Windows
Analysis Report
Loader.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Loader.exe (PID: 7096 cmdline:
"C:\Users\ user\Deskt op\Loader. exe" MD5: CB50ACC9B951B52306B95EAF8D4E2048) - Loader.exe (PID: 6972 cmdline:
"C:\Users\ user\Deskt op\Loader. exe" MD5: CB50ACC9B951B52306B95EAF8D4E2048) - Loader.exe (PID: 5200 cmdline:
"C:\Users\ user\Deskt op\Loader. exe" MD5: CB50ACC9B951B52306B95EAF8D4E2048) - WerFault.exe (PID: 2936 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 200 -s 188 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5668 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 5 200 -s 190 4 MD5: C31336C1EFC2CCB44B4326EA793040F2) - WerFault.exe (PID: 5392 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 096 -s 284 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["condifendteu.sbs", "resinedyw.sbs", "drawwyobstacw.sbs", "enlargkiw.sbs", "ehticsprocw.sbs", "allocatinow.sbs", "vennurviot.sbs", "mathcucom.sbs", "widdensmoywi.sbs"], "Build id": "HpOoIh--@qjwo1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:03.754512+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
2024-10-12T22:36:04.696511+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:05.691027+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
2024-10-12T22:36:06.659354+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
2024-10-12T22:36:07.640105+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
2024-10-12T22:36:08.737000+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
2024-10-12T22:36:09.687676+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
2024-10-12T22:36:10.665845+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:12.787291+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49755 | 172.67.206.204 | 443 | TCP |
2024-10-12T22:36:13.768308+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.6 | 49761 | 172.67.206.204 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:03.754512+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
2024-10-12T22:36:04.696511+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:05.691027+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
2024-10-12T22:36:06.659354+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
2024-10-12T22:36:07.640105+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
2024-10-12T22:36:08.737000+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
2024-10-12T22:36:09.687676+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
2024-10-12T22:36:10.665845+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:12.787291+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.6 | 49755 | 172.67.206.204 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:13.768308+0200 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.6 | 49761 | 172.67.206.204 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:09.254568+0200 | 2056559 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:10.181687+0200 | 2056557 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:08.298990+0200 | 2056561 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:05.271502+0200 | 2056567 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:04.269367+0200 | 2056571 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:06.214986+0200 | 2056565 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:07.184611+0200 | 2056563 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:03.254074+0200 | 2056573 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:04.698408+0200 | 2056568 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 53786 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:08.748838+0200 | 2056558 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 58354 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:09.689166+0200 | 2056556 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 50135 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:07.803851+0200 | 2056560 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 63149 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:04.758725+0200 | 2056566 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 50381 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:03.762048+0200 | 2056570 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 64493 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:05.716570+0200 | 2056564 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 50222 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:06.687782+0200 | 2056562 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 51843 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:02.740997+0200 | 2056572 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 55988 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:12.025576+0200 | 2858666 | 1 | Domain Observed Used for C2 Detected | 192.168.2.6 | 49744 | 104.102.49.254 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | URL Reputation: | ||
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_001A9DAA | |
Source: | Code function: | 2_2_001A9DAA |
Source: | Code function: | 0_2_001EE020 | |
Source: | Code function: | 0_2_001E8070 | |
Source: | Code function: | 0_2_001DC080 | |
Source: | Code function: | 0_2_001CC144 | |
Source: | Code function: | 0_2_001F02BA | |
Source: | Code function: | 0_2_002042E0 | |
Source: | Code function: | 0_2_001EA3A5 | |
Source: | Code function: | 0_2_001DC3E0 | |
Source: | Code function: | 0_2_001FE4F0 | |
Source: | Code function: | 0_2_001EE56A | |
Source: | Code function: | 0_2_001FE650 | |
Source: | Code function: | 0_2_001DC673 | |
Source: | Code function: | 0_2_001CE672 | |
Source: | Code function: | 0_2_001DE6E0 | |
Source: | Code function: | 0_2_001CE7A8 | |
Source: | Code function: | 0_2_001EA813 | |
Source: | Code function: | 0_2_001F0892 | |
Source: | Code function: | 0_2_001F0892 | |
Source: | Code function: | 0_2_001FE9A0 | |
Source: | Code function: | 0_2_001EC9F2 | |
Source: | Code function: | 0_2_001C4A90 | |
Source: | Code function: | 0_2_001EAAD8 | |
Source: | Code function: | 0_2_00204B30 | |
Source: | Code function: | 0_2_001EAB28 | |
Source: | Code function: | 0_2_001FABBD | |
Source: | Code function: | 0_2_001FEBC0 | |
Source: | Code function: | 0_2_001FEBC0 | |
Source: | Code function: | 0_2_001FCD00 | |
Source: | Code function: | 0_2_001CAD60 | |
Source: | Code function: | 0_2_001DCE13 | |
Source: | Code function: | 0_2_001DCE13 | |
Source: | Code function: | 0_2_001DCE13 | |
Source: | Code function: | 0_2_00204E00 | |
Source: | Code function: | 0_2_00204E00 | |
Source: | Code function: | 0_2_001E8E5D | |
Source: | Code function: | 0_2_001BEF00 | |
Source: | Code function: | 0_2_001CCFC0 | |
Source: | Code function: | 0_2_00200FD0 | |
Source: | Code function: | 0_2_001FEFE0 | |
Source: | Code function: | 0_2_001FEFE0 | |
Source: | Code function: | 0_2_001ED1F0 | |
Source: | Code function: | 0_2_001E31E2 | |
Source: | Code function: | 0_2_001E31E2 | |
Source: | Code function: | 0_2_001E31E2 | |
Source: | Code function: | 0_2_001E5250 | |
Source: | Code function: | 0_2_001E9400 | |
Source: | Code function: | 0_2_001E9400 | |
Source: | Code function: | 0_2_001EB430 | |
Source: | Code function: | 0_2_001E7490 | |
Source: | Code function: | 0_2_001C35F0 | |
Source: | Code function: | 0_2_002017E4 | |
Source: | Code function: | 0_2_001CB7C0 | |
Source: | Code function: | 0_2_001CB7C0 | |
Source: | Code function: | 0_2_001E97F0 | |
Source: | Code function: | 0_2_001F77F0 | |
Source: | Code function: | 0_2_001ED800 | |
Source: | Code function: | 0_2_001CD843 | |
Source: | Code function: | 0_2_002018B5 | |
Source: | Code function: | 0_2_001CD8F6 | |
Source: | Code function: | 0_2_001DFA3E | |
Source: | Code function: | 0_2_00203B77 | |
Source: | Code function: | 0_2_00203EC4 | |
Source: | Code function: | 0_2_001EBF45 | |
Source: | Code function: | 0_2_001EBF45 | |
Source: | Code function: | 0_2_001EBFD7 | |
Source: | Code function: | 0_2_001DFFF7 | |
Source: | Code function: | 0_2_00201FD2 | |
Source: | Code function: | 3_2_004438E4 | |
Source: | Code function: | 3_2_004439B5 | |
Source: | Code function: | 3_2_0043CCC5 | |
Source: | Code function: | 3_2_00443D4F | |
Source: | Code function: | 3_2_0040CE60 | |
Source: | Code function: | 3_2_0042E049 | |
Source: | Code function: | 3_2_0042E049 | |
Source: | Code function: | 3_2_00401000 | |
Source: | Code function: | 3_2_0040F0C0 | |
Source: | Code function: | 3_2_004430D0 | |
Source: | Code function: | 3_2_0042E0D7 | |
Source: | Code function: | 3_2_004410E0 | |
Source: | Code function: | 3_2_004410E0 | |
Source: | Code function: | 3_2_004320A3 | |
Source: | Code function: | 3_2_00430120 | |
Source: | Code function: | 3_2_00430120 | |
Source: | Code function: | 3_2_0041E180 | |
Source: | Code function: | 3_2_0040E244 | |
Source: | Code function: | 3_2_004252E2 | |
Source: | Code function: | 3_2_004252E2 | |
Source: | Code function: | 3_2_004252E2 | |
Source: | Code function: | 3_2_0042C2EE | |
Source: | Code function: | 3_2_0042F2F0 | |
Source: | Code function: | 3_2_004452A0 | |
Source: | Code function: | 3_2_004452A0 | |
Source: | Code function: | 3_2_00427350 | |
Source: | Code function: | 3_2_00429370 | |
Source: | Code function: | 3_2_00429370 | |
Source: | Code function: | 3_2_004463E0 | |
Source: | Code function: | 3_2_004453F0 | |
Source: | Code function: | 3_2_004453F0 | |
Source: | Code function: | 3_2_0041E4E0 | |
Source: | Code function: | 3_2_0042B500 | |
Source: | Code function: | 3_2_0042B500 | |
Source: | Code function: | 3_2_00429500 | |
Source: | Code function: | 3_2_0042D530 | |
Source: | Code function: | 3_2_004405F0 | |
Source: | Code function: | 3_2_004455B0 | |
Source: | Code function: | 3_2_004455B0 | |
Source: | Code function: | 3_2_0041E670 | |
Source: | Code function: | 3_2_004056F0 | |
Source: | Code function: | 3_2_00440750 | |
Source: | Code function: | 3_2_00410772 | |
Source: | Code function: | 3_2_00445700 | |
Source: | Code function: | 3_2_00445700 | |
Source: | Code function: | 3_2_0042E7C2 | |
Source: | Code function: | 3_2_004207E0 | |
Source: | Code function: | 3_2_004457F0 | |
Source: | Code function: | 3_2_004457F0 | |
Source: | Code function: | 3_2_0040F819 | |
Source: | Code function: | 3_2_0040F819 | |
Source: | Code function: | 3_2_0040D8C0 | |
Source: | Code function: | 3_2_0040D8C0 | |
Source: | Code function: | 3_2_0042B8F0 | |
Source: | Code function: | 3_2_004398F0 | |
Source: | Code function: | 3_2_004108A8 | |
Source: | Code function: | 3_2_0042F900 | |
Source: | Code function: | 3_2_0042C913 | |
Source: | Code function: | 3_2_00432992 | |
Source: | Code function: | 3_2_00432992 | |
Source: | Code function: | 3_2_00421A60 | |
Source: | Code function: | 3_2_00440AA0 | |
Source: | Code function: | 3_2_00445B20 | |
Source: | Code function: | 3_2_00445B20 | |
Source: | Code function: | 3_2_0042CBDC | |
Source: | Code function: | 3_2_00406B90 | |
Source: | Code function: | 3_2_0042CC28 | |
Source: | Code function: | 3_2_00446C30 | |
Source: | Code function: | 3_2_00440CC0 | |
Source: | Code function: | 3_2_00440CC0 | |
Source: | Code function: | 3_2_0042AD00 | |
Source: | Code function: | 3_2_00445E70 | |
Source: | Code function: | 3_2_0043EE00 | |
Source: | Code function: | 3_2_0041EE2E | |
Source: | Code function: | 3_2_0041EE2E | |
Source: | Code function: | 3_2_0041EE2E | |
Source: | Code function: | 3_2_00446F00 | |
Source: | Code function: | 3_2_00446F00 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 3_2_00436F40 |
Source: | Code function: | 3_2_00436F40 |
Source: | Code function: | 0_2_001EE020 | |
Source: | Code function: | 0_2_001FA1A0 | |
Source: | Code function: | 0_2_001C6220 | |
Source: | Code function: | 0_2_00202360 | |
Source: | Code function: | 0_2_001DA496 | |
Source: | Code function: | 0_2_001D8496 | |
Source: | Code function: | 0_2_001C84A0 | |
Source: | Code function: | 0_2_0019C62E | |
Source: | Code function: | 0_2_001DE6E0 | |
Source: | Code function: | 0_2_00202770 | |
Source: | Code function: | 0_2_001F0892 | |
Source: | Code function: | 0_2_001D4882 | |
Source: | Code function: | 0_2_00204890 | |
Source: | Code function: | 0_2_001F4990 | |
Source: | Code function: | 0_2_001ECA95 | |
Source: | Code function: | 0_2_00204B30 | |
Source: | Code function: | 0_2_001E0B00 | |
Source: | Code function: | 0_2_001C8B60 | |
Source: | Code function: | 0_2_001F4C00 | |
Source: | Code function: | 0_2_00202C60 | |
Source: | Code function: | 0_2_001CCC40 | |
Source: | Code function: | 0_2_001C4DD0 | |
Source: | Code function: | 0_2_00204E00 | |
Source: | Code function: | 0_2_001C2E50 | |
Source: | Code function: | 0_2_00196E6F | |
Source: | Code function: | 0_2_001D6F0F | |
Source: | Code function: | 0_2_001BEF00 | |
Source: | Code function: | 0_2_001EEFD9 | |
Source: | Code function: | 0_2_001CCFC0 | |
Source: | Code function: | 0_2_001D2FC0 | |
Source: | Code function: | 0_2_001C8FF0 | |
Source: | Code function: | 0_2_001FEFE0 | |
Source: | Code function: | 0_2_001CF000 | |
Source: | Code function: | 0_2_001A9074 | |
Source: | Code function: | 0_2_002050F0 | |
Source: | Code function: | 0_2_001CF1A3 | |
Source: | Code function: | 0_2_001F31D0 | |
Source: | Code function: | 0_2_001BF1F3 | |
Source: | Code function: | 0_2_001E31E2 | |
Source: | Code function: | 0_2_001EB227 | |
Source: | Code function: | 0_2_001BF24E | |
Source: | Code function: | 0_2_001D3397 | |
Source: | Code function: | 0_2_001CB3D0 | |
Source: | Code function: | 0_2_001E1410 | |
Source: | Code function: | 0_2_001E9400 | |
Source: | Code function: | 0_2_001F3400 | |
Source: | Code function: | 0_2_001BF437 | |
Source: | Code function: | 0_2_001BF4B1 | |
Source: | Code function: | 0_2_001E54B0 | |
Source: | Code function: | 0_2_001BF502 | |
Source: | Code function: | 0_2_001EF5CE | |
Source: | Code function: | 0_2_001C1670 | |
Source: | Code function: | 0_2_001AD7A5 | |
Source: | Code function: | 0_2_001C57D0 | |
Source: | Code function: | 0_2_001CB7C0 | |
Source: | Code function: | 0_2_001ED800 | |
Source: | Code function: | 0_2_001F9870 | |
Source: | Code function: | 0_2_001C78F6 | |
Source: | Code function: | 0_2_001D99AE | |
Source: | Code function: | 0_2_001DFA3E | |
Source: | Code function: | 0_2_001F9AD0 | |
Source: | Code function: | 0_2_0019FB00 | |
Source: | Code function: | 0_2_001C9B00 | |
Source: | Code function: | 0_2_001E1B30 | |
Source: | Code function: | 0_2_00203B77 | |
Source: | Code function: | 0_2_001CFB6A | |
Source: | Code function: | 0_2_001D9C73 | |
Source: | Code function: | 0_2_00191CD2 | |
Source: | Code function: | 0_2_00201E21 | |
Source: | Code function: | 0_2_001ABE21 | |
Source: | Code function: | 0_2_00191F1A | |
Source: | Code function: | 0_2_001A3F53 | |
Source: | Code function: | 0_2_001C7FE0 | |
Source: | Code function: | 2_2_001A9074 | |
Source: | Code function: | 2_2_0019FB00 | |
Source: | Code function: | 2_2_00191CD2 | |
Source: | Code function: | 2_2_0019C62E | |
Source: | Code function: | 2_2_001ABE21 | |
Source: | Code function: | 2_2_00196E6F | |
Source: | Code function: | 2_2_00191F1A | |
Source: | Code function: | 2_2_001A3F53 | |
Source: | Code function: | 2_2_001AD7A5 | |
Source: | Code function: | 3_2_004112A3 | |
Source: | Code function: | 3_2_00443D4F | |
Source: | Code function: | 3_2_00401000 | |
Source: | Code function: | 3_2_0041900F | |
Source: | Code function: | 3_2_0040F0C0 | |
Source: | Code function: | 3_2_004150C0 | |
Source: | Code function: | 3_2_0040A0E0 | |
Source: | Code function: | 3_2_004410E0 | |
Source: | Code function: | 3_2_0040B0F0 | |
Source: | Code function: | 3_2_004320A3 | |
Source: | Code function: | 3_2_00411100 | |
Source: | Code function: | 3_2_00430120 | |
Source: | Code function: | 3_2_004471F0 | |
Source: | Code function: | 3_2_00420233 | |
Source: | Code function: | 3_2_004352D0 | |
Source: | Code function: | 3_2_004252E2 | |
Source: | Code function: | 3_2_0042C2EE | |
Source: | Code function: | 3_2_004012F3 | |
Source: | Code function: | 3_2_0043C2A0 | |
Source: | Code function: | 3_2_004452A0 | |
Source: | Code function: | 3_2_004122B0 | |
Source: | Code function: | 3_2_0040134E | |
Source: | Code function: | 3_2_00429370 | |
Source: | Code function: | 3_2_00408320 | |
Source: | Code function: | 3_2_0042D327 | |
Source: | Code function: | 3_2_004453F0 | |
Source: | Code function: | 3_2_00444460 | |
Source: | Code function: | 3_2_0040D4D0 | |
Source: | Code function: | 3_2_00415497 | |
Source: | Code function: | 3_2_0042B500 | |
Source: | Code function: | 3_2_00429500 | |
Source: | Code function: | 3_2_00435500 | |
Source: | Code function: | 3_2_00423510 | |
Source: | Code function: | 3_2_0042D530 | |
Source: | Code function: | 3_2_0041A596 | |
Source: | Code function: | 3_2_0041C596 | |
Source: | Code function: | 3_2_0040A5A0 | |
Source: | Code function: | 3_2_004275B0 | |
Source: | Code function: | 3_2_004455B0 | |
Source: | Code function: | 3_2_00401602 | |
Source: | Code function: | 3_2_004316CE | |
Source: | Code function: | 3_2_00403770 | |
Source: | Code function: | 3_2_00428770 | |
Source: | Code function: | 3_2_00445700 | |
Source: | Code function: | 3_2_0042E7C2 | |
Source: | Code function: | 3_2_004207E0 | |
Source: | Code function: | 3_2_004457F0 | |
Source: | Code function: | 3_2_00444870 | |
Source: | Code function: | 3_2_0040F819 | |
Source: | Code function: | 3_2_0040D8C0 | |
Source: | Code function: | 3_2_004078D0 | |
Source: | Code function: | 3_2_0042C8DA | |
Source: | Code function: | 3_2_0043B970 | |
Source: | Code function: | 3_2_0042F900 | |
Source: | Code function: | 3_2_0042C931 | |
Source: | Code function: | 3_2_00416982 | |
Source: | Code function: | 3_2_00432992 | |
Source: | Code function: | 3_2_00446990 | |
Source: | Code function: | 3_2_00421A60 | |
Source: | Code function: | 3_2_0041FAC9 | |
Source: | Code function: | 3_2_0042BAF1 | |
Source: | Code function: | 3_2_00436A90 | |
Source: | Code function: | 3_2_0041BAAE | |
Source: | Code function: | 3_2_00445B20 | |
Source: | Code function: | 3_2_0043BBD0 | |
Source: | Code function: | 3_2_00411C5B | |
Source: | Code function: | 3_2_0040AC60 | |
Source: | Code function: | 3_2_00427C6E | |
Source: | Code function: | 3_2_0040BC00 | |
Source: | Code function: | 3_2_00422C00 | |
Source: | Code function: | 3_2_0043CC17 | |
Source: | Code function: | 3_2_00423C30 | |
Source: | Code function: | 3_2_00446C30 | |
Source: | Code function: | 3_2_0040ED40 | |
Source: | Code function: | 3_2_00444D60 | |
Source: | Code function: | 3_2_00408D70 | |
Source: | Code function: | 3_2_0041BD73 | |
Source: | Code function: | 3_2_0042AD00 | |
Source: | Code function: | 3_2_00436D00 | |
Source: | Code function: | 3_2_00404E60 | |
Source: | Code function: | 3_2_0041EE2E | |
Source: | Code function: | 3_2_00406ED0 | |
Source: | Code function: | 3_2_00446F00 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_0043C754 |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 0_2_00192198 | |
Source: | Command line argument: | 0_2_00192198 | |
Source: | Command line argument: | 0_2_00192198 |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_001922BF | |
Source: | Code function: | 0_2_00196D88 | |
Source: | Code function: | 0_2_0020718E | |
Source: | Code function: | 2_2_001922BF | |
Source: | Code function: | 2_2_00196D88 | |
Source: | Code function: | 3_2_00449C8E |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Check user administrative privileges: | graph_3-19242 |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_001A9DAA | |
Source: | Code function: | 2_2_001A9DAA |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_3-19243 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 3_2_00443090 |
Source: | Code function: | 0_2_0019D1AF |
Source: | Code function: | 0_2_00192198 | |
Source: | Code function: | 0_2_001AA937 | |
Source: | Code function: | 0_2_001A0D89 | |
Source: | Code function: | 2_2_001AA937 | |
Source: | Code function: | 2_2_00192198 | |
Source: | Code function: | 2_2_001A0D89 |
Source: | Code function: | 0_2_001ACF36 |
Source: | Code function: | 0_2_0019D1AF | |
Source: | Code function: | 0_2_001971E0 | |
Source: | Code function: | 0_2_00197508 | |
Source: | Code function: | 0_2_00197695 | |
Source: | Code function: | 2_2_0019D1AF | |
Source: | Code function: | 2_2_001971E0 | |
Source: | Code function: | 2_2_00197508 | |
Source: | Code function: | 2_2_00197695 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 0_2_001AC370 | |
Source: | Code function: | 0_2_001AC612 | |
Source: | Code function: | 0_2_001AC65D | |
Source: | Code function: | 0_2_001AC6F8 | |
Source: | Code function: | 0_2_001AC783 | |
Source: | Code function: | 0_2_001AC9D6 | |
Source: | Code function: | 0_2_001ACAFF | |
Source: | Code function: | 0_2_001ACC05 | |
Source: | Code function: | 0_2_001ACCD4 | |
Source: | Code function: | 0_2_001A3366 | |
Source: | Code function: | 0_2_001A3810 | |
Source: | Code function: | 2_2_001A3810 | |
Source: | Code function: | 2_2_001AC9D6 | |
Source: | Code function: | 2_2_001ACAFF | |
Source: | Code function: | 2_2_001AC370 | |
Source: | Code function: | 2_2_001A3366 | |
Source: | Code function: | 2_2_001ACC05 | |
Source: | Code function: | 2_2_001ACCD4 | |
Source: | Code function: | 2_2_001AC612 | |
Source: | Code function: | 2_2_001AC65D | |
Source: | Code function: | 2_2_001AC6F8 | |
Source: | Code function: | 2_2_001AC783 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00197402 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 111 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 111 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 41 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 1 PowerShell | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 2 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Software Packing | LSA Secrets | 1 Account Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 DLL Side-Loading | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 33 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
42% | ReversingLabs | Win32.Trojan.CrypterX | ||
41% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1361748 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
condifendteu.sbs | 104.21.79.35 | true | true |
| unknown |
steamcommunity.com | 104.102.49.254 | true | true |
| unknown |
vennurviot.sbs | 172.67.140.193 | true | true |
| unknown |
drawwyobstacw.sbs | 188.114.96.3 | true | true |
| unknown |
mathcucom.sbs | 188.114.96.3 | true | true |
| unknown |
widdensmoywi.sbs | 104.21.8.37 | true | true |
| unknown |
sergei-esenin.com | 172.67.206.204 | true | true |
| unknown |
ehticsprocw.sbs | 172.67.173.224 | true | true |
| unknown |
resinedyw.sbs | 172.67.205.156 | true | true |
| unknown |
enlargkiw.sbs | 104.21.33.249 | true | true |
| unknown |
allocatinow.sbs | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true |
| unknown | |
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.33.249 | enlargkiw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.173.224 | ehticsprocw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | drawwyobstacw.sbs | European Union | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | true | |
172.67.205.156 | resinedyw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.140.193 | vennurviot.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.79.35 | condifendteu.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.8.37 | widdensmoywi.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.206.204 | sergei-esenin.com | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532242 |
Start date and time: | 2024-10-12 22:35:08 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Loader.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@8/13@11/9 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.89.179.12, 20.42.65.92
- Excluded domains from analysis (whitelisted): client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, ocsp.digicert.com, login.live.com, otelrules.azureedge.net, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, onedsblobprdcus17.centralus.cloudapp.azure.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Loader.exe, PID 6972 because there are no executed function
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
16:36:02 | API Interceptor | |
16:36:04 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.33.249 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC, Vidar | Browse | |||
172.67.173.224 | Get hash | malicious | LummaC | Browse | ||
188.114.96.3 | Get hash | malicious | Lokibot | Browse |
| |
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
104.102.49.254 | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
drawwyobstacw.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
vennurviot.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
mathcucom.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
| ||
condifendteu.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Cryptbot, LummaC Stealer, RedLine, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Vidar | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
AKAMAI-ASUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Loader.exe_77471525334c8b14c8bdc1925498d9a2270c332_00a9e466_1e40f4b4-72b8-488c-93ed-b9672588f9e0\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0409599350511907 |
Encrypted: | false |
SSDEEP: | 96:+OFTG2KsUhY1yDfAQXIDcQzc6rcEqcw3M3+HbHggggS/Yy2rLhOyRxDfQLPF5rsn:xBKV0Nvw4cjGm5ySOzuiF2Z24IO8LQ |
MD5: | B37DF4681194381A9C7FBD334047FAD6 |
SHA1: | 7961062EB683FF64577791F649FCC9C5366EDFC0 |
SHA-256: | 331DE58736CA960B79E1C3A4B897F9E5DA7161D00FBF35884851DD53B62EFC1B |
SHA-512: | 5EA52A9FBAD593E9D91257BDCBD154E1BFCEF35122B3F5F369D25A1779F34F49BC4FBA32AA3AADFABB8EE1E022E915FC13051F8AC7BCE206D0BE331E018FD87B |
Malicious: | true |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Loader.exe_b815356964293c838cede0c4a3c92463e86ea911_00a9e466_32e7d15c-7355-41ce-b09f-98a33d50d914\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | modified |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0461998141723694 |
Encrypted: | false |
SSDEEP: | 192:rQU/Piq05RL5jGm5ySOzuiF2Z24IO8OQ:EU/ax5RL5jPfOzuiF2Y4IO8O |
MD5: | 299F4C245BC20BC4AA5561BE262FD189 |
SHA1: | 6BCA8F5579E3B10BCB1CAFD6A955CD7FFFABC25A |
SHA-256: | ACCCE4E532E589AFDCE8DF6A7942541494D9EF4716796748287B19423F2F0B9E |
SHA-512: | F90870737D5159BD94AF981F587A81401FFB099D2351D4A210967C77ABDC3B31CEBE624E27B78376C55B609C55A379439A538BC7EE703034C346AED6847DA25E |
Malicious: | true |
Reputation: | low |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Loader.exe_cb31ed643f3fc60e893b10d5662d7ffd15dc47_d9249e67_e58a3cdf-0c76-4fca-bfea-a73be3584e5f\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.6420461588339392 |
Encrypted: | false |
SSDEEP: | 96:HuF/Duo2aRsUh/e7ifNQXIDcQvc6QcEVcw3cE/3+HbHg/5hZAX/d5FMT2SlPkpXR:O9Uk80BU/QjhzuiF2Z24IO8L |
MD5: | E8A463BF48833983E74E850EA32B40B0 |
SHA1: | C761E13B67B80014000582C4EF2B3B4164E6F77A |
SHA-256: | 19F14DEA684C722E05B076B8DFBECD7261454C849D169F3F737E9D210AC23C2D |
SHA-512: | 6AC14DE3D4051DCA47E1B78F0FD5ADBE8B29458F3F3926C323882193D1B45437CE53E042163230C7EA0CA3D9C9C7A29471731DE4FA0F0B03BF67BF0DD2D120F7 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 123820 |
Entropy (8bit): | 1.9721705128887455 |
Encrypted: | false |
SSDEEP: | 384:L04TkSpfkBvek0yZr2A8zSfbrJGV+vmRs5hc2CKRf7A/C3WpcEZjF:o43pfkBGcwAIE/c+uRsTnfU/WgZ |
MD5: | 74B5A867C61D14539A8C9A23354AF0D9 |
SHA1: | B24820AFA77085F447ED8EDD1465D55CDA7FBFB1 |
SHA-256: | 1B7F7E5989C07C480134ABE692EC206AA302CA97DFEDB8173D69D6CB572AAA40 |
SHA-512: | 869024E692E7156E289B23CD2A8474C209E431DD293C4AD73F39BFBF9DD7181B3744A1B7DE44027A0872D6DD83C5F2E7242E7907C66B9038DF3B486431D5106E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6348 |
Entropy (8bit): | 3.7031912502298407 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetb8m66kY/+JPf6SJ55aMQUM89bP3sfy1lm:R6l7wVeJP66kYmJPJpDM89bP3sfy1lm |
MD5: | 06CA2785F70E2D8DF872D5689242553A |
SHA1: | 04D0AD692F274DD57E3041066B5731603E74E6CF |
SHA-256: | 567D9B00070728E8084582BC6BE115D19ADE2071366D74CA80F32D73ABA8D30A |
SHA-512: | 7C9AC94D292395A7C7E35024AE785BFF7432D5EEC47A6CCA9BA78BF776FDEBFEDC712E4DADF458A9697C48D96A1F6D2C1FA173FA8E1123FA5A12CDE3151F5523 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4670 |
Entropy (8bit): | 4.425998542330923 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsQJg77aI9XEWpW8VYMYm8M4J9hFhD+q8v9CudQiwid:uIjfWI7hd7VcJDDKFdlwid |
MD5: | 82C8B6CB7283FA26B3B99B5F2985F0A1 |
SHA1: | 04C7BAD5A94DA6B0D45C16CC6C875031649C07A3 |
SHA-256: | B7C26F625BB32191D1DF0EB5D64B6795FE9CB56190C978CB99B826E718E6F60C |
SHA-512: | 4503B092BAD166FA6FA1D85FE0BA0BD05DFD1000B9261EA4D73BB8412CF430052433AD1E37AAC03B833F82295BE79DAAFFEF779A023A0B910E9F5422A87B8A9D |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32954 |
Entropy (8bit): | 1.7402327385029992 |
Encrypted: | false |
SSDEEP: | 192:PkYvZfmmyO0qEbOJXdkg6bguUGp65J9mWu:/Z90iJX0UGg5JM |
MD5: | 83BD6ED4195D03B6BC9147C1364EBAA1 |
SHA1: | F43CCD3CA2873EC22DFA35FBF3E5169463DAA3E2 |
SHA-256: | DD881A5E2088475923EFA26CF90F2E8F537656ACCC4CCB8393753C74EB961DCD |
SHA-512: | 22A598E113D99D4842BBFD2494AAE6F30F828ECE4343C1C501E54CBE52E4623FAF7A3B255BA737E7C9C125F94D31797E1856E28A1982B9D13DA3578577EE58BE |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8274 |
Entropy (8bit): | 3.6871615268553817 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJQc6vS6Y2DESUOgmfEbpr089bKHsfKOm:R6lXJL666YJSUOgmfEHKMfa |
MD5: | 4CC77A9E044CD62E31B3090822FBCDB7 |
SHA1: | 4DBEB2248B7BC5F42DB92D4673BEDEF11849EA02 |
SHA-256: | DA0A1359C23A22CC0DE8AFCCD7853F1BB68D122C95C2CD0060F2AD76336B3693 |
SHA-512: | 9DCB8F046D9BC6F2C6845E044177A24CA1FFC70DC3C65D4D640860893186F38A913E8B9C60521962C9B2E6FAAE01605CE385DEA44E54E180330D0C82247D7470 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4555 |
Entropy (8bit): | 4.436426714247443 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsQJg77aI9XEWpW8VY0Ym8M4JKmF/+q8e2odQiw5d:uIjfWI7hd7V8JTGodlw5d |
MD5: | 5D230DAE5C797B4A21786476519B1D7E |
SHA1: | 87FAEC83D0D0BC487DAA6DD6D842D2A60F12DDE9 |
SHA-256: | C6B2C77D7E7B7DB269F7AFA637DE7E28125B03B0D80455A426F5AE7BF8414B01 |
SHA-512: | 10275D990EF998BB5D272AF5608D463A00555ABBA90F3EFC74DC5FB3A3F4390CA1683CBACEABBD49D4A29E96121413537B771A09B66CE566A4C58A0C64320AB2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 123330 |
Entropy (8bit): | 1.9647775998473684 |
Encrypted: | false |
SSDEEP: | 384:/kSKFkBve8U0yZr2AkGSfbrJGVXQRP5hImv4/LomMw9E5:/3MkBG8swABE/cXQRPTt40mV9 |
MD5: | A648B2726C41C5E73C1CFF9143417346 |
SHA1: | 26260C46CB206BEAF5E3FBAD74354AD133ADB402 |
SHA-256: | A74FBD6C0B8222FE984A954968911D618C3C6AFF2ED08B2F5A77795F9C874955 |
SHA-512: | D990A6B98B5634F7C182D2E87FA09D0D6AB8815E349107E26D47BD06D0254A927ED0E735E977F603301C5FCB5D51CC99779BABD34819B2D3FBD16E757A11071A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6298 |
Entropy (8bit): | 3.712449321588773 |
Encrypted: | false |
SSDEEP: | 96:RSIU6o7wVetb8m36qHYY+JzQZJ55aM4U289b53sf7zm:R6l7wVeJP36SYtJzQ3pr289b53sf7zm |
MD5: | DA786E75231CFCD598ABD14B1335FF58 |
SHA1: | 2020EFC98C35FBDE46B2D0A2576EC590999CF2B8 |
SHA-256: | 5FCAB27A650C33BD3C44DCA5C9BDA7AE569D78B99E06DB584C81583B67911941 |
SHA-512: | B7FE4473AB1E805DF07C5103DEFAA48F5C443AC5A04675AA821C9A156F36C22894719E34C56FE0DD8DA2C79F9267D7FC8CED7377C3F2AF26A7FFA1AFB89CBE1A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4569 |
Entropy (8bit): | 4.438477875068169 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsQJg77aI9XEWpW8VYFYm8M4J9kFkj+q8cyudQiwid:uIjfWI7hd7VZJFLdlwid |
MD5: | 1F60B5DC383C4234F4D611F75C028A71 |
SHA1: | EC73AEA41CA55B8849005EE55063ABB3C0DE0E1C |
SHA-256: | 8FDB10F2CB1A6DD2F27FE1104D3CCCA5806766F34345E7D2BDA1B420E7EB5DCB |
SHA-512: | C46911928608D3D721D3AEFD28DBC63B78755A4EC6F90EEEA141894476D19311DE0936E6359CC2920D68122181021FA0067560DF94E954CF2EF3898B73833285 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.468552463259391 |
Encrypted: | false |
SSDEEP: | 6144:yzZfpi6ceLPx9skLmb0frZWSP3aJG8nAgeiJRMMhA2zX4WABluuNijDH5S:UZHtrZWOKnMM6bFpcj4 |
MD5: | 0FDB2EEED0DB4B8AE4244BF5F02A38B3 |
SHA1: | 3099CED2713D09F745479570F717836124AC9EAF |
SHA-256: | 4908B6BC4A7FEE1D75EEBDDBC9526996D425A65F2E1A0813D3A56604135E963A |
SHA-512: | 57A3927A2EE7366BF949388FB9DFB004E443FD1EBBD48D39EACE261BE51817EE07FC41D0ABCD8C5A3B262775BA454AF2C788B89B6C4DB178766272438D436F06 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.7256152523901545 |
TrID: |
|
File name: | Loader.exe |
File size: | 581'008 bytes |
MD5: | cb50acc9b951b52306b95eaf8d4e2048 |
SHA1: | fd087d7b18d9dd37cb68f811f72de6c0dbbbfd31 |
SHA256: | 16fd5c981d6da5cbd47293b35b0dd26c756493fe3f88d5613810a2f9b5159b39 |
SHA512: | a5c7fe0ddf98a79da2f369c0c104941c1ca626b7a61d0dbdc82853053240a941c4886add3788fed3c6c5fca89ea02ba2e933c5fca6cf44d52dd9eafd02d5af5c |
SSDEEP: | 12288:9nd8lywbKG/kz3lLEIfUN0YtUqifN0mCb0LwoMZJRv9qB+9lec8OGY5BA:99wW53lYIfM0fOzoLwoMZJR2+ve717 |
TLSH: | C9C4F15275C08073EAB7153102E4DA726E7DB6E10E5069DF63D59FBE0F613C0EA20A6B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........a.............U.......U...,...U.......U.......................................................Rich........................... |
Icon Hash: | 00928e8e8686b000 |
Entrypoint: | 0x406b1a |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6709465D [Fri Oct 11 15:38:05 2024 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 2bf5d9e2e4bbff197e62f5db8f2f3336 |
Signature Valid: | false |
Signature Issuer: | CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2169E18183DAF704160A117E905BFDA4 |
Thumbprint SHA-1: | CB9C4FBEA1D87D2D468AC5A9CAAB0163F6AD8401 |
Thumbprint SHA-256: | C4405F06DFB035F3AD360D29D27D434E004E054B6FB18FA3A5566A9F9AFA8296 |
Serial: | 3300000557CF90DDC7D1C0888C000000000557 |
Instruction |
---|
call 00007F41C1A94FC5h |
jmp 00007F41C1A9450Fh |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
push esi |
mov ecx, dword ptr [eax+3Ch] |
add ecx, eax |
movzx eax, word ptr [ecx+14h] |
lea edx, dword ptr [ecx+18h] |
add edx, eax |
movzx eax, word ptr [ecx+06h] |
imul esi, eax, 28h |
add esi, edx |
cmp edx, esi |
je 00007F41C1A946ABh |
mov ecx, dword ptr [ebp+0Ch] |
cmp ecx, dword ptr [edx+0Ch] |
jc 00007F41C1A9469Ch |
mov eax, dword ptr [edx+08h] |
add eax, dword ptr [edx+0Ch] |
cmp ecx, eax |
jc 00007F41C1A9469Eh |
add edx, 28h |
cmp edx, esi |
jne 00007F41C1A9467Ch |
xor eax, eax |
pop esi |
pop ebp |
ret |
mov eax, edx |
jmp 00007F41C1A9468Bh |
push esi |
call 00007F41C1A952CCh |
test eax, eax |
je 00007F41C1A946B2h |
mov eax, dword ptr fs:[00000018h] |
mov esi, 00484D48h |
mov edx, dword ptr [eax+04h] |
jmp 00007F41C1A94696h |
cmp edx, eax |
je 00007F41C1A946A2h |
xor eax, eax |
mov ecx, edx |
lock cmpxchg dword ptr [esi], ecx |
test eax, eax |
jne 00007F41C1A94682h |
xor al, al |
pop esi |
ret |
mov al, 01h |
pop esi |
ret |
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+08h], 00000000h |
jne 00007F41C1A94699h |
mov byte ptr [00484D4Ch], 00000001h |
call 00007F41C1A94955h |
call 00007F41C1A9787Fh |
test al, al |
jne 00007F41C1A94696h |
xor al, al |
pop ebp |
ret |
call 00007F41C1AA055Ch |
test al, al |
jne 00007F41C1A9469Ch |
push 00000000h |
call 00007F41C1A97886h |
pop ecx |
jmp 00007F41C1A9467Bh |
mov al, 01h |
pop ebp |
ret |
push ebp |
mov ebp, esp |
cmp byte ptr [00484D4Dh], 00000000h |
je 00007F41C1A94696h |
mov al, 01h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c960 | 0x28 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x88000 | 0x128 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x88ec8 | 0x4ec8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x86000 | 0x1bf0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x2ac48 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2ab88 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x23000 | 0x128 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x2109b | 0x21200 | fc39cf76189ab7c227ec12f73e6a3932 | False | 0.5790683962264151 | data | 6.629638369205259 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x23000 | 0xa004 | 0xa200 | 7ae763a2ed0268467b431e4f40185ebf | False | 0.42879533179012347 | data | 4.914287343080596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2e000 | 0x5796c | 0x56a00 | dabe9cdbf081fb2f304d89bb59671932 | False | 0.9913109893578643 | DOS executable (block device driver \377\377\377\377) | 7.992943735511485 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.reloc | 0x86000 | 0x1bf0 | 0x1c00 | 0190908279e9d6b3b648ee70a4a85ce4 | False | 0.7565569196428571 | data | 6.538484011809682 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x88000 | 0x128 | 0x200 | 239a18c31ff02bce8aaacba8dc7cd677 | False | 0.291015625 | data | 1.5878130901584442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
MUI | 0x88060 | 0xc8 | data | English | United States | 0.535 |
DLL | Import |
---|---|
KERNEL32.dll | TlsFree, MultiByteToWideChar, GetStringTypeW, WideCharToMultiByte, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionEx, DeleteCriticalSection, EncodePointer, DecodePointer, LCMapStringEx, GetCPInfo, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, CreateFileW, RaiseException, RtlUnwind, GetLastError, SetLastError, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, FreeLibrary, GetProcAddress, LoadLibraryExW, GetStdHandle, WriteFile, GetModuleFileNameW, ExitProcess, GetModuleHandleExW, HeapAlloc, HeapFree, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, GetFileType, CloseHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadFile, GetFileSizeEx, SetFilePointerEx, ReadConsoleW, HeapReAlloc, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetProcessHeap, HeapSize, WriteConsoleW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-12T22:36:02.740997+0200 | 2056572 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (widdensmoywi .sbs) | 1 | 192.168.2.6 | 55988 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:03.254074+0200 | 2056573 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (widdensmoywi .sbs in TLS SNI) | 1 | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
2024-10-12T22:36:03.754512+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
2024-10-12T22:36:03.754512+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | TCP |
2024-10-12T22:36:03.762048+0200 | 2056570 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) | 1 | 192.168.2.6 | 64493 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:04.269367+0200 | 2056571 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:04.696511+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:04.696511+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:04.698408+0200 | 2056568 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) | 1 | 192.168.2.6 | 53786 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:04.758725+0200 | 2056566 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) | 1 | 192.168.2.6 | 50381 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:05.271502+0200 | 2056567 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) | 1 | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
2024-10-12T22:36:05.691027+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
2024-10-12T22:36:05.691027+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | TCP |
2024-10-12T22:36:05.716570+0200 | 2056564 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) | 1 | 192.168.2.6 | 50222 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:06.214986+0200 | 2056565 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) | 1 | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
2024-10-12T22:36:06.659354+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
2024-10-12T22:36:06.659354+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | TCP |
2024-10-12T22:36:06.687782+0200 | 2056562 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) | 1 | 192.168.2.6 | 51843 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:07.184611+0200 | 2056563 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) | 1 | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
2024-10-12T22:36:07.640105+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
2024-10-12T22:36:07.640105+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | TCP |
2024-10-12T22:36:07.803851+0200 | 2056560 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) | 1 | 192.168.2.6 | 63149 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:08.298990+0200 | 2056561 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) | 1 | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
2024-10-12T22:36:08.737000+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
2024-10-12T22:36:08.737000+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | TCP |
2024-10-12T22:36:08.748838+0200 | 2056558 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) | 1 | 192.168.2.6 | 58354 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:09.254568+0200 | 2056559 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) | 1 | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
2024-10-12T22:36:09.687676+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
2024-10-12T22:36:09.687676+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | TCP |
2024-10-12T22:36:09.689166+0200 | 2056556 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) | 1 | 192.168.2.6 | 50135 | 1.1.1.1 | 53 | UDP |
2024-10-12T22:36:10.181687+0200 | 2056557 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) | 1 | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:10.665845+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:10.665845+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | TCP |
2024-10-12T22:36:12.025576+0200 | 2858666 | ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup | 1 | 192.168.2.6 | 49744 | 104.102.49.254 | 443 | TCP |
2024-10-12T22:36:12.787291+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.6 | 49755 | 172.67.206.204 | 443 | TCP |
2024-10-12T22:36:12.787291+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49755 | 172.67.206.204 | 443 | TCP |
2024-10-12T22:36:13.768308+0200 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.6 | 49761 | 172.67.206.204 | 443 | TCP |
2024-10-12T22:36:13.768308+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.6 | 49761 | 172.67.206.204 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 12, 2024 22:36:02.761759043 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:02.761857033 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:02.761965036 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:02.764779091 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:02.764817953 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.253983974 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.254074097 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.257694006 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.257726908 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.258145094 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.299910069 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.344490051 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.344568014 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.344873905 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.754520893 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.754636049 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.754856110 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.757123947 CEST | 49710 | 443 | 192.168.2.6 | 104.21.8.37 |
Oct 12, 2024 22:36:03.757168055 CEST | 443 | 49710 | 104.21.8.37 | 192.168.2.6 |
Oct 12, 2024 22:36:03.776572943 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:03.776601076 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:03.776684999 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:03.776997089 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:03.777009964 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.269290924 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.269366980 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.272433996 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.272439957 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.272753000 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.273978949 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.274008989 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.274049997 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.696587086 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.696839094 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.697031021 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.697031021 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.697056055 CEST | 49713 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:04.697068930 CEST | 443 | 49713 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:04.778259039 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:04.778295040 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:04.778369904 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:04.778633118 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:04.778650999 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.271425962 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.271502018 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.273128986 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.273142099 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.273665905 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.274866104 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.274893045 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.274957895 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.691011906 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.691126108 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.691174030 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.691297054 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.691313028 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.691328049 CEST | 49715 | 443 | 192.168.2.6 | 104.21.33.249 |
Oct 12, 2024 22:36:05.691334009 CEST | 443 | 49715 | 104.21.33.249 | 192.168.2.6 |
Oct 12, 2024 22:36:05.735729933 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:05.735826015 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:05.735908985 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:05.736316919 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:05.736354113 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.214900017 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.214986086 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.216758966 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.216770887 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.217180967 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.218465090 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.218496084 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.218559027 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.659476042 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.659725904 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.659801960 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.660048008 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.660070896 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.660083055 CEST | 49718 | 443 | 192.168.2.6 | 172.67.205.156 |
Oct 12, 2024 22:36:06.660089970 CEST | 443 | 49718 | 172.67.205.156 | 192.168.2.6 |
Oct 12, 2024 22:36:06.703908920 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:06.703938961 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:06.704164028 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:06.704509020 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:06.704523087 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.184547901 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.184611082 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.187165022 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.187176943 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.187699080 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.197987080 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.198009014 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.198148012 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.640028000 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.640280008 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.640340090 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.800942898 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.800971985 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.800986052 CEST | 49720 | 443 | 192.168.2.6 | 172.67.140.193 |
Oct 12, 2024 22:36:07.800993919 CEST | 443 | 49720 | 172.67.140.193 | 192.168.2.6 |
Oct 12, 2024 22:36:07.821952105 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:07.821986914 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:07.822050095 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:07.822560072 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:07.822685003 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.298876047 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.298990011 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.300647974 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.300663948 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.301018953 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.307130098 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.307172060 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.307266951 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.737035990 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.737282038 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.737427950 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.737529039 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.737552881 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.737606049 CEST | 49721 | 443 | 192.168.2.6 | 172.67.173.224 |
Oct 12, 2024 22:36:08.737612963 CEST | 443 | 49721 | 172.67.173.224 | 192.168.2.6 |
Oct 12, 2024 22:36:08.766403913 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:08.766426086 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:08.766505003 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:08.766829967 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:08.766844988 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.254462004 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.254568100 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.256444931 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.256453991 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.256855965 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.258012056 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.258032084 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.258096933 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.687655926 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.687818050 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.687877893 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.688024044 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.688040018 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.688050032 CEST | 49732 | 443 | 192.168.2.6 | 104.21.79.35 |
Oct 12, 2024 22:36:09.688055038 CEST | 443 | 49732 | 104.21.79.35 | 192.168.2.6 |
Oct 12, 2024 22:36:09.700063944 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:09.700114965 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:09.700221062 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:09.700529099 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:09.700547934 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.181606054 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.181687117 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.231357098 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.231376886 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.232609987 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.245861053 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.245882034 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.245954037 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.665915012 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.666182995 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.666260004 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.666312933 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.666337967 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.666352034 CEST | 49738 | 443 | 192.168.2.6 | 188.114.96.3 |
Oct 12, 2024 22:36:10.666359901 CEST | 443 | 49738 | 188.114.96.3 | 192.168.2.6 |
Oct 12, 2024 22:36:10.675149918 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:10.675182104 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:10.675246000 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:10.675540924 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:10.675558090 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:11.390243053 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:11.390521049 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:11.392092943 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:11.392100096 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:11.392422915 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:11.393670082 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:11.435406923 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.025593996 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.025626898 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.025649071 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.025701046 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.025717020 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.025754929 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.025785923 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.156086922 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.156115055 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.156157017 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.156167984 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.156186104 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.156213999 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163093090 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163155079 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163271904 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163322926 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163326979 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163361073 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163361073 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163387060 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163393021 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163400888 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.163409948 CEST | 49744 | 443 | 192.168.2.6 | 104.102.49.254 |
Oct 12, 2024 22:36:12.163414001 CEST | 443 | 49744 | 104.102.49.254 | 192.168.2.6 |
Oct 12, 2024 22:36:12.176151037 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.176189899 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.176276922 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.176600933 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.176620007 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.661891937 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.661978960 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.663312912 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.663331985 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.663770914 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.664815903 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.664843082 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.664901972 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.787341118 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.787478924 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.787539959 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.787636995 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.787662983 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.787893057 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.792252064 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.792443991 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.792505980 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.792562962 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.792578936 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.792594910 CEST | 49755 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.792599916 CEST | 443 | 49755 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.838994980 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.839051962 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:12.839131117 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.839459896 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:12.839478970 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.334232092 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.334311962 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.335289955 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.335304022 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.335514069 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.337016106 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.337054968 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.337073088 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.768270016 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.768371105 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.768505096 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.770653963 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.770678997 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Oct 12, 2024 22:36:13.770716906 CEST | 49761 | 443 | 192.168.2.6 | 172.67.206.204 |
Oct 12, 2024 22:36:13.770725012 CEST | 443 | 49761 | 172.67.206.204 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 12, 2024 22:36:02.740997076 CEST | 55988 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:02.757307053 CEST | 53 | 55988 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:03.762048006 CEST | 64493 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:03.775693893 CEST | 53 | 64493 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:04.698407888 CEST | 53786 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:04.708112955 CEST | 53 | 53786 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:04.758724928 CEST | 50381 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:04.772324085 CEST | 53 | 50381 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:05.716569901 CEST | 50222 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:05.735029936 CEST | 53 | 50222 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:06.687782049 CEST | 51843 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:06.700640917 CEST | 53 | 51843 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:07.803850889 CEST | 63149 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:07.820810080 CEST | 53 | 63149 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:08.748837948 CEST | 58354 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:08.765737057 CEST | 53 | 58354 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:09.689166069 CEST | 50135 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:09.699343920 CEST | 53 | 50135 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:10.667393923 CEST | 64627 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:10.674513102 CEST | 53 | 64627 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:12.166202068 CEST | 58774 | 53 | 192.168.2.6 | 1.1.1.1 |
Oct 12, 2024 22:36:12.175319910 CEST | 53 | 58774 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:19.809146881 CEST | 53 | 60196 | 1.1.1.1 | 192.168.2.6 |
Oct 12, 2024 22:36:21.484205961 CEST | 53 | 53011 | 1.1.1.1 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 12, 2024 22:36:02.740997076 CEST | 192.168.2.6 | 1.1.1.1 | 0x4233 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:03.762048006 CEST | 192.168.2.6 | 1.1.1.1 | 0x5a0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:04.698407888 CEST | 192.168.2.6 | 1.1.1.1 | 0xd91f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:04.758724928 CEST | 192.168.2.6 | 1.1.1.1 | 0x9c26 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:05.716569901 CEST | 192.168.2.6 | 1.1.1.1 | 0x3c8d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:06.687782049 CEST | 192.168.2.6 | 1.1.1.1 | 0x86c4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:07.803850889 CEST | 192.168.2.6 | 1.1.1.1 | 0xb641 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:08.748837948 CEST | 192.168.2.6 | 1.1.1.1 | 0x4458 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:09.689166069 CEST | 192.168.2.6 | 1.1.1.1 | 0x6ed9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:10.667393923 CEST | 192.168.2.6 | 1.1.1.1 | 0x799a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:12.166202068 CEST | 192.168.2.6 | 1.1.1.1 | 0xcff2 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 12, 2024 22:36:02.757307053 CEST | 1.1.1.1 | 192.168.2.6 | 0x4233 | No error (0) | 104.21.8.37 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:02.757307053 CEST | 1.1.1.1 | 192.168.2.6 | 0x4233 | No error (0) | 172.67.156.197 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:03.775693893 CEST | 1.1.1.1 | 192.168.2.6 | 0x5a0 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:03.775693893 CEST | 1.1.1.1 | 192.168.2.6 | 0x5a0 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:04.708112955 CEST | 1.1.1.1 | 192.168.2.6 | 0xd91f | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 12, 2024 22:36:04.772324085 CEST | 1.1.1.1 | 192.168.2.6 | 0x9c26 | No error (0) | 104.21.33.249 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:04.772324085 CEST | 1.1.1.1 | 192.168.2.6 | 0x9c26 | No error (0) | 172.67.152.13 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:05.735029936 CEST | 1.1.1.1 | 192.168.2.6 | 0x3c8d | No error (0) | 172.67.205.156 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:05.735029936 CEST | 1.1.1.1 | 192.168.2.6 | 0x3c8d | No error (0) | 104.21.77.78 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:06.700640917 CEST | 1.1.1.1 | 192.168.2.6 | 0x86c4 | No error (0) | 172.67.140.193 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:06.700640917 CEST | 1.1.1.1 | 192.168.2.6 | 0x86c4 | No error (0) | 104.21.46.170 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:07.820810080 CEST | 1.1.1.1 | 192.168.2.6 | 0xb641 | No error (0) | 172.67.173.224 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:07.820810080 CEST | 1.1.1.1 | 192.168.2.6 | 0xb641 | No error (0) | 104.21.30.221 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:08.765737057 CEST | 1.1.1.1 | 192.168.2.6 | 0x4458 | No error (0) | 104.21.79.35 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:08.765737057 CEST | 1.1.1.1 | 192.168.2.6 | 0x4458 | No error (0) | 172.67.141.136 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:09.699343920 CEST | 1.1.1.1 | 192.168.2.6 | 0x6ed9 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:09.699343920 CEST | 1.1.1.1 | 192.168.2.6 | 0x6ed9 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:10.674513102 CEST | 1.1.1.1 | 192.168.2.6 | 0x799a | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:12.175319910 CEST | 1.1.1.1 | 192.168.2.6 | 0xcff2 | No error (0) | 172.67.206.204 | A (IP address) | IN (0x0001) | false | ||
Oct 12, 2024 22:36:12.175319910 CEST | 1.1.1.1 | 192.168.2.6 | 0xcff2 | No error (0) | 104.21.53.8 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.6 | 49710 | 104.21.8.37 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:03 UTC | 263 | OUT | |
2024-10-12 20:36:03 UTC | 8 | OUT | |
2024-10-12 20:36:03 UTC | 819 | IN | |
2024-10-12 20:36:03 UTC | 15 | IN | |
2024-10-12 20:36:03 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.6 | 49713 | 188.114.96.3 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:04 UTC | 260 | OUT | |
2024-10-12 20:36:04 UTC | 8 | OUT | |
2024-10-12 20:36:04 UTC | 813 | IN | |
2024-10-12 20:36:04 UTC | 15 | IN | |
2024-10-12 20:36:04 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.6 | 49715 | 104.21.33.249 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:05 UTC | 260 | OUT | |
2024-10-12 20:36:05 UTC | 8 | OUT | |
2024-10-12 20:36:05 UTC | 815 | IN | |
2024-10-12 20:36:05 UTC | 15 | IN | |
2024-10-12 20:36:05 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.6 | 49718 | 172.67.205.156 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:06 UTC | 260 | OUT | |
2024-10-12 20:36:06 UTC | 8 | OUT | |
2024-10-12 20:36:06 UTC | 811 | IN | |
2024-10-12 20:36:06 UTC | 15 | IN | |
2024-10-12 20:36:06 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.6 | 49720 | 172.67.140.193 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:07 UTC | 261 | OUT | |
2024-10-12 20:36:07 UTC | 8 | OUT | |
2024-10-12 20:36:07 UTC | 821 | IN | |
2024-10-12 20:36:07 UTC | 15 | IN | |
2024-10-12 20:36:07 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.6 | 49721 | 172.67.173.224 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:08 UTC | 262 | OUT | |
2024-10-12 20:36:08 UTC | 8 | OUT | |
2024-10-12 20:36:08 UTC | 821 | IN | |
2024-10-12 20:36:08 UTC | 15 | IN | |
2024-10-12 20:36:08 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.6 | 49732 | 104.21.79.35 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:09 UTC | 263 | OUT | |
2024-10-12 20:36:09 UTC | 8 | OUT | |
2024-10-12 20:36:09 UTC | 823 | IN | |
2024-10-12 20:36:09 UTC | 15 | IN | |
2024-10-12 20:36:09 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.6 | 49738 | 188.114.96.3 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:10 UTC | 264 | OUT | |
2024-10-12 20:36:10 UTC | 8 | OUT | |
2024-10-12 20:36:10 UTC | 821 | IN | |
2024-10-12 20:36:10 UTC | 15 | IN | |
2024-10-12 20:36:10 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.6 | 49744 | 104.102.49.254 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:11 UTC | 219 | OUT | |
2024-10-12 20:36:12 UTC | 1870 | IN | |
2024-10-12 20:36:12 UTC | 14514 | IN | |
2024-10-12 20:36:12 UTC | 16384 | IN | |
2024-10-12 20:36:12 UTC | 3768 | IN | |
2024-10-12 20:36:12 UTC | 171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.6 | 49755 | 172.67.206.204 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:12 UTC | 264 | OUT | |
2024-10-12 20:36:12 UTC | 8 | OUT | |
2024-10-12 20:36:12 UTC | 551 | IN | |
2024-10-12 20:36:12 UTC | 818 | IN | |
2024-10-12 20:36:12 UTC | 1369 | IN | |
2024-10-12 20:36:12 UTC | 1369 | IN | |
2024-10-12 20:36:12 UTC | 885 | IN | |
2024-10-12 20:36:12 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.6 | 49761 | 172.67.206.204 | 443 | 5200 | C:\Users\user\Desktop\Loader.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-12 20:36:13 UTC | 354 | OUT | |
2024-10-12 20:36:13 UTC | 80 | OUT | |
2024-10-12 20:36:13 UTC | 837 | IN | |
2024-10-12 20:36:13 UTC | 15 | IN | |
2024-10-12 20:36:13 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 16:35:59 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\Desktop\Loader.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 581'008 bytes |
MD5 hash: | CB50ACC9B951B52306B95EAF8D4E2048 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 2 |
Start time: | 16:36:00 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\Desktop\Loader.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 581'008 bytes |
MD5 hash: | CB50ACC9B951B52306B95EAF8D4E2048 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 3 |
Start time: | 16:36:00 |
Start date: | 12/10/2024 |
Path: | C:\Users\user\Desktop\Loader.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x190000 |
File size: | 581'008 bytes |
MD5 hash: | CB50ACC9B951B52306B95EAF8D4E2048 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 16:36:01 |
Start date: | 12/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 8 |
Start time: | 16:36:12 |
Start date: | 12/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 10 |
Start time: | 16:36:14 |
Start date: | 12/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x760000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.6% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 10.2% |
Total number of Nodes: | 254 |
Total number of Limit Nodes: | 5 |
Graph
Function 00192198 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A8735 Relevance: 4.7, APIs: 3, Instructions: 202COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AA691 Relevance: 3.2, APIs: 2, Instructions: 177COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AA295 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DE6E0 Relevance: 38.9, Strings: 30, Instructions: 1384COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CCFC0 Relevance: 16.6, Strings: 13, Instructions: 393COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F9AD0 Relevance: 15.3, Strings: 12, Instructions: 295COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FA1A0 Relevance: 15.3, Strings: 12, Instructions: 262COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E31E2 Relevance: 13.3, Strings: 10, Instructions: 832COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DFA3E Relevance: 10.3, Strings: 8, Instructions: 288COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D99AE Relevance: 10.2, Strings: 8, Instructions: 158COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D9C73 Relevance: 10.2, Strings: 8, Instructions: 157COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D8496 Relevance: 10.2, Strings: 8, Instructions: 156COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DA496 Relevance: 10.2, Strings: 8, Instructions: 153COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E7490 Relevance: 9.2, Strings: 7, Instructions: 433COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CFB6A Relevance: 9.1, Strings: 7, Instructions: 321COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ACAFF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00202C60 Relevance: 7.9, Strings: 6, Instructions: 384COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AC370 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BF1F3 Relevance: 7.2, Strings: 5, Instructions: 974COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00202360 Relevance: 6.6, Strings: 5, Instructions: 336COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A3F53 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00197508 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EF5CE Relevance: 5.8, Strings: 4, Instructions: 824COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BF437 Relevance: 5.5, Strings: 4, Instructions: 487COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EE020 Relevance: 5.3, Strings: 4, Instructions: 260COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AC783 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BF502 Relevance: 4.2, Strings: 3, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E1410 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BF24E Relevance: 4.1, Strings: 3, Instructions: 372COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CB7C0 Relevance: 4.1, Strings: 3, Instructions: 358COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CB3D0 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EEFD9 Relevance: 4.0, Strings: 3, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019FB00 Relevance: 3.4, APIs: 2, Instructions: 449COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E0B00 Relevance: 3.1, Strings: 2, Instructions: 593COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FEFE0 Relevance: 3.1, Strings: 2, Instructions: 565COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C6220 Relevance: 2.9, Strings: 2, Instructions: 392COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F02BA Relevance: 2.8, Strings: 2, Instructions: 325COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DFFF7 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EBFD7 Relevance: 2.7, Strings: 2, Instructions: 247COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EB430 Relevance: 2.7, Strings: 2, Instructions: 242COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FEBC0 Relevance: 2.7, Strings: 2, Instructions: 206COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002042E0 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FABBD Relevance: 2.6, Strings: 2, Instructions: 105COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C78F6 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BEF00 Relevance: 2.5, Strings: 1, Instructions: 1271COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00196E6F Relevance: 1.7, APIs: 1, Instructions: 242COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F0892 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ED800 Relevance: 1.7, Strings: 1, Instructions: 424COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A9DAA Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E9400 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AC9D6 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ECA95 Relevance: 1.6, Strings: 1, Instructions: 332COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001BF4B1 Relevance: 1.6, Strings: 1, Instructions: 330COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ACC05 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00204E00 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00204B30 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C84A0 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D4882 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00197695 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CCC40 Relevance: 1.4, Strings: 1, Instructions: 182COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00191F1A Relevance: 1.4, Strings: 1, Instructions: 156COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DCE13 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CAD60 Relevance: 1.4, Strings: 1, Instructions: 138COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D2FC0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CE672 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002018B5 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EAB28 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002017E4 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E8070 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E8E5D Relevance: 1.3, Strings: 1, Instructions: 61COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EBF45 Relevance: 1.3, Strings: 1, Instructions: 61COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EC9F2 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CE7A8 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ACF36 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C9B00 Relevance: .8, Instructions: 830COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E1B30 Relevance: .7, Instructions: 710COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C8FF0 Relevance: .7, Instructions: 670COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C4DD0 Relevance: .7, Instructions: 657COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C57D0 Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E54B0 Relevance: .5, Instructions: 477COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C7FE0 Relevance: .4, Instructions: 399COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C1670 Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D3397 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00202770 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ABE21 Relevance: .3, Instructions: 327COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019C62E Relevance: .3, Instructions: 314COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C8B60 Relevance: .3, Instructions: 303COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C2E50 Relevance: .3, Instructions: 270COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F3400 Relevance: .3, Instructions: 264COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00204890 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CF1A3 Relevance: .3, Instructions: 253COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E5250 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001D6F0F Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 002050F0 Relevance: .2, Instructions: 228COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F4990 Relevance: .2, Instructions: 221COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F4C00 Relevance: .2, Instructions: 208COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EE56A Relevance: .2, Instructions: 201COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F31D0 Relevance: .2, Instructions: 200COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EB227 Relevance: .2, Instructions: 190COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F9870 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C35F0 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FE9A0 Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00203B77 Relevance: .1, Instructions: 144COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CF000 Relevance: .1, Instructions: 122COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FE4F0 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00201E21 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DC3E0 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CC144 Relevance: .1, Instructions: 80COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CD843 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FE650 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001F77F0 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ED1F0 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001C4A90 Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001E97F0 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DC080 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001CD8F6 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00200FD0 Relevance: .0, Instructions: 24COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001AA937 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001FCD00 Relevance: .0, Instructions: 21COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001DC673 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A0D89 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EA813 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EAAD8 Relevance: .0, Instructions: 11COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001EA3A5 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00203EC4 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00201FD2 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A75BF Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019A1A8 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 303COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A352F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00193819 Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019667B Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00194F43 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A0DAB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001924EF Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019307F Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019AF82 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019A54D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00196865 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00197310 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00191605 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001ACCD4 Relevance: 7.7, APIs: 5, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A3F53 Relevance: 6.3, APIs: 4, Instructions: 337COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00197508 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019667B Relevance: 9.2, APIs: 6, Instructions: 175COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00199E3A Relevance: 9.1, APIs: 6, Instructions: 60COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A0DAB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00194CC6 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0019AF82 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001A575E Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00199F51 Relevance: 6.2, APIs: 4, Instructions: 168COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 001B0546 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Execution Graph
Execution Coverage: | 2.3% |
Dynamic/Decrypted Code Coverage: | 0% |
Signature Coverage: | 12% |
Total number of Nodes: | 83 |
Total number of Limit Nodes: | 12 |
Graph
Function 0043CC17 Relevance: 10.8, APIs: 7, Instructions: 259COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040CE60 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 125threadCOMMON
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043CCC5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 104memoryCOMMON
Control-flow Graph
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443090 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043CB4D Relevance: 7.6, APIs: 5, Instructions: 109COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C75E Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440350 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00443250 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004402F7 Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004432AF Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411281 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043C821 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00411260 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436F40 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 113clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004367AF Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 165memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043CE3B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106memoryCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|