ABF | |
| Source: | Code function: | 0_2_0079604C | |
| Source: | Code function: | 0_2_00796140 | |
| Source: | Code function: | 0_2_0077C198 | |
| Source: | Code function: | 0_2_00778278 | |
| Source: | Code function: | 0_2_0075A268 | |
| Source: | Code function: | 0_2_0077C224 | |
| Source: | Code function: | 0_2_0077E2E8 | |
| Source: | Code function: | 0_2_007922A8 | |
| Source: | Code function: | 0_2_00796343 | |
| Source: | Code function: | 0_2_0074E3F7 | |
| Source: | Code function: | 0_2_0075E3F3 | |
| Source: | Code function: | 0_2_0077C3AC | |
| Source: | Code function: | 0_2_0077E388 | |
| Source: | Code function: | 0_2_0077A438 | |
| Source: | Code function: | 0_2_0077A438 | |
| Source: | Code function: | 0_2_00776410 | |
| Source: | Code function: | 0_2_0077C568 | |
| Source: | Code function: | 0_2_007505B8 | |
| Source: | Code function: | 0_2_007766E6 | |
| Source: | Code function: | 0_2_0078074E | |
| Source: | Code function: | 0_2_00762702 | |
| Source: | Code function: | 0_2_007947F8 | |
| Source: | Code function: | 0_2_0075C81B | |
| Source: | Code function: | 0_2_00768948 | |
| Source: | Code function: | 0_2_0075C938 | |
| Source: | Code function: | 0_2_007949F8 | |
| Source: | Code function: | 0_2_00780AD4 | |
| Source: | Code function: | 0_2_00780AD4 | |
| Source: | Code function: | 0_2_00780AD4 | |
| Source: | Code function: | 0_2_00788B78 | |
| Source: | Code function: | 0_2_00752B08 | |
| Source: | Code function: | 0_2_0077ABBB | |
| Source: | Code function: | 0_2_00796B98 | |
| Source: | Code function: | 0_2_00796B98 | |
| Source: | Code function: | 0_2_0076CB98 | |
| Source: | Code function: | 0_2_0078EC08 | |
| Source: | Code function: | 0_2_00790C08 | |
| Source: | Code function: | 0_2_00762D4B | |
| Source: | Code function: | 0_2_00796D28 | |
| Source: | Code function: | 0_2_00796D28 | |
| Source: | Code function: | 0_2_00796EA8 | |
| Source: | Code function: | 0_2_00796EA8 | |
| Source: | Code function: | 0_2_0076EF70 | |
| Source: | Code function: | 0_2_0076AF2D | |
| Source: | Code function: | 0_2_00796FD8 | |
| Source: | Code function: | 0_2_00791048 | |
| Source: | Code function: | 0_2_0077B175 | |
| Source: | Code function: | 0_2_00775108 | |
| Source: | Code function: | 0_2_00795288 | |
| Source: | Code function: | 0_2_00775368 | |
| Source: | Code function: | 0_2_00781327 | |
| Source: | Code function: | 0_2_00781327 | |
| Source: | Code function: | 0_2_00781327 | |
| Source: | Code function: | 0_2_0076338E | |
| Source: | Code function: | 0_2_0078143A | |
| Source: | Code function: | 0_2_0078143A | |
| Source: | Code function: | 0_2_007974F8 | |
| Source: | Code function: | 0_2_007634A4 | |
| Source: | Code function: | 0_2_0076165F | |
| Source: | Code function: | 0_2_00793642 | |
| Source: | Code function: | 0_2_007936EE | |
| Source: | Code function: | 0_2_0077D75B | |
| Source: | Code function: | 0_2_00791798 | |
| Source: | Code function: | 0_2_007938E2 | |
| Source: | Code function: | 0_2_007818D8 | |
| Source: | Code function: | 0_2_00761920 | |
| Source: | Code function: | 0_2_00751A58 | |
| Source: | Code function: | 0_2_0075FA44 | |
| Source: | Code function: | 0_2_00793A08 | |
| Source: | Code function: | 0_2_0076FAE2 | |
| Source: | Code function: | 0_2_00759AE8 | |
| Source: | Code function: | 0_2_0075BB58 | |
| Source: | Code function: | 0_2_00759BF8 | |
| Source: | Code function: | 0_2_0075FCD4 | |
| Source: | Code function: | 0_2_0075BCB9 | |
| Source: | Code function: | 0_2_00795EE8 | |
| Source: | Code function: | 0_2_00775EC3 | |
| Source: | Code function: | 0_2_00793F68 | |
| Source: | Code function: | 0_2_00781FF9 | |
| Source: | Code function: | 2_2_0040D390 | |
| Source: | Code function: | 2_2_0044676A | |
| Source: | Code function: | 2_2_00446A0A | |
| Source: | Code function: | 2_2_00447082 | |
| Source: | Code function: | 2_2_00444170 | |
| Source: | Code function: | 2_2_0044A100 | |
| Source: | Code function: | 2_2_00435121 | |
| Source: | Code function: | 2_2_004491F0 | |
| Source: | Code function: | 2_2_004491F0 | |
| Source: | Code function: | 2_2_00428230 | |
| Source: | Code function: | 2_2_0042F2C0 | |
| Source: | Code function: | 2_2_004453D0 | |
| Source: | Code function: | 2_2_0042B3A0 | |
| Source: | Code function: | 2_2_004483B0 | |
| Source: | Code function: | 2_2_0042F46A | |
| Source: | Code function: | 2_2_00431410 | |
| Source: | Code function: | 2_2_0042F4D4 | |
| Source: | Code function: | 2_2_00428490 | |
| Source: | Code function: | 2_2_004314B0 | |
| Source: | Code function: | 2_2_0042D560 | |
| Source: | Code function: | 2_2_0042D560 | |
| Source: | Code function: | 2_2_0043456A | |
| Source: | Code function: | 2_2_0043456A | |
| Source: | Code function: | 2_2_0041151B | |
| Source: | Code function: | 2_2_0040151F | |
| Source: | Code function: | 2_2_004165CC | |
| Source: | Code function: | 2_2_0044A620 | |
| Source: | Code function: | 2_2_0041463D | |
| Source: | Code function: | 2_2_0041463D | |
| Source: | Code function: | 2_2_004036E0 | |
| Source: | Code function: | 2_2_0042F690 | |
| Source: | Code function: | 2_2_0043387B | |
| Source: | Code function: | 2_2_00446816 | |
| Source: | Code function: | 2_2_0041582B | |
| Source: | Code function: | 2_2_004448C0 | |
| Source: | Code function: | 2_2_00430883 | |
| Source: | Code function: | 2_2_0040F943 | |
| Source: | Code function: | 2_2_00447920 | |
| Source: | Code function: | 2_2_0042D9A0 | |
| Source: | Code function: | 2_2_0040FA60 | |
| Source: | Code function: | 2_2_0041BA70 | |
| Source: | Code function: | 2_2_00434A00 | |
| Source: | Code function: | 2_2_0042DB64 | |
| Source: | Code function: | 2_2_00412B6C | |
| Source: | Code function: | 2_2_00421B20 | |
| Source: | Code function: | 2_2_00447B20 | |
| Source: | Code function: | 2_2_00446B30 | |
| Source: | Code function: | 2_2_00433BD3 | |
| Source: | Code function: | 2_2_00433BD3 | |
| Source: | Code function: | 2_2_00433BD3 | |
| Source: | Code function: | 2_2_00422BEF | |
| Source: | Code function: | 2_2_00404B80 | |
| Source: | Code function: | 2_2_0040CC10 | |
| Source: | Code function: | 2_2_00405C30 | |
| Source: | Code function: | 2_2_0041FCC0 | |
| Source: | Code function: | 2_2_00449CC0 | |
| Source: | Code function: | 2_2_00449CC0 | |
| Source: | Code function: | 2_2_0040EC80 | |
| Source: | Code function: | 2_2_00434C90 | |
| Source: | Code function: | 2_2_00434C90 | |
| Source: | Code function: | 2_2_0043BCA0 | |
| Source: | Code function: | 2_2_0040CD20 | |
| Source: | Code function: | 2_2_00443D30 | |
| Source: | Code function: | 2_2_00441D30 | |
| Source: | Code function: | 2_2_0040EDE1 | |
| Source: | Code function: | 2_2_00448DE0 | |
| Source: | Code function: | 2_2_00448DE0 | |
| Source: | Code function: | 2_2_00448DE0 | |
| Source: | Code function: | 2_2_00412DFC | |
| Source: | Code function: | 2_2_0041DD90 | |
| Source: | Code function: | 2_2_00449E50 | |
| Source: | Code function: | 2_2_00449E50 | |
| Source: | Code function: | 2_2_00448ED0 | |
| Source: | Code function: | 2_2_00448ED0 | |
| Source: | Code function: | 2_2_00448ED0 | |
| Source: | Code function: | 2_2_00448ED0 | |
| Source: | Code function: | 2_2_00449FD0 | |
| Source: | Code function: | 2_2_00449FD0 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 2_2_004396A0 | |
| Source: | Code function: | 2_2_004396A0 | |
| Source: | Code function: | 0_2_00722021 | |
| Source: | Code function: | 0_2_00786078 | |
| Source: | Code function: | 0_2_0077A059 | |
| Source: | Code function: | 0_2_0074E175 | |
| Source: | Code function: | 0_2_00754278 | |
| Source: | Code function: | 0_2_00752268 | |
| Source: | Code function: | 0_2_0074E212 | |
| Source: | Code function: | 0_2_0074E2D5 | |
| Source: | Code function: | 0_2_00786378 | |
| Source: | Code function: | 0_2_00752302 | |
| Source: | Code function: | 0_2_0077A438 | |
| Source: | Code function: | 0_2_00758428 | |
| Source: | Code function: | 0_2_007505B8 | |
| Source: | Code function: | 0_2_0075E768 | |
| Source: | Code function: | 0_2_00784858 | |
| Source: | Code function: | 0_2_0072CAF2 | |
| Source: | Code function: | 0_2_00784A88 | |
| Source: | Code function: | 0_2_0076CB98 | |
| Source: | Code function: | 0_2_00754C78 | |
| Source: | Code function: | 0_2_00756C29 | |
| Source: | Code function: | 0_2_00794DA8 | |
| Source: | Code function: | 0_2_00758F38 | |
| Source: | Code function: | 0_2_0075F058 | |
| Source: | Code function: | 0_2_0075B2D8 | |
| Source: | Code function: | 0_2_0072729C | |
| Source: | Code function: | 0_2_00795288 | |
| Source: | Code function: | 0_2_00757338 | |
| Source: | Code function: | 0_2_0073D39B | |
| Source: | Code function: | 0_2_0078D598 | |
| Source: | Code function: | 0_2_00755618 | |
| Source: | Code function: | 0_2_0073572C | |
| Source: | Code function: | 0_2_00791798 | |
| Source: | Code function: | 0_2_00757908 | |
| Source: | Code function: | 0_2_00771908 | |
| Source: | Code function: | 0_2_0077BADA | |
| Source: | Code function: | 0_2_0073BB36 | |
| Source: | Code function: | 0_2_0078BCB8 | |
| Source: | Code function: | 0_2_00733C92 | |
| Source: | Code function: | 0_2_00721D79 | |
| Source: | Code function: | 0_2_0072FEF0 | |
| Source: | Code function: | 0_2_0074DED8 | |
| Source: | Code function: | 2_2_0040FFE0 | |
| Source: | Code function: | 2_2_0040C060 | |
| Source: | Code function: | 2_2_00401000 | |
| Source: | Code function: | 2_2_00447082 | |
| Source: | Code function: | 2_2_00409110 | |
| Source: | Code function: | 2_2_004491F0 | |
| Source: | Code function: | 2_2_00412180 | |
| Source: | Code function: | 2_2_0042D181 | |
| Source: | Code function: | 2_2_004391A0 | |
| Source: | Code function: | 2_2_0040129D | |
| Source: | Code function: | 2_2_00405340 | |
| Source: | Code function: | 2_2_0042D181 | |
| Source: | Code function: | 2_2_004073A0 | |
| Source: | Code function: | 2_2_004483B0 | |
| Source: | Code function: | 2_2_0040A460 | |
| Source: | Code function: | 2_2_0040E400 | |
| Source: | Code function: | 2_2_004394A0 | |
| Source: | Code function: | 2_2_0040B550 | |
| Source: | Code function: | 2_2_0042D560 | |
| Source: | Code function: | 2_2_004305E0 | |
| Source: | Code function: | 2_2_004406C0 | |
| Source: | Code function: | 2_2_004036E0 | |
| Source: | Code function: | 2_2_0042B69D | |
| Source: | Code function: | 2_2_00408740 | |
| Source: | Code function: | 2_2_004448C0 | |
| Source: | Code function: | 2_2_004298E2 | |
| Source: | Code function: | 2_2_00411890 | |
| Source: | Code function: | 2_2_0042E977 | |
| Source: | Code function: | 2_2_00409903 | |
| Source: | Code function: | 2_2_004489D7 | |
| Source: | Code function: | 2_2_00437980 | |
| Source: | Code function: | 2_2_0042D9A0 | |
| Source: | Code function: | 2_2_0042FA20 | |
| Source: | Code function: | 2_2_0040AA30 | |
| Source: | Code function: | 2_2_00424A30 | |
| Source: | Code function: | 2_2_0042CAF0 | |
| Source: | Code function: | 2_2_00406B60 | |
| Source: | Code function: | 2_2_0042DB64 | |
| Source: | Code function: | 2_2_00448B00 | |
| Source: | Code function: | 2_2_00409B1C | |
| Source: | Code function: | 2_2_00437BB0 | |
| Source: | Code function: | 2_2_0042EC02 | |
| Source: | Code function: | 2_2_0041FCC0 | |
| Source: | Code function: | 2_2_0043EDE0 | |
| Source: | Code function: | 2_2_00448DE0 | |
| Source: | Code function: | 2_2_00407DA0 | |
| Source: | Code function: | 2_2_00432E33 | |
| Source: | Code function: | 2_2_00448ED0 | |
| Source: | Code function: | 2_2_00447ED0 | |
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_00428230 | |
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Command line argument: | 0_2_00722021 | |
| Source: | Command line argument: | 0_2_00722021 | |
| Source: | Command line argument: | 0_2_00722021 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00762727 | |
| Source: | Code function: | 0_2_007271C0 | |
| Source: | Code function: | 2_2_0041584F | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00739ABF | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_004464F0 | |
| Source: | Code function: | 0_2_00727922 | |
| Source: | Code function: | 0_2_00722003 | |
| Source: | Code function: | 0_2_0073A64C | |
| Source: | Code function: | 0_2_00730F2E | |
| Source: | Code function: | 0_2_0073CC4B | |
| Source: | Code function: | 0_2_00727610 | |
| Source: | Code function: | 0_2_00727922 | |
| Source: | Code function: | 0_2_0072DA73 | |
| Source: | Code function: | 0_2_00727AAF | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 0_2_0073C085 | |
| Source: | Code function: | 0_2_0073622B | |
| Source: | Code function: | 0_2_0073C372 | |
| Source: | Code function: | 0_2_0073C327 | |
| Source: | Code function: | 0_2_0073C40D | |
| Source: | Code function: | 0_2_0073C498 | |
| Source: | Code function: | 0_2_0073C6EB | |
| Source: | Code function: | 0_2_0073C814 | |
| Source: | Code function: | 0_2_0073C91A | |
| Source: | Code function: | 0_2_0073C9E9 | |
| Source: | Code function: | 0_2_00735D7F | |
| Source: | Code function: | 0_2_00727815 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 311 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 311 Process Injection | LSASS Memory | 41 Security Software Discovery | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 13 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 44% | Virustotal | Browse | ||
| 100% | Avira | HEUR/AGEN.1310458 | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 11% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 16% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 18% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | URL Reputation | malware | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 100% | URL Reputation | malware | ||
| 0% | URL Reputation | safe | ||
| 100% | URL Reputation | malware | ||
| 16% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 11% | Virustotal | Browse | ||
| 11% | Virustotal | Browse | ||
| 14% | Virustotal | Browse | ||
| 9% | Virustotal | Browse | ||
| 0% | Virustotal | Browse | ||
| 18% | Virustotal | Browse | ||
| 11% | Virustotal | Browse |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| steamcommunity.com | 104.102.49.254 | true | true |
| unknown |
| sergei-esenin.com | 172.67.206.204 | true | true |
| unknown |
| fp2e7a.wpc.phicdn.net | 192.229.221.95 | true | false |
| unknown |
| trustterwowqm.shop | unknown | unknown | true |
| unknown |
| eaglepawnoy.store | unknown | unknown | false |
| unknown |
| bathdoomgaz.store | unknown | unknown | false |
| unknown |
| spirittunek.store | unknown | unknown | false |
| unknown |
| licendfilteo.site | unknown | unknown | true |
| unknown |
| studennotediw.store | unknown | unknown | false |
| unknown |
| mobbipenju.store | unknown | unknown | false |
| unknown |
| clearancek.site | unknown | unknown | true |
| unknown |
| dissapoiznw.store | unknown | unknown | false |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true | unknown | ||
| true | unknown | ||
| true |
| unknown | |
| true | unknown | ||
| true | unknown | ||
| true |
| unknown | |
| true |
| unknown | |
| true | unknown | ||
| true | unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| true |
| unknown | ||
| false |
| unknown | ||
| true | unknown | |||
| true |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| true |
| unknown | ||
| true | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | true | |
| 172.67.206.204 | sergei-esenin.com | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 41.0.0 Charoite |
| Analysis ID: | 1528610 |
| Start date and time: | 2024-10-08 04:23:11 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 13 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | j8zJ5Jwja4.exerenamed because original name is a hash value |
| Original Sample Name: | 65a8f223d7e0fb5cca7e8ae22cd51b5e.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@4/5@11/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.190.159.4, 20.190.159.68, 20.190.159.0, 20.190.159.23, 20.190.159.64, 40.126.31.67, 20.190.159.73, 20.190.159.2, 20.42.65.92, 52.149.20.212, 192.229.221.95, 13.85.23.206, 13.95.31.18, 52.165.164.15
- Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, slscr.update.microsoft.com, www.tm.v4.a.prd.aadg.trafficmanager.net, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, blobcollector.events.data.trafficmanager.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, umwatson.events.data.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtQueryValueKey calls found.
| Time | Type | Description |
|---|---|---|
| 22:24:08 | API Interceptor | |
| 22:24:14 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.102.49.254 | Get hash | malicious | Unknown | Browse |
| |
| 172.67.206.204 | Get hash | malicious | LummaC | Browse | ||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC | Browse | |||
| Get hash | malicious | LummaC, Vidar | Browse | |||
| Get hash | malicious | LummaC | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| sergei-esenin.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| fp2e7a.wpc.phicdn.net | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Stealc | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | RDPWrap Tool | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Xmrig | Browse |
| ||
| AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC, Vidar | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | LummaC | Browse |
| ||
| Get hash | malicious | SmokeLoader | Browse |
|
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_j8zJ5Jwja4.exe_1966512a4c1b30f6d3a54994d6808c78ed874d_fc5164de_5b9e6915-1166-4648-8a92-c0d7202a1d2c\Report.wer 
Download File
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 0.6558110350367419 |
| Encrypted: | false |
| SSDEEP: | 96:DyFsP0qSWsIy6iAPf8QXIDcQvc6QcEVcw3cE/n+HbHg/5hZAX/d5FMT2SlPkpXma:mKP1SWt0BU/gjhzuiF5Z24IO8G |
| MD5: | 2F7A9D6405652FDE4A846EBACAF7D07C |
| SHA1: | 2C8BD2969AF648884B7483D49DEE66481A0D79DA |
| SHA-256: | F135788D897B18BB95ACBA3826F4B8D9AB8BAEE1FEB528FF6C2720FED68875EA |
| SHA-512: | 55460B35132726B6201178814956E4F6A62168726819ED56734B94F046F699F67DEA178A946016D36DD869A736BB372C09D6B778F1C0793E89885815E2A85F02 |
| Malicious: | true |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 33156 |
| Entropy (8bit): | 1.7500002560673362 |
| Encrypted: | false |
| SSDEEP: | 96:5v8DdXCte5WDi778YdFNigk0/dkaEbEDw2eWIkWITsI4WEN5OpeGvxa:60DO1iMeB4sFWErPGvx |
| MD5: | A4F227B04996FE9B1A4A120E8F86DC1C |
| SHA1: | A02962B39DB2BEF8936A5CC529310A4A4865751A |
| SHA-256: | 627D19BC590195AD760B23BD1F8B89902F86DEC99C95490AC5882258B6E8BB55 |
| SHA-512: | AFE7BF3F127C44B20E5C48A1D3D3C1D73CE8A4A75B483B41E42C059FBA4CDCB3F786F63C583636DE4144AE7C954ED1E66ED6BFBA5A4D3F18354725A6ABE95DD9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8328 |
| Entropy (8bit): | 3.7028194722407837 |
| Encrypted: | false |
| SSDEEP: | 192:R6l7wVeJJI6y6YSkSUN6dNOgmfgIXPprH89bTYsf4xm:R6lXJW6y6YxSUcdNOgmfgIXaTLfj |
| MD5: | 5ABD0407C17F8AFF8E3B7F129DF847DC |
| SHA1: | C39B94F7937D9FFC70E1736FD5D87E7DD70B63CD |
| SHA-256: | F7285DA9FED756B1E794053A89C41EEC195C74DD763673A837C73BEC29C07755 |
| SHA-512: | 25D3C5BF7934D596F03734712014351D00B7651E286EAEBBA0DAC2F190C52124A28DEB06DC5BCA3BCCFDA17D22F2C628CEE7E094E82FEDD6D2AABA9085942DAC |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4678 |
| Entropy (8bit): | 4.489993582894266 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwWl8zs6uJg77aI9FqVWpW8VYSYm8M4JWtFcq+q82uaOurd:uIjf6kI7TT7VuJo6aOurd |
| MD5: | 45C8971480B063379C8F7F655F39CFDC |
| SHA1: | BD38DC3A34CC42CCF4D37A13BDE78660FE1279BA |
| SHA-256: | 7C8A38699226EEE11556690BB63032249E535CB4F3958D98A21028667D008061 |
| SHA-512: | 8FE1481DBA857D7643B8BE5AAF0C589C0E7E70B7EF309BC519FAE1E6D1C3F67203ACB939BC9A6FDF4456A0475DFB7E36362CE6BF0F419767F43B496FDB753482 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1835008 |
| Entropy (8bit): | 4.372750969919041 |
| Encrypted: | false |
| SSDEEP: | 6144:jFVfpi6ceLP/9skLmb0ayWWSPtaJG8nAge35OlMMhA2AX4WABlguNOiL:ZV1QyWWI/glMM6kF7Eq |
| MD5: | 37A6D10A0E57F72E0927BA0FB5E74D2A |
| SHA1: | CF2BDB66CFAB53D28B7140167BB98D2DAB65E09B |
| SHA-256: | 1D1C8B0E7D988BFBF7D02B6FC0C1B3B25DD787DCD1731935AA8B02CDBE8AFF30 |
| SHA-512: | C0EB34B54550B429E9B416F9EE967D00196285F4CD44568990AED1AEF6E7720F35BFE432597262780554674838425E79EC0625B4A136E4C75EDC25D7CCC07509 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.722534100839197 |
| TrID: |
|
| File name: | j8zJ5Jwja4.exe |
| File size: | 550'912 bytes |
| MD5: | 65a8f223d7e0fb5cca7e8ae22cd51b5e |
| SHA1: | 9b619e477948c5b605597ccab51af24738978501 |
| SHA256: | 61290d28114db41580ed0da7891920ee4f625ebd2ccdd23f3ef6f7d28777c8b7 |
| SHA512: | 32c367df61d1265b4bd9f8053ac46b3acb8526e621beafdcbaa8aa94e8243fe5829d812d7c309eb310494442db88cee41669a2a326b587b030ca57686fd9350b |
| SSDEEP: | 12288:bdkYNLs5LUXUdOYjf4FbDaTo2TRsxTGi5Zs4S:bXLsYYkFbqo2TRsD5D |
| TLSH: | C9C4F11175C08072D4B316325AF1DA789E3EBD700E62AE9F67950FAE4F302D1DB2166B |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......=.9.y.WUy.WUy.WU..TTu.WU..RT..WU..STl.WU..VTz.WUy.VU!.WUilTTm.WUilSTk.WUilRT4.WU1m^Tx.WU1m.Ux.WU1mUTx.WURichy.WU............... |
 | |
| Icon Hash: | 00928e8e8686b000 |
| Entrypoint: | 0x406f52 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67049640 [Tue Oct 8 02:17:36 2024 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | d10af643340e1121562abe3e6bd5b0e1 |
| Instruction |
|---|
| call 00007F29ACB40B70h |
| jmp 00007F29ACB400DFh |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| mov ecx, dword ptr [eax+3Ch] |
| add ecx, eax |
| movzx eax, word ptr [ecx+14h] |
| lea edx, dword ptr [ecx+18h] |
| add edx, eax |
| movzx eax, word ptr [ecx+06h] |
| imul esi, eax, 28h |
| add esi, edx |
| cmp edx, esi |
| je 00007F29ACB4027Bh |
| mov ecx, dword ptr [ebp+0Ch] |
| cmp ecx, dword ptr [edx+0Ch] |
| jc 00007F29ACB4026Ch |
| mov eax, dword ptr [edx+08h] |
| add eax, dword ptr [edx+0Ch] |
| cmp ecx, eax |
| jc 00007F29ACB4026Eh |
| add edx, 28h |
| cmp edx, esi |
| jne 00007F29ACB4024Ch |
| xor eax, eax |
| pop esi |
| pop ebp |
| ret |
| mov eax, edx |
| jmp 00007F29ACB4025Bh |
| push esi |
| call 00007F29ACB40E84h |
| test eax, eax |
| je 00007F29ACB40282h |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, 0048654Ch |
| mov edx, dword ptr [eax+04h] |
| jmp 00007F29ACB40266h |
| cmp edx, eax |
| je 00007F29ACB40272h |
| xor eax, eax |
| mov ecx, edx |
| lock cmpxchg dword ptr [esi], ecx |
| test eax, eax |
| jne 00007F29ACB40252h |
| xor al, al |
| pop esi |
| ret |
| mov al, 01h |
| pop esi |
| ret |
| push ebp |
| mov ebp, esp |
| cmp dword ptr [ebp+08h], 00000000h |
| jne 00007F29ACB40269h |
| mov byte ptr [00486550h], 00000001h |
| call 00007F29ACB4051Ah |
| call 00007F29ACB43437h |
| test al, al |
| jne 00007F29ACB40266h |
| xor al, al |
| pop ebp |
| ret |
| call 00007F29ACB4BE99h |
| test al, al |
| jne 00007F29ACB4026Ch |
| push 00000000h |
| call 00007F29ACB4343Eh |
| pop ecx |
| jmp 00007F29ACB4024Bh |
| mov al, 01h |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| cmp byte ptr [00486551h], 00000000h |
| je 00007F29ACB40266h |
| mov al, 01h |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c6c0 | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x88000 | 0x3d8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x89000 | 0x1ad4 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2abc0 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ab00 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x12c | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x210f0 | 0x21200 | 89b13a4afab0d326b8b7ee27e7be54ba | False | 0.5865418632075472 | data | 6.667703746415754 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x23000 | 0x9d78 | 0x9e00 | 3af1a33bd7f6bf7544c99989047ff6bb | False | 0.4350771360759494 | data | 4.956604084551502 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x2d000 | 0x5a178 | 0x59400 | a97f8d83e0ae9f10298cf837b75f754c | False | 0.9911343443627451 | DOS executable (block device driver \377\377\377\377,32-bit sector-support) | 7.992390432772047 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x88000 | 0x3d8 | 0x400 | c67ba8481d4e7c92e5fe9f152983a3f3 | False | 0.439453125 | data | 3.287044161603086 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x89000 | 0x1ad4 | 0x1c00 | 4637c216ab81215b5ac675caf379382e | False | 0.7264229910714286 | data | 6.390012014256488 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_VERSION | 0x88058 | 0x380 | data | English | United States | 0.46205357142857145 |
| DLL | Import |
|---|---|
| KERNEL32.dll | AttachConsole, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, GetFileType, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileSizeEx, SetFilePointerEx, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, ReadConsoleW, HeapSize, WriteConsoleW |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2024-10-08T04:24:09.541895+0200 | 2056174 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (trustterwowqm .shop) | 1 | 192.168.2.8 | 50071 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.555257+0200 | 2056485 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) | 1 | 192.168.2.8 | 53441 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.567420+0200 | 2056483 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) | 1 | 192.168.2.8 | 57350 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.577689+0200 | 2056481 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) | 1 | 192.168.2.8 | 49356 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.588786+0200 | 2056479 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) | 1 | 192.168.2.8 | 53572 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.599645+0200 | 2056477 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) | 1 | 192.168.2.8 | 59113 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.609733+0200 | 2056475 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) | 1 | 192.168.2.8 | 54082 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.620737+0200 | 2056473 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) | 1 | 192.168.2.8 | 53560 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:09.642920+0200 | 2056471 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) | 1 | 192.168.2.8 | 52964 | 1.1.1.1 | 53 | UDP |
| 2024-10-08T04:24:12.028982+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.8 | 49707 | 172.67.206.204 | 443 | TCP |
| 2024-10-08T04:24:12.028982+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.8 | 49707 | 172.67.206.204 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2024 04:24:03.808634996 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.811273098 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.811285973 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.811391115 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.811966896 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.811992884 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.812006950 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.812064886 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.814960003 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.815098047 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.815762043 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.815820932 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.816772938 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.819849014 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.819876909 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.820554972 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.909873962 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.913851023 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.915476084 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.915501118 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.915590048 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.916157961 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.916172981 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.916258097 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.916311026 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.918690920 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.920134068 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.920384884 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.921654940 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.921792984 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:03.924998045 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.925151110 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.926448107 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:03.926518917 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.012010098 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.015261889 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.020399094 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.021050930 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.021069050 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.021369934 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.021800995 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.021816015 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.021872997 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.026747942 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.027930021 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.028923988 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.029910088 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.032912970 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.034849882 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.129081964 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.132886887 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.136574984 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.136593103 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.136727095 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.139975071 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.140140057 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.144845009 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.183885098 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.183926105 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.184015036 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.187489986 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.187599897 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.192423105 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.235811949 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.239589930 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.240763903 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.240807056 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.240880013 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.240919113 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.243419886 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
| Oct 8, 2024 04:24:04.243897915 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.244009018 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.248724937 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.286078930 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.286096096 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.286333084 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.290575981 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.291548967 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.296464920 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.339689016 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.342380047 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.342430115 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.342519999 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.343040943 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.346415997 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.347400904 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.351279974 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.391647100 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.391669035 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.391737938 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.395812035 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.396838903 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.401635885 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.442009926 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.445122004 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.446964979 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.446983099 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.447103024 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.450759888 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.451595068 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.455549955 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.496706009 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.496723890 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.496824026 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.500360966 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.500479937 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.505305052 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.540402889 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
| Oct 8, 2024 04:24:04.546247959 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.549957037 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.554883957 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.554915905 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.555020094 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.555054903 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.558384895 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.558509111 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.563745975 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.600943089 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.600960970 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.601104975 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.605812073 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.605837107 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.619909048 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.634144068 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
| Oct 8, 2024 04:24:04.656821966 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.659435034 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.659454107 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.659535885 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.713234901 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.713254929 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.713404894 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.730421066 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.738739967 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.743638039 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.756565094 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.806159019 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.829221964 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.851516008 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.852977037 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.853051901 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.856384039 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.857417107 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.862235069 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.871913910 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.876764059 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.929676056 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.934796095 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.943397045 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.952913046 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:04.953001976 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:04.967427015 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.009104013 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.025516987 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.025544882 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.025743008 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.043420076 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.087169886 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.294790030 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.314651966 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.314651966 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.319612980 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.324862957 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.329793930 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.336354971 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.382302999 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.393321991 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.393338919 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.393532038 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.413747072 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.413839102 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.413989067 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.431926012 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.434111118 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.438901901 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.442400932 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.443640947 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.447355986 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.448385000 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.482593060 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.483872890 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.483969927 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.502207994 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.507133961 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.537890911 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.543595076 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.543610096 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.543802977 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.565922022 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.567727089 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.572657108 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.598285913 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.598478079 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.601346016 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.601402998 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.601424932 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.644740105 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.646064043 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.649472952 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.656198978 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.660963058 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.665601015 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.665616989 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.665631056 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.665679932 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.692063093 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.692192078 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.697285891 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.697302103 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.697316885 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.697386980 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.735971928 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.736474037 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.737243891 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.741213083 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.751765013 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.754836082 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.754852057 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.754913092 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.799715996 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.800237894 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.805071115 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.836474895 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.836534023 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.836744070 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.844906092 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.888324022 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.888348103 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.888814926 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.893296003 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.899667025 CEST | 49671 | 443 | 192.168.2.8 | 204.79.197.203 |
| Oct 8, 2024 04:24:05.907001019 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.907017946 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.907099009 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.954309940 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.987673044 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.987690926 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:05.987771988 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:05.997404099 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:06.040265083 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:06.078038931 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:24:06.134068966 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:24:06.243474960 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
| Oct 8, 2024 04:24:09.671915054 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:09.671950102 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.672019005 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:09.675156116 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:09.675170898 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.330425978 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.330507040 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.333328009 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.333338976 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.333617926 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.384100914 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.385143042 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.431411982 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903788090 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903810978 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903856993 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903898001 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903937101 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.903979063 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.903979063 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.903979063 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.903979063 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:10.903996944 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:10.904086113 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.008044004 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.008063078 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.008348942 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.008364916 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.013467073 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.013540030 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.013649940 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.013649940 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.017283916 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.047166109 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.047166109 CEST | 49706 | 443 | 192.168.2.8 | 104.102.49.254 |
| Oct 8, 2024 04:24:11.047195911 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.047204971 CEST | 443 | 49706 | 104.102.49.254 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.070168018 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.070205927 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.070278883 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.076174974 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.076193094 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.556545019 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.556613922 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.559772015 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.559778929 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.559995890 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.561258078 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.561280012 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:11.561331987 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:12.028986931 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:12.029056072 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:12.029125929 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:12.029783964 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:12.029792070 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:12.029817104 CEST | 49707 | 443 | 192.168.2.8 | 172.67.206.204 |
| Oct 8, 2024 04:24:12.029822111 CEST | 443 | 49707 | 172.67.206.204 | 192.168.2.8 |
| Oct 8, 2024 04:24:13.862231970 CEST | 49673 | 443 | 192.168.2.8 | 23.206.229.226 |
| Oct 8, 2024 04:24:14.149615049 CEST | 49672 | 443 | 192.168.2.8 | 23.206.229.226 |
| Oct 8, 2024 04:24:14.243427992 CEST | 49676 | 443 | 192.168.2.8 | 52.182.143.211 |
| Oct 8, 2024 04:24:15.892482042 CEST | 443 | 49704 | 23.206.229.226 | 192.168.2.8 |
| Oct 8, 2024 04:24:15.892636061 CEST | 49704 | 443 | 192.168.2.8 | 23.206.229.226 |
| Oct 8, 2024 04:24:16.868843079 CEST | 49677 | 80 | 192.168.2.8 | 192.229.211.108 |
| Oct 8, 2024 04:24:26.657115936 CEST | 52836 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:26.662010908 CEST | 53 | 52836 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:26.662838936 CEST | 52836 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:26.662838936 CEST | 52836 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:26.667788982 CEST | 53 | 52836 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:27.107791901 CEST | 53 | 52836 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:27.109267950 CEST | 52836 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:27.114641905 CEST | 53 | 52836 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:27.115065098 CEST | 52836 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:55.712378979 CEST | 49703 | 80 | 192.168.2.8 | 93.184.221.240 |
| Oct 8, 2024 04:24:55.717616081 CEST | 80 | 49703 | 93.184.221.240 | 192.168.2.8 |
| Oct 8, 2024 04:24:55.717688084 CEST | 49703 | 80 | 192.168.2.8 | 93.184.221.240 |
| Oct 8, 2024 04:25:36.052880049 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:25:36.052911997 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Oct 8, 2024 04:25:36.052999973 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:25:36.053858042 CEST | 49705 | 443 | 192.168.2.8 | 13.107.246.64 |
| Oct 8, 2024 04:25:36.058691025 CEST | 443 | 49705 | 13.107.246.64 | 192.168.2.8 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Oct 8, 2024 04:24:09.541894913 CEST | 50071 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.550729036 CEST | 53 | 50071 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.555257082 CEST | 53441 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.563744068 CEST | 53 | 53441 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.567420006 CEST | 57350 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.576412916 CEST | 53 | 57350 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.577688932 CEST | 49356 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.585962057 CEST | 53 | 49356 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.588785887 CEST | 53572 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.597158909 CEST | 53 | 53572 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.599644899 CEST | 59113 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.608499050 CEST | 53 | 59113 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.609733105 CEST | 54082 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.618340969 CEST | 53 | 54082 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.620737076 CEST | 53560 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.640907049 CEST | 53 | 53560 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.642920017 CEST | 52964 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.656258106 CEST | 53 | 52964 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:09.657939911 CEST | 57412 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:09.664520979 CEST | 53 | 57412 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:11.050134897 CEST | 50944 | 53 | 192.168.2.8 | 1.1.1.1 |
| Oct 8, 2024 04:24:11.063030958 CEST | 53 | 50944 | 1.1.1.1 | 192.168.2.8 |
| Oct 8, 2024 04:24:26.656656027 CEST | 53 | 49485 | 1.1.1.1 | 192.168.2.8 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Oct 8, 2024 04:24:09.541894913 CEST | 192.168.2.8 | 1.1.1.1 | 0x7814 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.555257082 CEST | 192.168.2.8 | 1.1.1.1 | 0xb688 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.567420006 CEST | 192.168.2.8 | 1.1.1.1 | 0x4dfe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.577688932 CEST | 192.168.2.8 | 1.1.1.1 | 0xe43d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.588785887 CEST | 192.168.2.8 | 1.1.1.1 | 0xd80e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.599644899 CEST | 192.168.2.8 | 1.1.1.1 | 0x1abd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.609733105 CEST | 192.168.2.8 | 1.1.1.1 | 0xac7d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.620737076 CEST | 192.168.2.8 | 1.1.1.1 | 0xb0f3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.642920017 CEST | 192.168.2.8 | 1.1.1.1 | 0x6670 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.657939911 CEST | 192.168.2.8 | 1.1.1.1 | 0xc6f4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:11.050134897 CEST | 192.168.2.8 | 1.1.1.1 | 0xb630 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Oct 8, 2024 04:24:09.550729036 CEST | 1.1.1.1 | 192.168.2.8 | 0x7814 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.563744068 CEST | 1.1.1.1 | 192.168.2.8 | 0xb688 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.576412916 CEST | 1.1.1.1 | 192.168.2.8 | 0x4dfe | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.585962057 CEST | 1.1.1.1 | 192.168.2.8 | 0xe43d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.597158909 CEST | 1.1.1.1 | 192.168.2.8 | 0xd80e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.608499050 CEST | 1.1.1.1 | 192.168.2.8 | 0x1abd | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.618340969 CEST | 1.1.1.1 | 192.168.2.8 | 0xac7d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.640907049 CEST | 1.1.1.1 | 192.168.2.8 | 0xb0f3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.656258106 CEST | 1.1.1.1 | 192.168.2.8 | 0x6670 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Oct 8, 2024 04:24:09.664520979 CEST | 1.1.1.1 | 192.168.2.8 | 0xc6f4 | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 04:24:11.063030958 CEST | 1.1.1.1 | 192.168.2.8 | 0xb630 | No error (0) | 172.67.206.204 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 04:24:11.063030958 CEST | 1.1.1.1 | 192.168.2.8 | 0xb630 | No error (0) | 104.21.53.8 | A (IP address) | IN (0x0001) | false | ||
| Oct 8, 2024 04:24:24.935611010 CEST | 1.1.1.1 | 192.168.2.8 | 0x86ec | No error (0) | fp2e7a.wpc.phicdn.net | CNAME (Canonical name) | IN (0x0001) | false | ||
| Oct 8, 2024 04:24:24.935611010 CEST | 1.1.1.1 | 192.168.2.8 | 0x86ec | No error (0) | 192.229.221.95 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.8 | 49706 | 104.102.49.254 | 443 | 7760 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-08 02:24:10 UTC | 219 | OUT | |
| 2024-10-08 02:24:10 UTC | 1870 | IN | |
| 2024-10-08 02:24:10 UTC | 14514 | IN | |
| 2024-10-08 02:24:11 UTC | 16384 | IN | |
| 2024-10-08 02:24:11 UTC | 3768 | IN | |
| 2024-10-08 02:24:11 UTC | 171 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.8 | 49707 | 172.67.206.204 | 443 | 7760 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2024-10-08 02:24:11 UTC | 264 | OUT | |
| 2024-10-08 02:24:11 UTC | 8 | OUT | |
| 2024-10-08 02:24:12 UTC | 799 | IN | |
| 2024-10-08 02:24:12 UTC | 15 | IN | |
| 2024-10-08 02:24:12 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 22:24:08 |
| Start date: | 07/10/2024 |
| Path: | C:\Users\user\Desktop\j8zJ5Jwja4.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x720000 |
| File size: | 550'912 bytes |
| MD5 hash: | 65A8F223D7E0FB5CCA7E8AE22CD51B5E |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | low |
| Has exited: | true |
| Target ID: | 2 |
| Start time: | 22:24:08 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xdd0000 |
| File size: | 262'432 bytes |
| MD5 hash: | 8FDF47E0FF70C40ED3A17014AEEA4232 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
| Target ID: | 5 |
| Start time: | 22:24:08 |
| Start date: | 07/10/2024 |
| Path: | C:\Windows\SysWOW64\WerFault.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xfb0000 |
| File size: | 483'680 bytes |
| MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
Execution Graph
| Execution Coverage: | 0.7% |
| Dynamic/Decrypted Code Coverage: | 100% |
| Signature Coverage: | 6.1% |
| Total number of Nodes: | 229 |
| Total number of Limit Nodes: | 3 |
Graph
Function 00722021 Relevance: 9.4, APIs: 1, Strings: 4, Instructions: 631memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00736368 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMONLIBRARYCODE
Download Yara Rule
Control-flow Graph
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00738E2E Relevance: 4.7, APIs: 3, Instructions: 202COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073A3A6 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00739FAA Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076CB98 Relevance: 20.7, Strings: 15, Instructions: 1988COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077C568 Relevance: 11.5, Strings: 9, Instructions: 256COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C9E9 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073D39B Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C085 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 251COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C814 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072FEF0 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 449COMMONLIBRARYCODE
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074E175 Relevance: 7.2, Strings: 5, Instructions: 909COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074E2D5 Relevance: 6.7, Strings: 5, Instructions: 453COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075C938 Relevance: 6.7, Strings: 5, Instructions: 409COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076EF70 Relevance: 6.5, Strings: 5, Instructions: 258COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00727922 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00795288 Relevance: 5.3, Strings: 4, Instructions: 348COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076FAE2 Relevance: 5.2, Strings: 4, Instructions: 209COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00793642 Relevance: 5.1, Strings: 4, Instructions: 142COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C498 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00755618 Relevance: 4.1, Strings: 3, Instructions: 379COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007936EE Relevance: 3.9, Strings: 3, Instructions: 122COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077C224 Relevance: 3.8, Strings: 3, Instructions: 38COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073622B Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007949F8 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796FD8 Relevance: 2.7, Strings: 2, Instructions: 228COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00775EC3 Relevance: 2.6, Strings: 2, Instructions: 140COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796EA8 Relevance: 2.6, Strings: 2, Instructions: 98COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075BB58 Relevance: 2.6, Strings: 2, Instructions: 82COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00756C29 Relevance: 2.6, Strings: 2, Instructions: 71COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074DED8 Relevance: 2.5, Strings: 1, Instructions: 1296COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00791798 Relevance: 1.9, Strings: 1, Instructions: 618COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072729C Relevance: 1.7, APIs: 1, Instructions: 242COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007505B8 Relevance: 1.7, Strings: 1, Instructions: 448COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00775368 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00739ABF Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078074E Relevance: 1.6, Strings: 1, Instructions: 336COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C6EB Relevance: 1.6, APIs: 1, Instructions: 83COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073C91A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077A059 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00757908 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074E212 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00727AAF Relevance: 1.5, APIs: 1, Instructions: 3COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007974F8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077E388 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007947F8 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00780AD4 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075FA44 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075FCD4 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00721D79 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00781327 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796B98 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796D28 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076AF2D Relevance: 1.4, Strings: 1, Instructions: 108COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007938E2 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073CC4B Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00758F38 Relevance: .8, Instructions: 789COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00771908 Relevance: .7, Instructions: 700COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00758428 Relevance: .7, Instructions: 670COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00754278 Relevance: .7, Instructions: 657COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00754C78 Relevance: .6, Instructions: 592COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00757338 Relevance: .5, Instructions: 504COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077A438 Relevance: .4, Instructions: 380COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078143A Relevance: .4, Instructions: 358COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00794DA8 Relevance: .3, Instructions: 330COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073BB36 Relevance: .3, Instructions: 327COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007634A4 Relevance: .3, Instructions: 284COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00786078 Relevance: .3, Instructions: 277COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00752302 Relevance: .3, Instructions: 271COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077BADA Relevance: .3, Instructions: 256COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00784A88 Relevance: .3, Instructions: 254COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00775108 Relevance: .2, Instructions: 242COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00752268 Relevance: .2, Instructions: 223COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007922A8 Relevance: .2, Instructions: 220COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007818D8 Relevance: .2, Instructions: 215COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075B2D8 Relevance: .2, Instructions: 214COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0074E3F7 Relevance: .2, Instructions: 213COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00784858 Relevance: .2, Instructions: 198COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078BCB8 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075BCB9 Relevance: .2, Instructions: 189COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00786378 Relevance: .2, Instructions: 180COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00791048 Relevance: .2, Instructions: 167COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075A268 Relevance: .2, Instructions: 164COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00752B08 Relevance: .2, Instructions: 163COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075E3F3 Relevance: .1, Instructions: 135COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075E768 Relevance: .1, Instructions: 125COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077ABBB Relevance: .1, Instructions: 119COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00795EE8 Relevance: .1, Instructions: 118COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00781FF9 Relevance: .1, Instructions: 116COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078D598 Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00759AE8 Relevance: .1, Instructions: 106COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00790C08 Relevance: .1, Instructions: 97COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00751A58 Relevance: .1, Instructions: 95COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00762702 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077B175 Relevance: .1, Instructions: 91COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00793F68 Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00759BF8 Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00778278 Relevance: .1, Instructions: 79COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 007766E6 Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077C198 Relevance: .1, Instructions: 74COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00761920 Relevance: .1, Instructions: 73COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00788B78 Relevance: .1, Instructions: 64COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077E2E8 Relevance: .1, Instructions: 63COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00776410 Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075C81B Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077C3AC Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0075F058 Relevance: .0, Instructions: 47COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00768948 Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00793A08 Relevance: .0, Instructions: 29COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796140 Relevance: .0, Instructions: 28COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073A64C Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0078EC08 Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00722003 Relevance: .0, Instructions: 12COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00730F2E Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00762D4B Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0077D75B Relevance: .0, Instructions: 11COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00796343 Relevance: .0, Instructions: 9COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0079604C Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076338E Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0076165F Relevance: .0, Instructions: 6COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072A5C8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00735F4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072507A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00730F50 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 42libraryloaderCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073F356 Relevance: 9.3, APIs: 6, Instructions: 298COMMON
Download Yara Rule
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072A371 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 168COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00724436 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00723DB1 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00724308 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072B3A2 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00741093 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 147COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0072A96D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00726CA2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00725107 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00727740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0073612C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Execution Graph
| Execution Coverage: | 1.1% |
| Dynamic/Decrypted Code Coverage: | 0% |
| Signature Coverage: | 2.3% |
| Total number of Nodes: | 43 |
| Total number of Limit Nodes: | 6 |
Graph
Function 0040D390 Relevance: 6.2, APIs: 4, Instructions: 154threadCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004464F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00446040 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 72memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00446709 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
Download Yara Rule
Control-flow Graph
| APIs |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00445C4A Relevance: 1.6, APIs: 1, Instructions: 71libraryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443A20 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00443AA0 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMON
Download Yara Rule
Control-flow Graph
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 004396A0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99clipboardCOMMON
Download Yara Rule
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 00428230 Relevance: 1.7, APIs: 1, Instructions: 242comCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
Function 0043FDBB Relevance: 31.9, APIs: 11, Strings: 7, Instructions: 425memorycomCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|
| Strings |
| Memory Dump Source |
|
| Joe Sandbox IDA Plugin |
|
| Similarity |
|