Windows
Analysis Report
Set-up.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Set-up.exe (PID: 1012 cmdline:
"C:\Users\ user\Deskt op\Set-up. exe" MD5: 4B923F3600F76EA3FCF20959D94369AC) - WerFault.exe (PID: 1184 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 012 -s 160 0 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["sippymroat.cfd", "mathcucom.sbs", "ehticsprocw.sbs", "condifendteu.sbs", "drawwyobstacw.sbs", "resinedyw.sbs", "enlargkiw.sbs", "allocatinow.sbs", "vennurviot.sbs"], "Build id": "BVnUqo--@aboba45"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:13.803098+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | TCP |
2024-10-13T11:42:14.760733+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:15.827479+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
2024-10-13T11:42:16.767536+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
2024-10-13T11:42:18.000399+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
2024-10-13T11:42:18.937149+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
2024-10-13T11:42:19.886594+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
2024-10-13T11:42:20.873314+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:23.168391+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 104.21.53.8 | 443 | TCP |
2024-10-13T11:42:24.345642+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:13.803098+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | TCP |
2024-10-13T11:42:14.760733+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:15.827479+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
2024-10-13T11:42:16.767536+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
2024-10-13T11:42:18.000399+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
2024-10-13T11:42:18.937149+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
2024-10-13T11:42:19.886594+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
2024-10-13T11:42:20.873314+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:23.168391+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:24.345642+0200 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:19.460477+0200 | 2056559 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:20.429036+0200 | 2056557 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:18.521222+0200 | 2056561 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:15.301012+0200 | 2056567 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:14.310273+0200 | 2056571 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:16.329296+0200 | 2056565 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:17.561594+0200 | 2056563 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:14.762853+0200 | 2056568 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 53988 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:18.960890+0200 | 2056558 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63734 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:19.899655+0200 | 2056556 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49501 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:18.026733+0200 | 2056560 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 55421 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:14.795220+0200 | 2056566 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 50289 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:13.808579+0200 | 2056570 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 58518 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:15.834870+0200 | 2056564 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63242 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:16.813607+0200 | 2056562 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63926 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:22.179172+0200 | 2858666 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49745 | 104.102.49.254 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_029D7032 | |
Source: | Code function: | 0_2_029F2682 | |
Source: | Code function: | 0_2_029F2682 | |
Source: | Code function: | 0_2_029FD6A2 | |
Source: | Code function: | 0_2_029F7792 | |
Source: | Code function: | 0_2_029FF712 | |
Source: | Code function: | 0_2_029FC4A3 | |
Source: | Code function: | 0_2_029EE412 | |
Source: | Code function: | 0_2_029E2407 | |
Source: | Code function: | 0_2_029E145C | |
Source: | Code function: | 0_2_029F9444 | |
Source: | Code function: | 0_2_02A15452 | |
Source: | Code function: | 0_2_029E05C2 | |
Source: | Code function: | 0_2_02A0C562 | |
Source: | Code function: | 0_2_029E0542 | |
Source: | Code function: | 0_2_02A0F542 | |
Source: | Code function: | 0_2_029F0A92 | |
Source: | Code function: | 0_2_029DEAC2 | |
Source: | Code function: | 0_2_029EEA12 | |
Source: | Code function: | 0_2_029FEA52 | |
Source: | Code function: | 0_2_029DFA78 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00A71DD0 |
Source: | Code function: | 0_2_00A73200 |
Source: | Code function: | 0_2_00A71E10 |
Source: | Binary or memory string: | memstr_ca5a4307-c |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_02A25F73 |
Source: | Code function: | 0_2_00A93070 | |
Source: | Code function: | 0_2_00A85050 | |
Source: | Code function: | 0_2_00A673E0 | |
Source: | Code function: | 0_2_00BE23E0 | |
Source: | Code function: | 0_2_00A6E410 | |
Source: | Code function: | 0_2_00A89460 | |
Source: | Code function: | 0_2_00A645D0 | |
Source: | Code function: | 0_2_00A93990 | |
Source: | Code function: | 0_2_00AC0BE0 | |
Source: | Code function: | 0_2_00A78B40 | |
Source: | Code function: | 0_2_00AC6E10 | |
Source: | Code function: | 0_2_029D0575 | |
Source: | Code function: | 0_2_02A25F73 | |
Source: | Code function: | 0_2_029D50D2 | |
Source: | Code function: | 0_2_029D0000 | |
Source: | Code function: | 0_2_02A131B2 | |
Source: | Code function: | 0_2_029E21DD | |
Source: | Code function: | 0_2_029D91C2 | |
Source: | Code function: | 0_2_029E31E3 | |
Source: | Code function: | 0_2_02A0B122 | |
Source: | Code function: | 0_2_029E86B3 | |
Source: | Code function: | 0_2_029FD6A2 | |
Source: | Code function: | 0_2_029D87C2 | |
Source: | Code function: | 0_2_029E2732 | |
Source: | Code function: | 0_2_029F3752 | |
Source: | Code function: | 0_2_029DC4A2 | |
Source: | Code function: | 0_2_029D8422 | |
Source: | Code function: | 0_2_029DB457 | |
Source: | Code function: | 0_2_029DD472 | |
Source: | Code function: | 0_2_029E05C2 | |
Source: | Code function: | 0_2_02A13532 | |
Source: | Code function: | 0_2_02A15572 | |
Source: | Code function: | 0_2_029F0A92 | |
Source: | Code function: | 0_2_029F0A90 | |
Source: | Code function: | 0_2_02A06AD2 | |
Source: | Code function: | 0_2_02A13A02 | |
Source: | Code function: | 0_2_02A15B12 | |
Source: | Code function: | 0_2_02A04B52 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_029D0C85 |
Source: | Code function: | 0_2_00A6D420 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00A69D49 | |
Source: | Code function: | 0_2_02A0F457 |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_029D0575 | |
Source: | Code function: | 0_2_029D0B35 | |
Source: | Code function: | 0_2_029D1185 | |
Source: | Code function: | 0_2_029D1184 |
Source: | Code function: | 0_2_00BFE4EE |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_00BFDF75 |
Source: | Code function: | 0_2_00A6D240 |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_00BFEFA3 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 2 Process Injection | 2 Virtualization/Sandbox Evasion | 11 Input Capture | 1 System Time Discovery | Remote Services | 11 Input Capture | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 PowerShell | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 2 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 21 Security Software Discovery | SMB/Windows Admin Shares | 3 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 2 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 3 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 43 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
34% | ReversingLabs | Win32.Spyware.Lummastealer | ||
41% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
17% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
20% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
20% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
17% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
condifendteu.sbs | 172.67.141.136 | true | true |
| unknown |
steamcommunity.com | 104.102.49.254 | true | true |
| unknown |
sippymroat.cfd | 188.114.97.3 | true | true |
| unknown |
vennurviot.sbs | 172.67.140.193 | true | true |
| unknown |
drawwyobstacw.sbs | 188.114.96.3 | true | true |
| unknown |
mathcucom.sbs | 188.114.96.3 | true | true |
| unknown |
sergei-esenin.com | 104.21.53.8 | true | true |
| unknown |
ehticsprocw.sbs | 104.21.30.221 | true | true |
| unknown |
resinedyw.sbs | 104.21.77.78 | true | true |
| unknown |
enlargkiw.sbs | 172.67.152.13 | true | true |
| unknown |
allocatinow.sbs | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true | unknown | |||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
true | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.53.8 | sergei-esenin.com | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | sippymroat.cfd | European Union | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | drawwyobstacw.sbs | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.152.13 | enlargkiw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.30.221 | ehticsprocw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.141.136 | condifendteu.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | true | |
172.67.140.193 | vennurviot.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.21.77.78 | resinedyw.sbs | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1532477 |
Start date and time: | 2024-10-13 11:41:04 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 6m 8s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Set-up.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/5@11/9 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
05:42:14 | API Interceptor | |
05:42:40 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.53.8 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
188.114.97.3 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
188.114.96.3 | Get hash | malicious | Lokibot | Browse |
| |
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
drawwyobstacw.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
vennurviot.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
condifendteu.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
mathcucom.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Set-up.exe_4c9c2ad393d0b659aa78fea51f43981ea82cba10_6ae3b109_e4f0c861-ae91-41e5-a571-8f8d191fc96d\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.12713315719208 |
Encrypted: | false |
SSDEEP: | 192:ljRU3MX0BU/ojRSetOruLIAzuiFECZ24IO8t:hRuMkBU/ojZ/LIAzuiFPY4IO8t |
MD5: | 2331A9058FC32F968F1390C4B53FDBC7 |
SHA1: | D5BF9A9B5FD6DA1CDFBAB3054058669943C7A0DC |
SHA-256: | E732C00CD4AD1FBB678F3AA80C0DDFE2A5FB5D89DA6318797235DE1C0E9C484A |
SHA-512: | ED79DB42AF84C581247D71ED5C33A0607FE3D6B1BF54361D7AFA5E80912908E54AD4363E5B42665A6013EBE6C5690730B8CEFB5999C18FDF21B523CB0F79CC72 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 134188 |
Entropy (8bit): | 2.0465899784269173 |
Encrypted: | false |
SSDEEP: | 768:+GN1vjSKBgNSheKnJoRBx9fs3Jd1Sv/QRS:++ILyJoXfstSv/Q |
MD5: | 3EB8709A9084E0DC806E543696F79D2E |
SHA1: | A361E191616C24D6D5E55251EAFF9B3F64E78729 |
SHA-256: | 4691D1EE252E482F3A1481CC8F037B50AE2A4E12B90819579ED9681B32162853 |
SHA-512: | DDAFB945958C23105DC5FBA10B7371A7F71B303EE8B7B8BE85A62919F1B52877A533A48BE4B1CB890EC62C93099B35792A0BBA4B3C6F281BBB9EBA12E9471984 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8354 |
Entropy (8bit): | 3.7003729787765485 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJMAm6iw76Y9pSU9eYHqgmfNRpr189bsWsfEEm:R6lXJMZ6iw76YDSU9eYHqgmfNes1fO |
MD5: | 23A57E21F2526728BF79E51255BEADAB |
SHA1: | A4CD63467349475A7E6A351EB5DBA4B0335EE60B |
SHA-256: | 0276DA1C42CC0A17DE823A3F0E073F2EB031D1BA0593CA2D7E9621CDEBC70CBD |
SHA-512: | B7C4D876939AC5BACFC15560C43505C5D99F3E5DAF128D2A30683285E2616B09DF06B0610D18735178AC66771132A9834C0E961548C8BC5294172A75C8F087B8 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4664 |
Entropy (8bit): | 4.496741969809943 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsRJg77aI9AbWpW8VY5Ym8M4JuqFMi+q8xFU7Yb6YM4Hd:uIjfjI7iq7VJJUi8U79YM4Hd |
MD5: | 0E2A733289B51856726560B355F59864 |
SHA1: | 0BB44DEBD47D677DB7268C410A556B757C709D96 |
SHA-256: | 76095A89C700215029A54B6B6CFDFDE18A2EFA9BC61420CD20D996E91EA39119 |
SHA-512: | E2C9DC2065A130EBFB0C1E6D0BB42BF61D6008EA7F8ED2D717AA1476C2C4E56CB8987F703713C613CD981FF292E2064AE0A98F68DE7AC8D766B0FC3605A4AD7C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465509726421408 |
Encrypted: | false |
SSDEEP: | 6144:1IXfpi67eLPU9skLmb0b4FWSPKaJG8nAgejZMMhA2gX4WABl0uNvdwBCswSbn:2XD94FWlLZMM6YFHZ+n |
MD5: | 00BFAC98A536C86909DADC7CC02EFDD3 |
SHA1: | 0A3DC4CB1CED0530BEAD825EF69482572731B01E |
SHA-256: | 797450A4C2635DB9BD2C80B9E790D5DA00CFB66406056DFE6F8CED90EA646CD1 |
SHA-512: | 36FF5C6C47B0652B08A670C543317EA02F084890AFB0130422D22404D3594FCB3040D5413A4D8E7B52AB3378A3E54188739AAEF841B0C880F6DBDC68E6C0F690 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.988381481741982 |
TrID: |
|
File name: | Set-up.exe |
File size: | 2'729'072 bytes |
MD5: | 4b923f3600f76ea3fcf20959d94369ac |
SHA1: | b79ce50dcabc145555a36e7d97f341644107157b |
SHA256: | b80b75d889d42db1bbd9bc8b748c5c9390bb015286931579c1bcac7562de6a56 |
SHA512: | 54fc3dcb0ff35a97860c0f0b36cdfa310f0b2b918cd810fdca8183faaa150c17b978b6f79c91c65abc7a784cc3ee8ba6b62c29592f87018739096e52608a9031 |
SSDEEP: | 49152:gGSXoV72tpV9XE8Gwi1aCvYMdRluSBw44RGLaLgPZ:Q4OE5wiICvYMpfL1 |
TLSH: | 04C59D22BE8FC532D4A111B1967DAF1F8418A6767F7181D7B2C01A3AE5103E31A3E767 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Ark.Ark.Ark...o.Mrk...h.Jrk...n.^rk...j.Erk.H...Brk.H...nrk.Arj..pk...b..rk...k.@rk.....@rk...i.@rk.RichArk................ |
Icon Hash: | 2f232d67b7934633 |
Entrypoint: | 0x59ea9c |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x6328B684 [Mon Sep 19 18:35:48 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 9f1eb76ab6beb10e56762f8019d97227 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5F429788727974C52EF1B4CD93D03B8F |
Thumbprint SHA-1: | CD7BE0F00F2A5EE102C3037E098AF3F457D3B1AB |
Thumbprint SHA-256: | 4B59D847D7187ED910590D52798FD7E6FCB13396092FDBC1FE43B2311AAB6EEB |
Serial: | 060E2F8F9E1B8BE518D5FE2B69CFCCB1 |
Instruction |
---|
call 00007FB95CDFE0E4h |
jmp 00007FB95CDFDA0Fh |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FB95CC78581h |
mov dword ptr [esi], 005ADAA4h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 005ADAACh |
mov dword ptr [ecx], 005ADAA4h |
ret |
push ebp |
mov ebp, esp |
push esi |
push dword ptr [ebp+08h] |
mov esi, ecx |
call 00007FB95CC7854Eh |
mov dword ptr [esi], 005ADAC0h |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
and dword ptr [ecx+04h], 00000000h |
mov eax, ecx |
and dword ptr [ecx+08h], 00000000h |
mov dword ptr [ecx+04h], 005ADAC8h |
mov dword ptr [ecx], 005ADAC0h |
ret |
lea eax, dword ptr [ecx+04h] |
mov dword ptr [ecx], 005ADA98h |
push eax |
call 00007FB95CDFE187h |
pop ecx |
ret |
push ebp |
mov ebp, esp |
push esi |
mov esi, ecx |
lea eax, dword ptr [esi+04h] |
mov dword ptr [esi], 005ADA98h |
push eax |
call 00007FB95CDFE170h |
test byte ptr [ebp+08h], 00000001h |
pop ecx |
je 00007FB95CDFDB9Ch |
push 0000000Ch |
push esi |
call 00007FB95CDFD276h |
pop ecx |
pop ecx |
mov eax, esi |
pop esi |
pop ebp |
retn 0004h |
push ebp |
mov ebp, esp |
sub esp, 0Ch |
lea ecx, dword ptr [ebp-0Ch] |
call 00007FB95CDFDAFEh |
push 005EE6BCh |
lea eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FB95CDFE142h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1ee870 | 0xe3c | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1ef6ac | 0x208 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x204000 | 0x2d957 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x297c00 | 0x2870 | .reloc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x232000 | 0x11472 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1de540 | 0x70 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x1de650 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x1de5b0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1ad000 | 0x8fc | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1ab765 | 0x1ab800 | 35b3882fb84d2c3c2e9541127c9bb5b0 | False | 0.49125605354532165 | data | 6.625864824158646 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x1ad000 | 0x45ed2 | 0x46000 | c620e9c1358dec994d346d5ec97f18f9 | False | 0.3361363002232143 | data | 5.559929453091573 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x1f3000 | 0x10060 | 0xfc00 | ca7a852e7f3f4d04c757a15e362c6f8d | False | 0.4250372023809524 | DOS executable (block device driver \277DN\346@\273) | 4.825556059166698 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x204000 | 0x2d957 | 0x2da00 | 527da42bcbfcf4fd4d10a26f5e412f33 | False | 0.21568921232876712 | data | 5.092579347709825 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x232000 | 0x68a00 | 0x68a00 | b08cf37bce51a56e378a362ef413cc59 | False | 0.6475181078255675 | data | 7.538314299200359 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PROPERTIES | 0x204b70 | 0x1c3da | Non-ISO extended-ASCII text, with CRLF line terminators | English | United States | 0.23243771288275672 |
RT_CURSOR | 0x220f4c | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
RT_BITMAP | 0x221080 | 0xe0 | Device independent bitmap graphic, 16 x 15 x 4, image size 120, resolution 2834 x 2834 px/m, 16 important colors | English | United States | 0.48660714285714285 |
RT_BITMAP | 0x221160 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.18316831683168316 |
RT_BITMAP | 0x221488 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.14603960396039603 |
RT_BITMAP | 0x2217b0 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.1349009900990099 |
RT_BITMAP | 0x221ad8 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.1745049504950495 |
RT_BITMAP | 0x221e00 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.32425742574257427 |
RT_BITMAP | 0x222128 | 0x328 | Device independent bitmap graphic, 16 x 16 x 24, image size 0 | English | United States | 0.12128712871287128 |
RT_BITMAP | 0x222450 | 0x188 | Device independent bitmap graphic, 24 x 24 x 4, image size 288, resolution 2834 x 2834 px/m, 16 important colors | English | United States | 0.3877551020408163 |
RT_BITMAP | 0x2225d8 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.12903225806451613 |
RT_BITMAP | 0x222ab0 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.1032258064516129 |
RT_BITMAP | 0x222f88 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.0935483870967742 |
RT_BITMAP | 0x223460 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.13709677419354838 |
RT_BITMAP | 0x223938 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.2403225806451613 |
RT_BITMAP | 0x223e10 | 0x4d8 | Device independent bitmap graphic, 20 x 20 x 24, image size 0 | English | United States | 0.10806451612903226 |
RT_BITMAP | 0x2242e8 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.10463800904977376 |
RT_BITMAP | 0x2249d0 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.08653846153846154 |
RT_BITMAP | 0x2250b8 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.08031674208144797 |
RT_BITMAP | 0x2257a0 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.10576923076923077 |
RT_BITMAP | 0x225e88 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.21153846153846154 |
RT_BITMAP | 0x226570 | 0x6e8 | Device independent bitmap graphic, 24 x 24 x 24, image size 0 | English | United States | 0.08936651583710407 |
RT_BITMAP | 0x226c58 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.07390745501285347 |
RT_BITMAP | 0x227880 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.08451156812339332 |
RT_BITMAP | 0x2284a8 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.07133676092544987 |
RT_BITMAP | 0x2290d0 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.09993573264781491 |
RT_BITMAP | 0x229cf8 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.15167095115681234 |
RT_BITMAP | 0x22a920 | 0xc28 | Device independent bitmap graphic, 32 x 32 x 24, image size 0 | English | United States | 0.052377892030848326 |
RT_ICON | 0x22b548 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 192, 16 important colors | English | United States | 0.6317567567567568 |
RT_ICON | 0x22b670 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320, 256 important colors | English | United States | 0.5823699421965318 |
RT_ICON | 0x22bbd8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640, 16 important colors | English | United States | 0.5120967741935484 |
RT_ICON | 0x22bec0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | English | United States | 0.5455776173285198 |
RT_ICON | 0x22c768 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1536 | English | United States | 0.36341463414634145 |
RT_ICON | 0x22cdd0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.42350746268656714 |
RT_MENU | 0x22dc78 | 0x1330 | data | English | United States | 0.3373371335504886 |
RT_DIALOG | 0x22efa8 | 0xd8 | data | English | United States | 0.6481481481481481 |
RT_DIALOG | 0x22f080 | 0x288 | data | English | United States | 0.4212962962962963 |
RT_DIALOG | 0x22f308 | 0x29c | data | English | United States | 0.4476047904191617 |
RT_DIALOG | 0x22f5a4 | 0x120 | data | English | United States | 0.5798611111111112 |
RT_DIALOG | 0x22f6c4 | 0x1f0 | data | English | United States | 0.4213709677419355 |
RT_DIALOG | 0x22f8b4 | 0x1c8 | data | English | United States | 0.4166666666666667 |
RT_DIALOG | 0x22fa7c | 0x1cc | data | English | United States | 0.5130434782608696 |
RT_DIALOG | 0x22fc48 | 0x328 | data | English | United States | 0.4752475247524752 |
RT_DIALOG | 0x22ff70 | 0x3ee | data | English | United States | 0.4224652087475149 |
RT_DIALOG | 0x230360 | 0x3a0 | data | English | United States | 0.4665948275862069 |
RT_DIALOG | 0x230700 | 0x4ae | data | English | United States | 0.41569282136894825 |
RT_ACCELERATOR | 0x230bb0 | 0x2b0 | data | English | United States | 0.5537790697674418 |
RT_GROUP_CURSOR | 0x230e60 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x230e74 | 0x5a | data | English | United States | 0.7333333333333333 |
RT_VERSION | 0x230ed0 | 0x354 | data | English | United States | 0.45892018779342725 |
RT_MANIFEST | 0x231224 | 0x733 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4139989148128052 |
DLL | Import |
---|---|
IMM32.dll | ImmSetCompositionFontW, ImmSetCompositionWindow, ImmGetContext, ImmEscapeW, ImmSetCompositionStringW, ImmSetCandidateWindow, ImmGetCompositionStringW, ImmReleaseContext, ImmNotifyIME |
MSIMG32.dll | AlphaBlend, TransparentBlt |
COMCTL32.dll | InitCommonControlsEx |
UxTheme.dll | DrawThemeBackground, GetThemeBackgroundContentRect, OpenThemeData, DrawThemeParentBackground, CloseThemeData, GetThemePartSize |
KERNEL32.dll | LockResource, GlobalFree, LoadResource, FindResourceW, PeekConsoleInputW, LocalFree, VerSetConditionMask, GetConsoleWindow, VerifyVersionInfoW, AllocConsole, GetExitCodeProcess, GetTimeFormatA, CreateFileW, FileTimeToSystemTime, GetDateFormatA, FileTimeToLocalFileTime, GetFileTime, GetLocaleInfoW, Beep, CreateMutexW, GetCurrentThreadId, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, GetModuleFileNameA, LoadLibraryExA, FormatMessageA, LoadLibraryA, GetCurrentProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, CreateEventW, WaitForSingleObjectEx, ResetEvent, SetEvent, InitializeCriticalSectionAndSpinCount, GetLastError, GetProcAddress, GetModuleHandleW, FreeLibrary, MulDiv, LoadLibraryExW, GetLocaleInfoA, Sleep, GlobalSize, GlobalAlloc, GlobalLock, LCMapStringW, WideCharToMultiByte, GetTickCount, GlobalUnlock, ReadFile, FindFirstFileW, SetHandleInformation, CompareStringW, GetFullPathNameW, FindNextFileW, CreatePipe, PeekNamedPipe, FindClose, WaitForSingleObject, GetFileAttributesExW, CloseHandle, CreateProcessW, LoadLibraryW, IsDBCSLeadByteEx, SizeofResource, GetCommandLineW, GetStdHandle, GetCPInfo, WriteFile, TerminateProcess, FormatMessageW, GetModuleFileNameW, GetTempPathW, GetFileAttributesW, FreeResource, SetCurrentDirectoryA, IsValidCodePage, IsProcessorFeaturePresent, IsDebuggerPresent, GetStartupInfoW, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeSListHead, MultiByteToWideChar |
USER32.dll | SendMessageTimeoutW, GetThreadDesktop, EnumWindows, GetUserObjectInformationW, GetWindowTextLengthW, DrawFocusRect, GetClassNameW, DrawFrameControl, GetNextDlgTabItem, GetWindowTextW, CreateDialogParamW, EndDialog, IsDialogMessageW, SetDlgItemTextW, SendDlgItemMessageW, IsDlgButtonChecked, GetDlgItemInt, GetDlgItem, CheckDlgButton, DialogBoxParamW, EnableWindow, DeferWindowPos, OpenClipboard, GetParent, ReleaseCapture, InvalidateRect, ReleaseDC, GetCursorPos, BeginPaint, EndPaint, DrawTextW, GetClientRect, GetMenuState, ModifyMenuW, CheckMenuRadioItem, GetWindow, GetMenuItemCount, DeleteMenu, GetClassInfoW, BeginDeferWindowPos, SetMenuItemInfoW, GetTopWindow, DrawMenuBar, EndDeferWindowPos, InsertMenuW, CheckMenuItem, EnableMenuItem, GetMessageW, GetMenuItemInfoW, GetMenu, MessageBoxW, GetWindowPlacement, LoadAcceleratorsW, GetSubMenu, DispatchMessageW, VkKeyScanW, DestroyAcceleratorTable, PeekMessageW, SetWindowPlacement, WinHelpW, FlashWindow, TranslateAcceleratorW, TranslateMessage, LoadIconW, FindWindowW, AppendMenuW, PostQuitMessage, UpdateWindow, SetForegroundWindow, LoadImageW, IsIconic, GetFocus, SetWindowTextW, RegisterClassW, RegisterWindowMessageW, SetScrollInfo, RegisterClipboardFormatW, GetKeyState, GetUpdateRgn, PostMessageW, HideCaret, ScreenToClient, NotifyWinEvent, GetScrollInfo, MsgWaitForMultipleObjects, SetCaretPos, SystemParametersInfoW, SetTimer, GetDlgCtrlID, CloseClipboard, EmptyClipboard, IsChild, CreateCaret, ValidateRect, TrackMouseEvent, GetKeyboardLayout, GetMessageTime, SetFocus, GetClipboardData, DestroyCaret, SetClipboardData, AppendMenuA, IsClipboardFormatAvailable, GetCaretBlinkTime, ShowCaret, KillTimer, PtInRect, GetWindowLongW, DefWindowProcW, AdjustWindowRectEx, CallWindowProcW, MonitorFromPoint, GetWindowRect, DestroyWindow, InflateRect, GetDC, SetWindowPos, CopyImage, MonitorFromRect, MonitorFromWindow, FillRect, CreateWindowExW, GetIconInfo, SendMessageW, GetSystemMetrics, UnregisterClassW, CreatePopupMenu, RegisterClassExW, DestroyCursor, TrackPopupMenu, ShowWindow, DrawTextA, GetMonitorInfoW, CreateIconIndirect, ClientToScreen, MapWindowPoints, GetDoubleClickTime, FrameRect, GetSysColor, DestroyMenu, LoadCursorW, SetCapture, SetCursor, SetWindowLongW, SystemParametersInfoA |
GDI32.dll | TranslateCharsetInfo, EndPage, DPtoLP, CreateRectRgnIndirect, CreateRectRgn, CreateBitmap, CombineRgn, BitBlt, CreateCompatibleBitmap, ExtTextOutA, SelectObject, CreateDIBSection, GetTextExtentPoint32A, CreateCompatibleDC, GetTextExtentExPointW, StretchBlt, GetNearestColor, GetTextExtentExPointA, GetDeviceCaps, GetTextMetricsW, CreatePatternBrush, DeleteDC, GetTextExtentPoint32W, SetTextColor, SetBkMode, LineTo, CreatePen, Rectangle, GetObjectW, Polygon, MoveToEx, SetBkColor, Ellipse, DeleteObject, CreateSolidBrush, CreateFontIndirectW, SetTextAlign, RoundRect, ExtTextOutW, IntersectClipRect, EndDoc, StartPage, CreateFontA, GetDIBits, GetStockObject, StartDocW |
COMDLG32.dll | GetSaveFileNameW, CommDlgExtendedError, PageSetupDlgW, GetOpenFileNameW, PrintDlgW |
ADVAPI32.dll | RegCloseKey, RegOpenKeyExW, RegQueryValueExW |
SHELL32.dll | Shell_NotifyIconW, SHGetPathFromIDListW, SHGetMalloc, DragAcceptFiles, ShellExecuteExW, DragFinish, SHBrowseForFolderW, DragQueryFileW |
ole32.dll | ReleaseStgMedium, RevokeDragDrop, CoCreateInstance, CLSIDFromProgID, RegisterDragDrop, OleUninitialize, DoDragDrop, OleInitialize |
OLEAUT32.dll | SysFreeString, SysAllocString |
MSVCP140.dll | ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ, ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z, ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z, ?uncaught_exception@std@@YA_NXZ, ??0_Locinfo@std@@QAE@PBD@Z, ??1_Locinfo@std@@QAE@XZ, ??Bid@locale@std@@QAEIXZ, ?_Incref@facet@locale@std@@UAEXXZ, ?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ, ??0facet@locale@std@@IAE@I@Z, ??1facet@locale@std@@MAE@XZ, ?tolower@?$ctype@D@std@@QBEDD@Z, ?tolower@?$ctype@D@std@@QBEPBDPADPBD@Z, ?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, ?is@?$ctype@_W@std@@QBE_NF_W@Z, ?tolower@?$ctype@_W@std@@QBE_W_W@Z, ?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z, ?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z, _Query_perf_counter, _Strcoll, _Wcsxfrm, ?id@?$collate@D@std@@2V0locale@2@A, ?id@?$collate@_W@std@@2V0locale@2@A, ?id@?$ctype@D@std@@2V0locale@2@A, ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z, ?id@?$ctype@_W@std@@2V0locale@2@A, ?_Xbad_alloc@std@@YAXXZ, ?_Init@locale@std@@CAPAV_Locimp@12@_N@Z, ?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ, ??0_Lockit@std@@QAE@H@Z, ??1_Lockit@std@@QAE@XZ, _Query_perf_frequency, _Wcscoll, _Strxfrm, ?__ExceptionPtrRethrow@@YAXPBX@Z, ?__ExceptionPtrDestroy@@YAXPAX@Z, ?__ExceptionPtrToBool@@YA_NPBX@Z, ?_XGetLastError@std@@YAXXZ, ?_Xout_of_range@std@@YAXPBD@Z, ?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z, ?__ExceptionPtrCopy@@YAXPAXPBX@Z, ?__ExceptionPtrCreate@@YAXPAX@Z, ?_Xlength_error@std@@YAXPBD@Z, ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ, ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ, ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ, ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ, ??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z, ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ, ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ, ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ, ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ, ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z, ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z, ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z, ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ, ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z, ??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@F@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z, ?_Throw_C_error@std@@YAXH@Z, _Mtx_destroy_in_situ, _Mtx_lock, _Mtx_init_in_situ, _Mtx_unlock, _Cnd_signal, ?_Throw_Cpp_error@std@@YAXH@Z, _Cnd_do_broadcast_at_thread_exit, _Cnd_destroy, _Cnd_wait, _Mtx_init, _Thrd_start, _Thrd_detach, _Mtx_destroy, _Cnd_init, ?_Xinvalid_argument@std@@YAXPBD@Z, ?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z, ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z, ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z, ?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ, ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ |
VCRUNTIME140.dll | strstr, strrchr, wcsrchr, longjmp, _CxxThrowException, __std_exception_copy, _except_handler4_common, __std_exception_destroy, _purecall, strchr, __std_terminate, __CxxFrameHandler3, __RTDynamicCast, _setjmp3, memchr, memcpy, memmove, memset |
api-ms-win-crt-runtime-l1-1-0.dll | _controlfp_s, strerror, _invalid_parameter_noinfo_noreturn, exit, _register_thread_local_exe_atexit_callback, _c_exit, _exit, _initterm_e, _initterm, _get_narrow_winmain_command_line, _set_app_type, terminate, abort, _seh_filter_exe, _cexit, _crt_atexit, _register_onexit_function, _initialize_onexit_table, _initialize_narrow_environment, _configure_narrow_argv, system, _errno |
api-ms-win-crt-math-l1-1-0.dll | _CIacos, lround, roundf, __setusermatherr, _CIasin, _CIatan2, frexp, _CIcos, truncf, _CIfmod, _CIlog, _CIlog10, _CIpow, floor, _CIsin, _CIsqrt, lroundf, ldexp, _CItan, ceil, _CIexp |
api-ms-win-crt-string-l1-1-0.dll | strpbrk, toupper, isgraph, strcoll, tolower, islower, strncmp, isspace, iscntrl, isalnum, isxdigit, strncpy, wcsncmp, ispunct, isalpha, strspn, isdigit, strnlen, isupper |
api-ms-win-crt-stdio-l1-1-0.dll | tmpnam, fgets, fwrite, fopen, __stdio_common_vfprintf, _wpopen, fclose, __stdio_common_vsprintf, _popen, fputc, getc, freopen, ferror, _fseeki64, __acrt_iob_func, _ftelli64, ungetc, setvbuf, tmpfile, _set_fmode, fflush, _pclose, _wfopen, clearerr, __p__commode, feof, fputs, ftell, fread, __stdio_common_vsscanf |
api-ms-win-crt-convert-l1-1-0.dll | atol, atoi, strtoll, strtod, atoll, strtol, strtof |
api-ms-win-crt-heap-l1-1-0.dll | free, malloc, realloc, _callnewh, _set_new_mode |
api-ms-win-crt-time-l1-1-0.dll | _time64, _gmtime64, _difftime64, clock, _mktime64, _localtime64, strftime |
api-ms-win-crt-filesystem-l1-1-0.dll | remove, rename, _wchdir, _wunlink, _wstat64i32, _waccess |
api-ms-win-crt-environment-l1-1-0.dll | __p__environ, getenv, _wgetenv, _wgetcwd |
api-ms-win-crt-locale-l1-1-0.dll | setlocale, localeconv, _configthreadlocale |
api-ms-win-crt-utility-l1-1-0.dll | srand, rand |
Name | Ordinal | Address |
---|---|---|
_CreateLexer@4 | 1 | 0x402270 |
_GetLexerCount@0 | 2 | 0x4021c0 |
_GetLexerFactory@4 | 3 | 0x402250 |
_GetLexerName@12 | 4 | 0x4021e0 |
luaL_addlstring | 5 | 0x57b4f0 |
luaL_addstring | 6 | 0x57b520 |
luaL_addvalue | 7 | 0x57b640 |
luaL_argerror | 8 | 0x57a850 |
luaL_buffinit | 9 | 0x57b770 |
luaL_buffinitsize | 10 | 0x57b7a0 |
luaL_callmeta | 11 | 0x57bfa0 |
luaL_checkany | 12 | 0x57afb0 |
luaL_checkinteger | 13 | 0x57b190 |
luaL_checklstring | 14 | 0x57afe0 |
luaL_checknumber | 15 | 0x57b080 |
luaL_checkoption | 16 | 0x57ae60 |
luaL_checkstack | 17 | 0x57af30 |
luaL_checktype | 18 | 0x57af70 |
luaL_checkudata | 19 | 0x57ae30 |
luaL_checkversion_ | 20 | 0x57c900 |
luaL_error | 21 | 0x57aa50 |
luaL_execresult | 22 | 0x57ab30 |
luaL_fileresult | 23 | 0x57aa90 |
luaL_getmetafield | 24 | 0x57beb0 |
luaL_getsubtable | 25 | 0x57c420 |
luaL_gsub | 26 | 0x57c6a0 |
luaL_len | 27 | 0x57c030 |
luaL_loadbufferx | 28 | 0x57be30 |
luaL_loadfilex | 29 | 0x57bb90 |
luaL_loadstring | 30 | 0x57be70 |
luaL_newmetatable | 31 | 0x57ac20 |
luaL_newstate | 32 | 0x57c8e0 |
luaL_openlibs | 33 | 0x585ef0 |
luaL_optinteger | 34 | 0x57b1f0 |
luaL_optlstring | 35 | 0x57b010 |
luaL_optnumber | 36 | 0x57b0d0 |
luaL_prepbuffsize | 37 | 0x57b360 |
luaL_pushresult | 38 | 0x57b560 |
luaL_pushresultsize | 39 | 0x57b620 |
luaL_ref | 40 | 0x57b7d0 |
luaL_requiref | 41 | 0x57c500 |
luaL_setfuncs | 42 | 0x57c320 |
luaL_setmetatable | 43 | 0x57ad30 |
luaL_testudata | 44 | 0x57ad70 |
luaL_tolstring | 45 | 0x57c0b0 |
luaL_traceback | 46 | 0x57a500 |
luaL_unref | 47 | 0x57b910 |
luaL_where | 48 | 0x57a9d0 |
lua_absindex | 49 | 0x578180 |
lua_arith | 50 | 0x578510 |
lua_atpanic | 51 | 0x578140 |
lua_callk | 52 | 0x579630 |
lua_checkstack | 53 | 0x578050 |
lua_close | 54 | 0x593070 |
lua_compare | 55 | 0x578570 |
lua_concat | 56 | 0x579ce0 |
lua_copy | 57 | 0x5782f0 |
lua_createtable | 58 | 0x578f20 |
lua_dump | 59 | 0x5799a0 |
lua_error | 60 | 0x579ba0 |
lua_gc | 61 | 0x579a30 |
lua_getallocf | 62 | 0x579d70 |
lua_getfield | 63 | 0x578d40 |
lua_getglobal | 64 | 0x578c80 |
lua_gethook | 65 | 0x581c10 |
lua_gethookcount | 66 | 0x581c30 |
lua_gethookmask | 67 | 0x581c20 |
lua_geti | 68 | 0x578d70 |
lua_getinfo | 69 | 0x5822b0 |
lua_getlocal | 70 | 0x581d50 |
lua_getmetatable | 71 | 0x578f70 |
lua_getstack | 72 | 0x581c40 |
lua_gettable | 73 | 0x578cc0 |
lua_gettop | 74 | 0x5781b0 |
lua_getupvalue | 75 | 0x579e50 |
lua_getuservalue | 76 | 0x578fd0 |
lua_iscfunction | 77 | 0x5783e0 |
lua_isinteger | 78 | 0x578410 |
lua_isnumber | 79 | 0x578430 |
lua_isstring | 80 | 0x578470 |
lua_isuserdata | 81 | 0x5784a0 |
lua_isyieldable | 82 | 0x583a70 |
lua_len | 83 | 0x579d40 |
lua_load | 84 | 0x5797c0 |
lua_newstate | 85 | 0x592e20 |
lua_newthread | 86 | 0x592d00 |
lua_newuserdata | 87 | 0x579dc0 |
lua_next | 88 | 0x579bb0 |
lua_pcallk | 89 | 0x5796e0 |
lua_pushboolean | 90 | 0x578b70 |
lua_pushcclosure | 91 | 0x578ab0 |
lua_pushfstring | 92 | 0x578a70 |
lua_pushinteger | 93 | 0x578910 |
lua_pushlightuserdata | 94 | 0x578b90 |
lua_pushlstring | 95 | 0x578940 |
lua_pushnil | 96 | 0x5788d0 |
lua_pushnumber | 97 | 0x5788f0 |
lua_pushstring | 98 | 0x5789e0 |
lua_pushthread | 99 | 0x578bb0 |
lua_pushvalue | 100 | 0x578360 |
lua_pushvfstring | 101 | 0x578a30 |
lua_rawequal | 102 | 0x5784d0 |
lua_rawget | 103 | 0x578e20 |
lua_rawgeti | 104 | 0x578e70 |
lua_rawgetp | 105 | 0x578ec0 |
lua_rawlen | 106 | 0x578770 |
lua_rawset | 107 | 0x579300 |
lua_rawseti | 108 | 0x579390 |
lua_rawsetp | 109 | 0x579450 |
lua_resume | 110 | 0x5838f0 |
lua_rotate | 111 | 0x578290 |
lua_setallocf | 112 | 0x579da0 |
lua_setfield | 113 | 0x5791e0 |
lua_setglobal | 114 | 0x5790f0 |
lua_sethook | 115 | 0x581bd0 |
lua_seti | 116 | 0x579210 |
lua_setlocal | 117 | 0x581e00 |
lua_setmetatable | 118 | 0x579510 |
lua_settable | 119 | 0x579130 |
lua_settop | 120 | 0x5781d0 |
lua_setupvalue | 121 | 0x579ef0 |
lua_setuservalue | 122 | 0x5795b0 |
lua_status | 123 | 0x579a20 |
lua_stringtonumber | 124 | 0x5785f0 |
lua_toboolean | 125 | 0x5786c0 |
lua_tocfunction | 126 | 0x5787e0 |
lua_tointegerx | 127 | 0x578660 |
lua_tolstring | 128 | 0x5786f0 |
lua_tonumberx | 129 | 0x578610 |
lua_topointer | 130 | 0x578860 |
lua_tothread | 131 | 0x578840 |
lua_touserdata | 132 | 0x578810 |
lua_type | 133 | 0x5783a0 |
lua_typename | 134 | 0x5783d0 |
lua_upvalueid | 135 | 0x57a000 |
lua_upvaluejoin | 136 | 0x57a050 |
lua_version | 137 | 0x578160 |
lua_xmove | 138 | 0x5780e0 |
lua_yieldk | 139 | 0x583a90 |
luaopen_base | 140 | 0x57e280 |
luaopen_bit32 | 141 | 0x57e370 |
luaopen_coroutine | 142 | 0x580110 |
luaopen_debug | 143 | 0x581af0 |
luaopen_io | 144 | 0x587d60 |
luaopen_math | 145 | 0x58af30 |
luaopen_os | 146 | 0x58e3b0 |
luaopen_package | 147 | 0x58c430 |
luaopen_string | 148 | 0x596fa0 |
luaopen_table | 149 | 0x599130 |
luaopen_utf8 | 150 | 0x59aa80 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-13T11:42:13.803098+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | TCP |
2024-10-13T11:42:13.803098+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | TCP |
2024-10-13T11:42:13.808579+0200 | 2056570 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) | 1 | 192.168.2.4 | 58518 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:14.310273+0200 | 2056571 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) | 1 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:14.760733+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:14.760733+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:14.762853+0200 | 2056568 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) | 1 | 192.168.2.4 | 53988 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:14.795220+0200 | 2056566 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) | 1 | 192.168.2.4 | 50289 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:15.301012+0200 | 2056567 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
2024-10-13T11:42:15.827479+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
2024-10-13T11:42:15.827479+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | TCP |
2024-10-13T11:42:15.834870+0200 | 2056564 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) | 1 | 192.168.2.4 | 63242 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:16.329296+0200 | 2056565 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
2024-10-13T11:42:16.767536+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
2024-10-13T11:42:16.767536+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | TCP |
2024-10-13T11:42:16.813607+0200 | 2056562 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) | 1 | 192.168.2.4 | 63926 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:17.561594+0200 | 2056563 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) | 1 | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
2024-10-13T11:42:18.000399+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
2024-10-13T11:42:18.000399+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | TCP |
2024-10-13T11:42:18.026733+0200 | 2056560 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) | 1 | 192.168.2.4 | 55421 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:18.521222+0200 | 2056561 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
2024-10-13T11:42:18.937149+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
2024-10-13T11:42:18.937149+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | TCP |
2024-10-13T11:42:18.960890+0200 | 2056558 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) | 1 | 192.168.2.4 | 63734 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:19.460477+0200 | 2056559 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) | 1 | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
2024-10-13T11:42:19.886594+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
2024-10-13T11:42:19.886594+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | TCP |
2024-10-13T11:42:19.899655+0200 | 2056556 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) | 1 | 192.168.2.4 | 49501 | 1.1.1.1 | 53 | UDP |
2024-10-13T11:42:20.429036+0200 | 2056557 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:20.873314+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:20.873314+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | TCP |
2024-10-13T11:42:22.179172+0200 | 2858666 | ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup | 1 | 192.168.2.4 | 49745 | 104.102.49.254 | 443 | TCP |
2024-10-13T11:42:23.168391+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49746 | 104.21.53.8 | 443 | TCP |
2024-10-13T11:42:23.168391+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49746 | 104.21.53.8 | 443 | TCP |
2024-10-13T11:42:24.345642+0200 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49747 | 104.21.53.8 | 443 | TCP |
2024-10-13T11:42:24.345642+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49747 | 104.21.53.8 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2024 11:42:12.777863026 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:12.777926922 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:12.778018951 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:12.780844927 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:12.780877113 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.271801949 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.271893024 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.275587082 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.275614977 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.276026011 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.316584110 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.353097916 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.353137970 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.353317022 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.803191900 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.803451061 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.803527117 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.805727005 CEST | 49731 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 13, 2024 11:42:13.805747986 CEST | 443 | 49731 | 188.114.97.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.820444107 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:13.820549965 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:13.820641994 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:13.820971966 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:13.821008921 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.310065985 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.310272932 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.320581913 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.320668936 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.321041107 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.326405048 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.326405048 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.326544046 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.760730982 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.761008978 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.761219025 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.761585951 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.761585951 CEST | 49732 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:14.761653900 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.761693001 CEST | 443 | 49732 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:14.809989929 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:14.810074091 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:14.810170889 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:14.810465097 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:14.810507059 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.300923109 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.301012039 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.303069115 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.303097010 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.303620100 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.304918051 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.304961920 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.305023909 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.827557087 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.827801943 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.827940941 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.827941895 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.828032970 CEST | 49733 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 13, 2024 11:42:15.828071117 CEST | 443 | 49733 | 172.67.152.13 | 192.168.2.4 |
Oct 13, 2024 11:42:15.850724936 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:15.850786924 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:15.850852966 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:15.851329088 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:15.851361990 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.329216003 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.329296112 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.330992937 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.331023932 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.331361055 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.333163023 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.333379984 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.333415031 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.767612934 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.767853975 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.767954111 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.809106112 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.809106112 CEST | 49734 | 443 | 192.168.2.4 | 104.21.77.78 |
Oct 13, 2024 11:42:16.809165955 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.809191942 CEST | 443 | 49734 | 104.21.77.78 | 192.168.2.4 |
Oct 13, 2024 11:42:16.827920914 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:16.828018904 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:16.828141928 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:16.828444004 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:16.828480005 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:17.561525106 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:17.561594009 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:17.563613892 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:17.563653946 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:17.564068079 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:17.565310955 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:17.565346003 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:17.565402985 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:18.000468016 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:18.000732899 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:18.000806093 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:18.000878096 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:18.000914097 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:18.000952959 CEST | 49735 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 13, 2024 11:42:18.000968933 CEST | 443 | 49735 | 172.67.140.193 | 192.168.2.4 |
Oct 13, 2024 11:42:18.040836096 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.040910959 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.041371107 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.041708946 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.041738033 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.521079063 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.521222115 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.528666973 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.528702021 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.529167891 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.530823946 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.530823946 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.530925989 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.937249899 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.937480927 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.937544107 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.937755108 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.937800884 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.937829018 CEST | 49737 | 443 | 192.168.2.4 | 104.21.30.221 |
Oct 13, 2024 11:42:18.937844038 CEST | 443 | 49737 | 104.21.30.221 | 192.168.2.4 |
Oct 13, 2024 11:42:18.980334044 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:18.980418921 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:18.980529070 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:18.980947971 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:18.981030941 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.460292101 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.460477114 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.464502096 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.464555979 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.464979887 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.478441000 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.478441000 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.478663921 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.886681080 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.886909962 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.887178898 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.898066044 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.898066044 CEST | 49741 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 13, 2024 11:42:19.898133993 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.898217916 CEST | 443 | 49741 | 172.67.141.136 | 192.168.2.4 |
Oct 13, 2024 11:42:19.914042950 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:19.914066076 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:19.914133072 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:19.914592028 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:19.914601088 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.428977013 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.429035902 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.432763100 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.432768106 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.433159113 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.434214115 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.434225082 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.434302092 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.873398066 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.873625994 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.873774052 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.873774052 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.873905897 CEST | 49743 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 13, 2024 11:42:20.873914003 CEST | 443 | 49743 | 188.114.96.3 | 192.168.2.4 |
Oct 13, 2024 11:42:20.885485888 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:20.885574102 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:20.885677099 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:20.886075020 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:20.886158943 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:21.618779898 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:21.618969917 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:21.623306036 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:21.623362064 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:21.623841047 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:21.631947994 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:21.679436922 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.179341078 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.179425001 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.179430008 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.179488897 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.179522991 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.179536104 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.179594994 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.179609060 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.222961903 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.302496910 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.302557945 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.302644968 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.302684069 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.302706957 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.302735090 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309123039 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.309282064 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309313059 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.309355021 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.309377909 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309396982 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309490919 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309508085 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.309525013 CEST | 49745 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 13, 2024 11:42:22.309531927 CEST | 443 | 49745 | 104.102.49.254 | 192.168.2.4 |
Oct 13, 2024 11:42:22.321861029 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.321883917 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:22.322068930 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.322308064 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.322319984 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:22.808043003 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:22.808163881 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.809770107 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.809773922 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:22.810158968 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:22.811688900 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.811717033 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:22.811773062 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168406963 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168538094 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168598890 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.168608904 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168684959 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168725014 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.168729067 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168894053 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.168943882 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.168982029 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.168991089 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.169003963 CEST | 49746 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.169008970 CEST | 443 | 49746 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.244405985 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.244492054 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.244587898 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.244843006 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.244883060 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.744805098 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.745068073 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.746192932 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.746248007 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.746597052 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:23.747909069 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.747957945 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:23.748022079 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:24.345737934 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:24.345976114 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Oct 13, 2024 11:42:24.346180916 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:24.346180916 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:24.346182108 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:24.660465956 CEST | 49747 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 13, 2024 11:42:24.660530090 CEST | 443 | 49747 | 104.21.53.8 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2024 11:42:12.753678083 CEST | 50276 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:12.773340940 CEST | 53 | 50276 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:13.808578968 CEST | 58518 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:13.819078922 CEST | 53 | 58518 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:14.762852907 CEST | 53988 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:14.771998882 CEST | 53 | 53988 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:14.795219898 CEST | 50289 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:14.809382915 CEST | 53 | 50289 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:15.834870100 CEST | 63242 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:15.849775076 CEST | 53 | 63242 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:16.813606977 CEST | 63926 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:16.825871944 CEST | 53 | 63926 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:18.026732922 CEST | 55421 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:18.040107012 CEST | 53 | 55421 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:18.960890055 CEST | 63734 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:18.979465961 CEST | 53 | 63734 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:19.899655104 CEST | 49501 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:19.913213968 CEST | 53 | 49501 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:20.876852989 CEST | 56403 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:20.884628057 CEST | 53 | 56403 | 1.1.1.1 | 192.168.2.4 |
Oct 13, 2024 11:42:22.311084986 CEST | 62341 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 13, 2024 11:42:22.321085930 CEST | 53 | 62341 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 13, 2024 11:42:12.753678083 CEST | 192.168.2.4 | 1.1.1.1 | 0x9a73 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:13.808578968 CEST | 192.168.2.4 | 1.1.1.1 | 0x86e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:14.762852907 CEST | 192.168.2.4 | 1.1.1.1 | 0x2f86 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:14.795219898 CEST | 192.168.2.4 | 1.1.1.1 | 0xcc4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:15.834870100 CEST | 192.168.2.4 | 1.1.1.1 | 0x1868 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:16.813606977 CEST | 192.168.2.4 | 1.1.1.1 | 0x3008 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:18.026732922 CEST | 192.168.2.4 | 1.1.1.1 | 0x563c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:18.960890055 CEST | 192.168.2.4 | 1.1.1.1 | 0xe65a | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:19.899655104 CEST | 192.168.2.4 | 1.1.1.1 | 0x3e70 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:20.876852989 CEST | 192.168.2.4 | 1.1.1.1 | 0xde34 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:22.311084986 CEST | 192.168.2.4 | 1.1.1.1 | 0xb5e6 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 13, 2024 11:42:12.773340940 CEST | 1.1.1.1 | 192.168.2.4 | 0x9a73 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:12.773340940 CEST | 1.1.1.1 | 192.168.2.4 | 0x9a73 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:13.819078922 CEST | 1.1.1.1 | 192.168.2.4 | 0x86e4 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:13.819078922 CEST | 1.1.1.1 | 192.168.2.4 | 0x86e4 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:14.771998882 CEST | 1.1.1.1 | 192.168.2.4 | 0x2f86 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 13, 2024 11:42:14.809382915 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4 | No error (0) | 172.67.152.13 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:14.809382915 CEST | 1.1.1.1 | 192.168.2.4 | 0xcc4 | No error (0) | 104.21.33.249 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:15.849775076 CEST | 1.1.1.1 | 192.168.2.4 | 0x1868 | No error (0) | 104.21.77.78 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:15.849775076 CEST | 1.1.1.1 | 192.168.2.4 | 0x1868 | No error (0) | 172.67.205.156 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:16.825871944 CEST | 1.1.1.1 | 192.168.2.4 | 0x3008 | No error (0) | 172.67.140.193 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:16.825871944 CEST | 1.1.1.1 | 192.168.2.4 | 0x3008 | No error (0) | 104.21.46.170 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:18.040107012 CEST | 1.1.1.1 | 192.168.2.4 | 0x563c | No error (0) | 104.21.30.221 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:18.040107012 CEST | 1.1.1.1 | 192.168.2.4 | 0x563c | No error (0) | 172.67.173.224 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:18.979465961 CEST | 1.1.1.1 | 192.168.2.4 | 0xe65a | No error (0) | 172.67.141.136 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:18.979465961 CEST | 1.1.1.1 | 192.168.2.4 | 0xe65a | No error (0) | 104.21.79.35 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:19.913213968 CEST | 1.1.1.1 | 192.168.2.4 | 0x3e70 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:19.913213968 CEST | 1.1.1.1 | 192.168.2.4 | 0x3e70 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:20.884628057 CEST | 1.1.1.1 | 192.168.2.4 | 0xde34 | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:22.321085930 CEST | 1.1.1.1 | 192.168.2.4 | 0xb5e6 | No error (0) | 104.21.53.8 | A (IP address) | IN (0x0001) | false | ||
Oct 13, 2024 11:42:22.321085930 CEST | 1.1.1.1 | 192.168.2.4 | 0xb5e6 | No error (0) | 172.67.206.204 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49731 | 188.114.97.3 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:13 UTC | 261 | OUT | |
2024-10-13 09:42:13 UTC | 8 | OUT | |
2024-10-13 09:42:13 UTC | 821 | IN | |
2024-10-13 09:42:13 UTC | 15 | IN | |
2024-10-13 09:42:13 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49732 | 188.114.96.3 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:14 UTC | 260 | OUT | |
2024-10-13 09:42:14 UTC | 8 | OUT | |
2024-10-13 09:42:14 UTC | 817 | IN | |
2024-10-13 09:42:14 UTC | 15 | IN | |
2024-10-13 09:42:14 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49733 | 172.67.152.13 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:15 UTC | 260 | OUT | |
2024-10-13 09:42:15 UTC | 8 | OUT | |
2024-10-13 09:42:15 UTC | 815 | IN | |
2024-10-13 09:42:15 UTC | 15 | IN | |
2024-10-13 09:42:15 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49734 | 104.21.77.78 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:16 UTC | 260 | OUT | |
2024-10-13 09:42:16 UTC | 8 | OUT | |
2024-10-13 09:42:16 UTC | 813 | IN | |
2024-10-13 09:42:16 UTC | 15 | IN | |
2024-10-13 09:42:16 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49735 | 172.67.140.193 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:17 UTC | 261 | OUT | |
2024-10-13 09:42:17 UTC | 8 | OUT | |
2024-10-13 09:42:17 UTC | 819 | IN | |
2024-10-13 09:42:17 UTC | 15 | IN | |
2024-10-13 09:42:17 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49737 | 104.21.30.221 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:18 UTC | 262 | OUT | |
2024-10-13 09:42:18 UTC | 8 | OUT | |
2024-10-13 09:42:18 UTC | 831 | IN | |
2024-10-13 09:42:18 UTC | 15 | IN | |
2024-10-13 09:42:18 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49741 | 172.67.141.136 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:19 UTC | 263 | OUT | |
2024-10-13 09:42:19 UTC | 8 | OUT | |
2024-10-13 09:42:19 UTC | 817 | IN | |
2024-10-13 09:42:19 UTC | 15 | IN | |
2024-10-13 09:42:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49743 | 188.114.96.3 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:20 UTC | 264 | OUT | |
2024-10-13 09:42:20 UTC | 8 | OUT | |
2024-10-13 09:42:20 UTC | 827 | IN | |
2024-10-13 09:42:20 UTC | 15 | IN | |
2024-10-13 09:42:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49745 | 104.102.49.254 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:21 UTC | 219 | OUT | |
2024-10-13 09:42:22 UTC | 1870 | IN | |
2024-10-13 09:42:22 UTC | 14514 | IN | |
2024-10-13 09:42:22 UTC | 16384 | IN | |
2024-10-13 09:42:22 UTC | 3768 | IN | |
2024-10-13 09:42:22 UTC | 171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49746 | 104.21.53.8 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:22 UTC | 264 | OUT | |
2024-10-13 09:42:22 UTC | 8 | OUT | |
2024-10-13 09:42:23 UTC | 563 | IN | |
2024-10-13 09:42:23 UTC | 806 | IN | |
2024-10-13 09:42:23 UTC | 1369 | IN | |
2024-10-13 09:42:23 UTC | 1369 | IN | |
2024-10-13 09:42:23 UTC | 897 | IN | |
2024-10-13 09:42:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49747 | 104.21.53.8 | 443 | 1012 | C:\Users\user\Desktop\Set-up.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-13 09:42:23 UTC | 354 | OUT | |
2024-10-13 09:42:23 UTC | 82 | OUT | |
2024-10-13 09:42:24 UTC | 825 | IN | |
2024-10-13 09:42:24 UTC | 15 | IN | |
2024-10-13 09:42:24 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 05:42:01 |
Start date: | 13/10/2024 |
Path: | C:\Users\user\Desktop\Set-up.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa60000 |
File size: | 2'729'072 bytes |
MD5 hash: | 4B923F3600F76EA3FCF20959D94369AC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 05:42:23 |
Start date: | 13/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x280000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.5% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 69.6% |
Total number of Nodes: | 56 |
Total number of Limit Nodes: | 7 |
Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D0B35 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D0575 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A26C17 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A25835 Relevance: 1.6, APIs: 1, Instructions: 318memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E31E3 Relevance: 27.8, Strings: 22, Instructions: 337COMMON
Control-flow Graph
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A0B122 Relevance: 24.1, Strings: 19, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00AC6E10 Relevance: 23.2, Strings: 18, Instructions: 694COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6D420 Relevance: 19.7, APIs: 8, Strings: 3, Instructions: 412memorycomCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73200 Relevance: 16.6, APIs: 11, Instructions: 70clipboardmemoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029DEAC2 Relevance: 14.0, Strings: 11, Instructions: 224COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029F0A92 Relevance: 12.7, Strings: 9, Instructions: 1420COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029F0A90 Relevance: 9.3, Strings: 7, Instructions: 592COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E05C2 Relevance: 9.2, Strings: 7, Instructions: 445COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BE23E0 Relevance: 9.0, Strings: 7, Instructions: 254COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A85050 Relevance: 8.4, APIs: 5, Instructions: 918COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02A13A02 Relevance: 6.6, Strings: 5, Instructions: 341COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A645D0 Relevance: 6.3, APIs: 4, Instructions: 278COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BFEFA3 Relevance: 6.0, APIs: 4, Instructions: 25timethreadCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02A13532 Relevance: 5.4, Strings: 4, Instructions: 352COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029DFA78 Relevance: 5.1, Strings: 4, Instructions: 128COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A6D240 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029F3752 Relevance: 4.2, Strings: 3, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029FEA52 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 02A131B2 Relevance: 2.8, Strings: 2, Instructions: 284COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029F9444 Relevance: 2.6, Strings: 2, Instructions: 141COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E2407 Relevance: 2.6, Strings: 2, Instructions: 134COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A89460 Relevance: 1.7, Strings: 1, Instructions: 496COMMON
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029D50D2 Relevance: 1.7, Strings: 1, Instructions: 433COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029F2682 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A04B52 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029FD6A2 Relevance: 1.5, Strings: 1, Instructions: 245COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A78B40 Relevance: 1.5, APIs: 1, Instructions: 244COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029E21DD Relevance: 1.4, Strings: 1, Instructions: 116COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A15452 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E145C Relevance: 1.3, Strings: 1, Instructions: 32COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029DD472 Relevance: .8, Instructions: 805COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D87C2 Relevance: .7, Instructions: 657COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D91C2 Relevance: .6, Instructions: 620COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D0000 Relevance: .6, Instructions: 564COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A93990 Relevance: .4, Instructions: 437COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A673E0 Relevance: .3, Instructions: 338COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029DC4A2 Relevance: .3, Instructions: 329COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A15B12 Relevance: .3, Instructions: 306COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A15572 Relevance: .3, Instructions: 254COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029F7792 Relevance: .2, Instructions: 241COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029EEA12 Relevance: .2, Instructions: 240COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A06AD2 Relevance: .2, Instructions: 212COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E86B3 Relevance: .2, Instructions: 211COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A6E410 Relevance: .2, Instructions: 175COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029D7032 Relevance: .2, Instructions: 166COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A0F542 Relevance: .2, Instructions: 155COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00A93070 Relevance: .2, Instructions: 154COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 029E2732 Relevance: .1, Instructions: 136COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 02A0C562 Relevance: .1, Instructions: 127COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D1185 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029FC4A3 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029DB457 Relevance: .1, Instructions: 90COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029E0542 Relevance: .1, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D8422 Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029D1184 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029FF712 Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 029EE412 Relevance: .0, Instructions: 38COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73B60 Relevance: 43.9, APIs: 14, Strings: 11, Instructions: 121libraryloaderregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6EAC0 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 316windowtimeCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BEB290 Relevance: 28.3, APIs: 12, Strings: 4, Instructions: 266stringCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A883F0 Relevance: 27.4, APIs: 18, Instructions: 391COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A62780 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 161libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A68D00 Relevance: 21.4, APIs: 14, Instructions: 375COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00ACA380 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 178windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6BF40 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 164registrywindowtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDAA50 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73F20 Relevance: 15.2, APIs: 10, Instructions: 241COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A68570 Relevance: 15.2, APIs: 10, Instructions: 207COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8A5D0 Relevance: 15.1, APIs: 10, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8A790 Relevance: 15.1, APIs: 10, Instructions: 132COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6F4E0 Relevance: 15.1, APIs: 10, Instructions: 102COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A72AF0 Relevance: 13.9, APIs: 9, Instructions: 436COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63900 Relevance: 13.8, APIs: 9, Instructions: 272COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6F620 Relevance: 13.7, APIs: 9, Instructions: 200COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6D050 Relevance: 13.6, APIs: 9, Instructions: 130COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDA2A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 112stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A65750 Relevance: 12.2, APIs: 8, Instructions: 213COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A62F60 Relevance: 12.1, APIs: 8, Instructions: 53COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73860 Relevance: 10.7, APIs: 7, Instructions: 228COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A74BF0 Relevance: 10.7, APIs: 7, Instructions: 210COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6C3E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 79comlibraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BED050 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 61stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A68160 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8A1D0 Relevance: 9.3, APIs: 6, Instructions: 251COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6CA40 Relevance: 9.2, APIs: 6, Instructions: 170COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A692B0 Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A72900 Relevance: 9.1, APIs: 6, Instructions: 133COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A742D0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6C840 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63220 Relevance: 9.1, APIs: 6, Instructions: 104COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73110 Relevance: 9.1, APIs: 6, Instructions: 89memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDBA20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 71stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A75750 Relevance: 7.7, APIs: 5, Instructions: 249stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6D910 Relevance: 7.6, APIs: 5, Instructions: 146COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A96BB0 Relevance: 7.6, APIs: 5, Instructions: 144COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A789F0 Relevance: 7.6, APIs: 5, Instructions: 141COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A75DD0 Relevance: 7.6, APIs: 5, Instructions: 138COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A963D0 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A68430 Relevance: 7.6, APIs: 5, Instructions: 95windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6B050 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63490 Relevance: 7.6, APIs: 5, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A640F0 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63350 Relevance: 7.6, APIs: 5, Instructions: 59COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63550 Relevance: 7.6, APIs: 5, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A630C0 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A67F90 Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BECEF0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 123stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDAB30 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 79stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A97180 Relevance: 6.3, APIs: 4, Instructions: 287COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A67C80 Relevance: 6.2, APIs: 4, Instructions: 233COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63C60 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A71720 Relevance: 6.2, APIs: 4, Instructions: 214COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AC9DC0 Relevance: 6.2, APIs: 4, Instructions: 190COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AD15A0 Relevance: 6.2, APIs: 4, Instructions: 189COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6B3F0 Relevance: 6.2, APIs: 4, Instructions: 181COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8E100 Relevance: 6.2, APIs: 4, Instructions: 156COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63F40 Relevance: 6.2, APIs: 4, Instructions: 155COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A62320 Relevance: 6.2, APIs: 4, Instructions: 153COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A70FF0 Relevance: 6.2, APIs: 4, Instructions: 153COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AC5EC0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A6B270 Relevance: 6.1, APIs: 4, Instructions: 148COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A74A90 Relevance: 6.1, APIs: 4, Instructions: 142COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00AD1FE0 Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A7CA40 Relevance: 6.1, APIs: 4, Instructions: 131COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A7C920 Relevance: 6.1, APIs: 4, Instructions: 126COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63A99 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A64240 Relevance: 6.1, APIs: 4, Instructions: 95COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A644E0 Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A73E00 Relevance: 6.1, APIs: 4, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BDBAF0 Relevance: 6.1, APIs: 4, Instructions: 62COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A7FD80 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A68940 Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A63150 Relevance: 6.0, APIs: 4, Instructions: 25COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8E5D0 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00A8E510 Relevance: 5.1, APIs: 4, Instructions: 70COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|