Windows
Analysis Report
Verus.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- Verus.exe (PID: 7416 cmdline:
"C:\Users\ user\Deskt op\Verus.e xe" MD5: 9639830D1A300D2E4C409C5809374039) - WerFault.exe (PID: 7896 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 416 -s 181 2 MD5: C31336C1EFC2CCB44B4326EA793040F2)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["enginenek.buzz", "ehticsprocw.sbs", "allocatinow.sbs", "vennurviot.sbs", "mathcucom.sbs", "resinedyw.sbs", "enlargkiw.sbs", "condifendteu.sbs", "drawwyobstacw.sbs"], "Build id": "yau6Na--1816906785"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:19.941969+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:20.905771+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-10-14T09:41:21.927938+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
2024-10-14T09:41:22.865609+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
2024-10-14T09:41:23.863313+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
2024-10-14T09:41:24.794499+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
2024-10-14T09:41:25.755191+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
2024-10-14T09:41:26.721336+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:28.784132+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 104.21.53.8 | 443 | TCP |
2024-10-14T09:41:29.769239+0200 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:19.941969+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:20.905771+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-10-14T09:41:21.927938+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
2024-10-14T09:41:22.865609+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
2024-10-14T09:41:23.863313+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
2024-10-14T09:41:24.794499+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
2024-10-14T09:41:25.755191+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
2024-10-14T09:41:26.721336+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:28.784132+0200 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.4 | 49749 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:29.769239+0200 | 2049812 | 1 | A Network Trojan was detected | 192.168.2.4 | 49750 | 104.21.53.8 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:25.328291+0200 | 2056559 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:26.247417+0200 | 2056557 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:24.361546+0200 | 2056561 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:21.465726+0200 | 2056567 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:20.457525+0200 | 2056571 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:22.430952+0200 | 2056565 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:23.419075+0200 | 2056563 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:20.913836+0200 | 2056568 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 57419 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:24.826858+0200 | 2056558 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63303 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:25.756813+0200 | 2056556 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 59559 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:23.865115+0200 | 2056560 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 55426 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:20.923976+0200 | 2056566 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 59480 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:19.948249+0200 | 2056570 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 63793 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:21.935684+0200 | 2056564 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 61189 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:22.882835+0200 | 2056562 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 54020 | 1.1.1.1 | 53 | UDP |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:28.061383+0200 | 2858666 | 1 | Domain Observed Used for C2 Detected | 192.168.2.4 | 49748 | 104.102.49.254 | 443 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_00420B80 | |
Source: | Code function: | 0_2_004BD1D0 | |
Source: | Code function: | 0_2_0045D260 |
Source: | Code function: | 0_2_00B7F0A0 | |
Source: | Code function: | 0_2_00B7D070 | |
Source: | Code function: | 0_2_00B7D070 | |
Source: | Code function: | 0_2_00B70050 | |
Source: | Code function: | 0_2_00B92160 | |
Source: | Code function: | 0_2_00B702E3 | |
Source: | Code function: | 0_2_00B922C0 | |
Source: | Code function: | 0_2_00B57260 | |
Source: | Code function: | 0_2_00B72350 | |
Source: | Code function: | 0_2_00B614B3 | |
Source: | Code function: | 0_2_00B5F430 | |
Source: | Code function: | 0_2_00B5F430 | |
Source: | Code function: | 0_2_00B62418 | |
Source: | Code function: | 0_2_00B7D460 | |
Source: | Code function: | 0_2_00B61566 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_004468C0 |
Source: | Code function: | 0_2_004468C0 |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_00BA9AF1 |
Source: | Code function: | 0_2_0042E530 |
Source: | Code function: | 0_2_004A6509 | |
Source: | Code function: | 0_2_004A62ED | |
Source: | Code function: | 0_2_004A8373 | |
Source: | Code function: | 0_2_004A632F | |
Source: | Code function: | 0_2_0042E530 | |
Source: | Code function: | 0_2_0042A650 | |
Source: | Code function: | 0_2_004406C0 | |
Source: | Code function: | 0_2_004788E0 | |
Source: | Code function: | 0_2_0045CB70 | |
Source: | Code function: | 0_2_00476C50 | |
Source: | Code function: | 0_2_00418DA0 | |
Source: | Code function: | 0_2_0048EE30 | |
Source: | Code function: | 0_2_0048F030 | |
Source: | Code function: | 0_2_00453190 | |
Source: | Code function: | 0_2_0048F430 | |
Source: | Code function: | 0_2_0041D4D0 | |
Source: | Code function: | 0_2_0041D5C0 | |
Source: | Code function: | 0_2_0041D6A9 | |
Source: | Code function: | 0_2_0041D7A0 | |
Source: | Code function: | 0_2_00493978 | |
Source: | Code function: | 0_2_004B9E30 | |
Source: | Code function: | 0_2_004A5F58 | |
Source: | Code function: | 0_2_00B506F3 | |
Source: | Code function: | 0_2_00BA9AF1 | |
Source: | Code function: | 0_2_00B75080 | |
Source: | Code function: | 0_2_00B67007 | |
Source: | Code function: | 0_2_00B50001 | |
Source: | Code function: | 0_2_00B7D070 | |
Source: | Code function: | 0_2_00B5F040 | |
Source: | Code function: | 0_2_00B6C106 | |
Source: | Code function: | 0_2_00B6E106 | |
Source: | Code function: | 0_2_00B552E0 | |
Source: | Code function: | 0_2_00B963E0 | |
Source: | Code function: | 0_2_00B72350 | |
Source: | Code function: | 0_2_00B684F2 | |
Source: | Code function: | 0_2_00B8D4E0 | |
Source: | Code function: | 0_2_00B5F430 | |
Source: | Code function: | 0_2_00B59440 | |
Source: | Code function: | 0_2_00B5B566 |
Source: | Process created: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_00424350 |
Source: | Code function: | 0_2_00B50E03 |
Source: | Code function: | 0_2_0043F0B0 |
Source: | Code function: | 0_2_00456840 |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0042E6D0 |
Source: | Static PE information: |
Source: | Code function: | 0_2_004962B4 | |
Source: | Code function: | 0_2_0042B549 | |
Source: | Code function: | 0_2_00449771 |
Source: | Code function: | 0_2_0044D0E0 |
Source: | Code function: | 0_2_00475810 |
Source: | Registry key monitored for changes: | Jump to behavior | ||
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 0_2_00420B80 | |
Source: | Code function: | 0_2_004BD1D0 | |
Source: | Code function: | 0_2_0045D260 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_004911AA |
Source: | Code function: | 0_2_0042E6D0 |
Source: | Code function: | 0_2_00B506F3 | |
Source: | Code function: | 0_2_00B50CB3 | |
Source: | Code function: | 0_2_00B51063 | |
Source: | Code function: | 0_2_00B51303 | |
Source: | Code function: | 0_2_00B51302 |
Source: | Code function: | 0_2_00490B59 |
Source: | Code function: | 0_2_004911AA | |
Source: | Code function: | 0_2_004958B6 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0045C7B0 |
Source: | Code function: | 0_2_004BC690 |
Source: | Code function: | 0_2_0044F760 |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 2 Virtualization/Sandbox Evasion | OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 1 Query Registry | Remote Desktop Protocol | 2 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Native API | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 41 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 1 PowerShell | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 2 Virtualization/Sandbox Evasion | Distributed Component Object Model | Input Capture | 114 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 2 Process Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 1 File and Directory Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 25 System Information Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
21% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
20% | Virustotal | Browse | ||
18% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
20% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
21% | Virustotal | Browse | ||
8% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
16% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
21% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
20% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
16% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
condifendteu.sbs | 172.67.141.136 | true | true |
| unknown |
steamcommunity.com | 104.102.49.254 | true | true |
| unknown |
vennurviot.sbs | 172.67.140.193 | true | true |
| unknown |
drawwyobstacw.sbs | 188.114.97.3 | true | true |
| unknown |
mathcucom.sbs | 188.114.96.3 | true | true |
| unknown |
enginenek.buzz | 188.114.97.3 | true | true |
| unknown |
sergei-esenin.com | 104.21.53.8 | true | true |
| unknown |
ehticsprocw.sbs | 172.67.173.224 | true | true |
| unknown |
resinedyw.sbs | 172.67.205.156 | true | true |
| unknown |
enlargkiw.sbs | 172.67.152.13 | true | true |
| unknown |
allocatinow.sbs | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.53.8 | sergei-esenin.com | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.97.3 | drawwyobstacw.sbs | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.173.224 | ehticsprocw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
188.114.96.3 | mathcucom.sbs | European Union | 13335 | CLOUDFLARENETUS | true | |
172.67.152.13 | enlargkiw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.141.136 | condifendteu.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
104.102.49.254 | steamcommunity.com | United States | 16625 | AKAMAI-ASUS | true | |
172.67.205.156 | resinedyw.sbs | United States | 13335 | CLOUDFLARENETUS | true | |
172.67.140.193 | vennurviot.sbs | United States | 13335 | CLOUDFLARENETUS | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1533001 |
Start date and time: | 2024-10-14 09:40:06 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | Verus.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/5@11/9 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.20
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, otelrules.azureedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:41:20 | API Interceptor | |
03:41:41 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.53.8 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse | |||
188.114.97.3 | Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
drawwyobstacw.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
vennurviot.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
condifendteu.sbs | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
steamcommunity.com | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Verus.exe_60c2564910af18faa22197385ca3547fdd3431b_6e980beb_4fc4714e-6a46-4c80-b28f-3fd7bfcdd490\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.0748308489921798 |
Encrypted: | false |
SSDEEP: | 192:P22x680ao80BU/wjJqhD0OzuiFhZ24IO8z:vot3BU/wj9OzuiFhY4IO8z |
MD5: | 69DBC49A515230594017819FA9E0A5B0 |
SHA1: | 1B89BFE82AB703DC920C0251620A8B0F54A28234 |
SHA-256: | D72BCA9FFB930CF4749F0EAD0363A5DB52367A31851B2554FD21073BDD8500C5 |
SHA-512: | 4DDDAAA4F8FCB9F3C01F5AB78D028C533A3A6B6877B3ED32A61540F1072CCA3A390BDDE0A96EF53DAF7D1A98A50832CDB5D91FB8B13B5A2E8456C33BB1395DA9 |
Malicious: | true |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 131090 |
Entropy (8bit): | 2.0336667433889906 |
Encrypted: | false |
SSDEEP: | 384:COjCSh9RaBWNq1fZIu8NW7gkJQtcWbG05HWFaV8XnfkMWHA5Hdgpow:fdrRaBWNqdcg7fAXgHX1Opr |
MD5: | 3F8AEB1721C805ACDBD5E664C74EFDE6 |
SHA1: | 4DBBEEA35B4E13697EBF263117B9FF4607DD5309 |
SHA-256: | 73BE4D342AE8542617AFB3ABF7DDF7FF7B57F6274BC3167EDB064EC31D0101D0 |
SHA-512: | E80EB13C6D64B4F9FE6E510F41007B99C7176D404E6F06D1947A7B77ECB60165F63E0A2D8045C314061B2BA06C77A96DCC4AB04D05200E36470A958791FF1285 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8350 |
Entropy (8bit): | 3.7007530219952662 |
Encrypted: | false |
SSDEEP: | 192:R6l7wVeJaO6jL6Y9nSUCUgmfUIprG89bjjsfRBm:R6lXJL6P6YNSUCUgmfUqjIfm |
MD5: | F156F46BC31D18E3F45C1A6A0752CD93 |
SHA1: | DAF62E22F7370E24AC8B8508A80B57314890E18F |
SHA-256: | 073540097061359FCDBF6D4145DC60D007ECF53F9486C33F65486FA1E092FB1E |
SHA-512: | ECC6C058F0E18332ACCE741DFDF6AB9A7B98E116125A76B9BEB5BD0A7264E1E2ECBCB0F7A768EBE0CF3EA7C6332991E86BB942F446B709D5B10DE7B72A79E8B5 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4664 |
Entropy (8bit): | 4.481809090343319 |
Encrypted: | false |
SSDEEP: | 48:cvIwWl8zsBJg77aI9C/vWpW8VY1Ym8M4JUqFp+q8GDEWvUfhfDwMRd:uIjfTI7K+7VJJ/mWvUfhfLRd |
MD5: | 938AC545DFDD6D8DEDFC33E0FCB0E97D |
SHA1: | C423CA4EDEF2C8F5F0F87D2C925E7EF3C5EF0D72 |
SHA-256: | 6382486E0FBC2AA1527B332A6C7999411C009325BA59BB6B130FA1DA45E9C6F4 |
SHA-512: | 6A8C17BCFBF140278CA66EE28CD82ADA054092A24AA0255286A37CD57A55CF5A025A46AA5E6C3E2DF14E64A444D25CAD903BC315961556339DF9CD1D11AC5264 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1835008 |
Entropy (8bit): | 4.465539495637126 |
Encrypted: | false |
SSDEEP: | 6144:ZIXfpi67eLPU9skLmb0b4FWSPKaJG8nAgejZMMhA2gX4WABl0uNTdwBCswSbd:qXD94FWlLZMM6YFHh+d |
MD5: | 83EE31EFB2F1C1AD79FC0C66D654987E |
SHA1: | 16A1E624527780227D9A75D37AB546756FFA4D2C |
SHA-256: | 4A81878DE6FCC3163AEF2A886A16B9E4153F5FAF77C46545F507F7D2194D8B97 |
SHA-512: | E783BD3B8EEC80495BA4F2A83E92CFBEE7E7C3AC46035E23CD26BCABD9922FFE23B6DD6A156880274B5CF0DD812840DF66AD71A3362EFAD8F124A0689255E981 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.894087108591329 |
TrID: |
|
File name: | Verus.exe |
File size: | 2'394'152 bytes |
MD5: | 9639830d1a300d2e4c409c5809374039 |
SHA1: | 69a8860b3e95de30f7abb485d11908c4deceff68 |
SHA256: | 6d7a6e7c674e93b337ed751614e214ab6430a4c4ae5a9811c3ed3fdac5e0ae59 |
SHA512: | 8d5a1aa9e840fdb105131f5b28883f565ec2361c2a3cad3439f4221daf886ad1770baabb4027383c5e48e532e8e6222eef789b08dc2dd2a3f4dfce63c0545efa |
SSDEEP: | 24576:c9oYv0s5EOybPGe+LAm0q9eKYSec3skTdG6kFjN/FGitIFcGbQD4vWpy0JeWJ06G:Kvvv9e0eyskTdh2N/FGiuFcZi0g0DU5T |
TLSH: | 2EB55C6D6E4A80A4C06D1037CDB152BC6DF46C35EFB5A8E3E2547A31AA3DBD15832783 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........}.....Y...Y...Y.N:Y...Y.N+Y...Y...Y...Y.N,Y<..Y.d%Y...Y...Y...Y...Y...Y...Y...Y.d+Y...Y.N;Y...Y.d>Y...YRich...Y........PE..L.. |
Icon Hash: | cc9a92cceab2ee4c |
Entrypoint: | 0x493520 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x51D2C152 [Tue Jul 2 12:02:26 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 38a27b0dd57a5c25ab8b3b91a143c948 |
Signature Valid: | false |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 5F1B6B6C408DB2B4D60BAA489E9A0E5A |
Thumbprint SHA-1: | 15F760D82C79D22446CC7D4806540BF632B1E104 |
Thumbprint SHA-256: | 28AF76241322F210DA473D9569EFF6F27124C4CA9F43933DA547E8D068B0A95D |
Serial: | 0997C56CAA59055394D9A9CDB8BEEB56 |
Instruction |
---|
call 00007FC50917FBC2h |
jmp 00007FC50917251Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov cx, word ptr [eax] |
inc eax |
inc eax |
test cx, cx |
jne 00007FC509172698h |
sub eax, dword ptr [ebp+08h] |
sar eax, 1 |
dec eax |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
push ebx |
xor ebx, ebx |
cmp dword ptr [ebp+14h], ebx |
jne 00007FC5091726C2h |
call 00007FC5091761FEh |
push ebx |
push ebx |
push ebx |
push ebx |
push ebx |
mov dword ptr [eax], 00000016h |
call 00007FC5091702A5h |
add esp, 14h |
or eax, FFFFFFFFh |
jmp 00007FC50917276Ah |
push esi |
mov esi, dword ptr [ebp+0Ch] |
push edi |
mov edi, dword ptr [ebp+10h] |
cmp edi, ebx |
je 00007FC5091726C6h |
cmp esi, ebx |
jne 00007FC5091726C2h |
call 00007FC5091761CEh |
push ebx |
push ebx |
push ebx |
push ebx |
push ebx |
mov dword ptr [eax], 00000016h |
call 00007FC509170275h |
add esp, 14h |
or eax, FFFFFFFFh |
jmp 00007FC509172738h |
mov dword ptr [ebp-14h], 00000042h |
mov dword ptr [ebp-18h], esi |
mov dword ptr [ebp-20h], esi |
cmp edi, 3FFFFFFFh |
jbe 00007FC5091726ABh |
mov dword ptr [ebp-1Ch], 7FFFFFFFh |
jmp 00007FC5091726A8h |
lea eax, dword ptr [edi+edi] |
mov dword ptr [ebp-1Ch], eax |
push dword ptr [ebp+1Ch] |
lea eax, dword ptr [ebp-20h] |
push dword ptr [ebp+18h] |
push dword ptr [ebp+14h] |
push eax |
call dword ptr [ebp+08h] |
add esp, 10h |
mov dword ptr [ebp+14h], eax |
cmp esi, ebx |
je 00007FC5091726F7h |
cmp eax, ebx |
jl 00007FC5091726E4h |
dec dword ptr [ebp+00h] |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xe8a0c | 0xf0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x13d000 | 0x155a00 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x246200 | 0x2628 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xde778 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc4000 | 0x5d0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xc2f53 | 0xc3000 | a15a6949673de06fc1718b81825945c6 | False | 0.47380934495192306 | data | 6.487549296419732 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xc4000 | 0x26970 | 0x26a00 | 824431f3e7fa3e50db851a3e674b8e12 | False | 0.3727181937702265 | data | 4.998566283762889 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xeb000 | 0x51088 | 0x6a00 | 4eb300d19f57f9c1d69db570a09b4a50 | False | 0.1915905070754717 | data | 4.326337990672463 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x13d000 | 0x155a00 | 0x155a00 | 4af0b48a5172534b8cbcd7401b768c09 | False | 0.43668744854555436 | data | 6.816982796602948 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
PNG | 0x13e2e4 | 0x1cbaa | PNG image data, 495 x 283, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0003909104814996 |
PNG | 0x15ae90 | 0xf33 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0028270367514778 |
PNG | 0x15bdc4 | 0x10c4 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0025629077353215 |
PNG | 0x15ce88 | 0x10c4 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0025629077353215 |
PNG | 0x15df4c | 0xf33 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0028270367514778 |
PNG | 0x15ee80 | 0xf33 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0028270367514778 |
PNG | 0x15fdb4 | 0x1ea6 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.00140198827428 |
PNG | 0x161c5c | 0x10c4 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0025629077353215 |
PNG | 0x162d20 | 0x10c4 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0025629077353215 |
PNG | 0x163de4 | 0x10c4 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0025629077353215 |
PNG | 0x164ea8 | 0x1ea8 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.001401630988787 |
PNG | 0x166d50 | 0x2003 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0013422818791946 |
PNG | 0x168d54 | 0xf33 | PNG image data, 123 x 71, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0028270367514778 |
PNG | 0x169c88 | 0x1d02 | PNG image data, 91 x 45, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0014812819822245 |
PNG | 0x16b98c | 0x1ce6 | PNG image data, 91 x 45, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0014868883482022 |
PNG | 0x16d674 | 0x1bc4 | PNG image data, 96 x 46, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0015475520540236 |
PNG | 0x16f238 | 0x1cb4 | PNG image data, 91 x 45, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.001497005988024 |
PNG | 0x170eec | 0x1e18 | PNG image data, 91 x 45, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.0014278296988577 |
PNG | 0x172d04 | 0x1bd3 | PNG image data, 91 x 45, 8-bit/color RGBA, non-interlaced | Swedish | Sweden | 1.001544293134915 |
RT_BITMAP | 0x1748d8 | 0x4562a | Device independent bitmap graphic, 320 x 222 x 32, image size 284162, resolution 3818 x 3818 px/m | Swedish | Sweden | 0.15178288681993793 |
RT_BITMAP | 0x1b9f04 | 0x1c28 | Device independent bitmap graphic, 112 x 16 x 32, image size 7168 | Swedish | Sweden | 0.5811598224195339 |
RT_BITMAP | 0x1bbb2c | 0xb28 | Device independent bitmap graphic, 112 x 16 x 8, image size 1792, 256 important colors | Swedish | Sweden | 0.5192577030812325 |
RT_BITMAP | 0x1bc654 | 0xc28 | Device independent bitmap graphic, 48 x 16 x 32, image size 3072 | Swedish | Sweden | 0.3589331619537275 |
RT_BITMAP | 0x1bd27c | 0x928 | Device independent bitmap graphic, 48 x 16 x 24, image size 2304 | Swedish | Sweden | 0.3075938566552901 |
RT_BITMAP | 0x1bdba4 | 0x5028 | Device independent bitmap graphic, 320 x 16 x 32, image size 20480 | Swedish | Sweden | 0.4873294346978557 |
RT_BITMAP | 0x1c2bcc | 0x3c28 | Device independent bitmap graphic, 320 x 16 x 24, image size 15360 | Swedish | Sweden | 0.42038961038961037 |
RT_BITMAP | 0x1c67f4 | 0x3a9aa | Device independent bitmap graphic, 300 x 200 x 32, image size 240002, resolution 2834 x 2834 px/m | Swedish | Sweden | 0.17459861190958248 |
RT_BITMAP | 0x2011a0 | 0x14028 | Device independent bitmap graphic, 640 x 32 x 32, image size 81920 | Swedish | Sweden | 0.3706564177647633 |
RT_BITMAP | 0x2151c8 | 0xf028 | Device independent bitmap graphic, 640 x 32 x 24, image size 61440 | Swedish | Sweden | 0.34936564736499676 |
RT_BITMAP | 0x2241f0 | 0xc28 | Device independent bitmap graphic, 64 x 16 x 24, image size 3072 | Swedish | Sweden | 0.5819408740359897 |
RT_BITMAP | 0x224e18 | 0x48ea | Device independent bitmap graphic, 219 x 80 x 8, image size 17602, resolution 3818 x 3818 px/m | Swedish | Sweden | 0.6069323904425158 |
RT_ICON | 0x229704 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.16932624113475178 |
RT_ICON | 0x229b6c | 0x1128 | Device independent bitmap graphic, 32 x 64 x 32, image size 4352 | English | United States | 0.10359744990892532 |
RT_ICON | 0x22ac94 | 0x2668 | Device independent bitmap graphic, 48 x 96 x 32, image size 9792 | English | United States | 0.0814686737184703 |
RT_ICON | 0x22d2fc | 0x3076 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 0.9788005803643398 |
RT_MENU | 0x230374 | 0x734 | data | English | United States | 0.3872017353579176 |
RT_MENU | 0x230aa8 | 0x6c | data | Swedish | Sweden | 0.7685185185185185 |
RT_MENU | 0x230b14 | 0xae | data | Swedish | Sweden | 0.7126436781609196 |
RT_MENU | 0x230bc4 | 0x26 | data | Swedish | Sweden | 1.0526315789473684 |
RT_DIALOG | 0x230bec | 0x152 | data | English | United States | 0.606508875739645 |
RT_DIALOG | 0x230d40 | 0x524 | data | English | United States | 0.3541033434650456 |
RT_DIALOG | 0x231264 | 0x230 | data | Swedish | Sweden | 0.48214285714285715 |
RT_DIALOG | 0x231494 | 0x154 | data | Swedish | Sweden | 0.5558823529411765 |
RT_DIALOG | 0x2315e8 | 0x2e4 | data | Swedish | Sweden | 0.4905405405405405 |
RT_DIALOG | 0x2318cc | 0x138 | data | Swedish | Sweden | 0.5897435897435898 |
RT_DIALOG | 0x231a04 | 0x21c | data | Swedish | Sweden | 0.5574074074074075 |
RT_DIALOG | 0x231c20 | 0xd4 | data | English | United States | 0.6792452830188679 |
RT_DIALOG | 0x231cf4 | 0x420 | data | English | United States | 0.4119318181818182 |
RT_DIALOG | 0x232114 | 0x2bc | data | English | United States | 0.49 |
RT_DIALOG | 0x2323d0 | 0x60 | data | Swedish | Sweden | 0.7708333333333334 |
RT_DIALOG | 0x232430 | 0x1c0 | data | English | United States | 0.45982142857142855 |
RT_DIALOG | 0x2325f0 | 0x2ca | data | English | United States | 0.47759103641456585 |
RT_DIALOG | 0x2328bc | 0x2d8 | data | English | United States | 0.42445054945054944 |
RT_DIALOG | 0x232b94 | 0x1c6 | data | English | United States | 0.5616740088105727 |
RT_DIALOG | 0x232d5c | 0x140 | data | Swedish | Sweden | 0.54375 |
RT_DIALOG | 0x232e9c | 0x1b4 | data | Swedish | Sweden | 0.5688073394495413 |
RT_DIALOG | 0x233050 | 0x120 | data | Swedish | Sweden | 0.6319444444444444 |
RT_DIALOG | 0x233170 | 0x586 | data | English | United States | 0.4045261669024045 |
RT_DIALOG | 0x2336f8 | 0x34e | data | English | United States | 0.48817966903073284 |
RT_DIALOG | 0x233a48 | 0x178 | data | English | United States | 0.5478723404255319 |
RT_DIALOG | 0x233bc0 | 0x258 | data | English | United States | 0.45166666666666666 |
RT_DIALOG | 0x233e18 | 0x19c | data | Swedish | Sweden | 0.5606796116504854 |
RT_DIALOG | 0x233fb4 | 0x528 | data | English | United States | 0.4196969696969697 |
RT_DIALOG | 0x2344dc | 0x132 | data | Swedish | Sweden | 0.6045751633986928 |
RT_DIALOG | 0x234610 | 0x472 | data | English | United States | 0.3268892794376098 |
RT_DIALOG | 0x234a84 | 0x1c0 | data | Swedish | Sweden | 0.5200892857142857 |
RT_DIALOG | 0x234c44 | 0x1d6 | data | Swedish | Sweden | 0.5553191489361702 |
RT_DIALOG | 0x234e1c | 0x178 | data | English | United States | 0.5930851063829787 |
RT_DIALOG | 0x234f94 | 0x140 | data | English | United States | 0.571875 |
RT_DIALOG | 0x2350d4 | 0xb8 | data | English | United States | 0.6902173913043478 |
RT_DIALOG | 0x23518c | 0x28c | data | Swedish | Sweden | 0.49846625766871167 |
RT_DIALOG | 0x235418 | 0x1d0 | data | Swedish | Sweden | 0.540948275862069 |
RT_DIALOG | 0x2355e8 | 0x330 | data | Swedish | Sweden | 0.43137254901960786 |
RT_DIALOG | 0x235918 | 0xb0 | data | English | United States | 0.6306818181818182 |
RT_DIALOG | 0x2359c8 | 0x98 | data | English | United States | 0.7039473684210527 |
RT_DIALOG | 0x235a60 | 0x51e | data | English | Great Britain | 0.43740458015267175 |
RT_STRING | 0x235f80 | 0x2e4 | data | English | United States | 0.32837837837837835 |
RT_STRING | 0x236264 | 0x170 | data | English | United States | 0.483695652173913 |
RT_STRING | 0x2363d4 | 0x1b0 | data | English | United States | 0.3773148148148148 |
RT_STRING | 0x236584 | 0x2bc | data | English | United States | 0.38 |
RT_STRING | 0x236840 | 0x1fa | data | English | United States | 0.41699604743083 |
RT_STRING | 0x236a3c | 0x11a | data | English | United States | 0.524822695035461 |
RT_STRING | 0x236b58 | 0x50 | data | English | United States | 0.625 |
RT_STRING | 0x236ba8 | 0x2a | data | English | United States | 0.5476190476190477 |
RT_STRING | 0x236bd4 | 0x15c | data | English | United States | 0.4511494252873563 |
RT_STRING | 0x236d30 | 0xbe | data | English | United States | 0.6210526315789474 |
RT_STRING | 0x236df0 | 0xda | data | English | United States | 0.43119266055045874 |
RT_STRING | 0x236ecc | 0xca | data | English | United States | 0.4207920792079208 |
RT_STRING | 0x236f98 | 0x1f8 | data | English | United States | 0.36706349206349204 |
RT_STRING | 0x237190 | 0xae | data | English | United States | 0.5689655172413793 |
RT_STRING | 0x237240 | 0x44 | data | English | United States | 0.6764705882352942 |
RT_ACCELERATOR | 0x237284 | 0x48 | data | English | United States | 0.8888888888888888 |
RT_GROUP_ICON | 0x2372cc | 0x3e | data | English | United States | 0.8064516129032258 |
RT_VERSION | 0x23730c | 0x264 | data | English | United States | 0.46895424836601307 |
RT_MANIFEST | 0x237570 | 0x36a | ASCII text, with CRLF line terminators | English | United States | 0.41647597254004576 |
DLL | Import |
---|---|
WINMM.dll | mciSendCommandW, mciSendStringW |
KERNEL32.dll | GlobalUnlock, GlobalLock, GlobalAlloc, InitializeCriticalSection, DeleteCriticalSection, lstrcmpiW, MultiByteToWideChar, SizeofResource, LoadResource, FindResourceW, LoadLibraryExW, GetModuleHandleW, GetLocalTime, LocalUnlock, LocalLock, MulDiv, GetVolumeInformationW, lstrcpynA, lstrlenA, GetCurrentProcessId, LockResource, GlobalSize, FileTimeToDosDateTime, FileTimeToLocalFileTime, SystemTimeToFileTime, GetTempPathW, CompareFileTime, ExpandEnvironmentStringsA, LoadLibraryA, SetFilePointer, GetFileTime, GetFileSize, GetFileAttributesW, DeleteFileW, GetTempFileNameW, RemoveDirectoryW, CreateDirectoryW, GetFileAttributesExW, GetTimeZoneInformation, GetConsoleCP, LCMapStringW, LCMapStringA, QueryPerformanceCounter, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, InterlockedDecrement, FreeEnvironmentStringsW, GetModuleFileNameA, GetStdHandle, GetModuleHandleA, IsValidCodePage, GetOEMCP, GetACP, GetCPInfo, ExitProcess, HeapSize, HeapReAlloc, HeapCreate, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetSystemTimeAsFileTime, GetStartupInfoW, RtlUnwind, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, HeapAlloc, GetProcessHeap, HeapFree, InterlockedCompareExchange, GetStringTypeA, GetStringTypeW, InterlockedIncrement, GetLogicalDrives, GetDriveTypeW, GetTickCount, AreFileApisANSI, WideCharToMultiByte, CreateFileW, DeviceIoControl, ResetEvent, GetProcAddress, GetDiskFreeSpaceExW, CreatePipe, DuplicateHandle, GetLocaleInfoA, SetStdHandle, FlushFileBuffers, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, CompareStringA, CreateEventW, WriteFile, WaitForMultipleObjects, PeekNamedPipe, ReadFile, TerminateProcess, SetEvent, TerminateThread, CreateProcessW, GetLastError, DosDateTimeToFileTime, FileTimeToSystemTime, GetDateFormatW, FindFirstFileW, FindNextFileW, FindClose, lstrcmpW, GetConsoleMode, lstrcpyW, SetLastError, CreateThread, WaitForSingleObject, Sleep, CloseHandle, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, lstrlenW, lstrcpynW, GetVersionExW, LeaveCriticalSection, EnterCriticalSection, RaiseException, LoadLibraryW, FreeLibrary, GetModuleFileNameW, lstrcatW, CompareStringW, SetEnvironmentVariableA, GetEnvironmentStringsW, InitializeCriticalSectionAndSpinCount |
USER32.dll | MessageBeep, LoadStringA, PostQuitMessage, CreatePopupMenu, IsDialogMessageW, TranslateAcceleratorW, GetCapture, GetMessagePos, DrawEdge, RemoveMenu, UnregisterClassA, SetRectEmpty, SetCursor, IsMenu, GetMenuItemCount, IsClipboardFormatAvailable, GetClipboardData, CloseClipboard, wsprintfW, GetFocus, OpenClipboard, IsZoomed, IsIconic, SetMenu, GetMenu, IsWindowVisible, GetWindowThreadProcessId, ModifyMenuW, PtInRect, ReleaseCapture, SetCapture, LoadStringW, LoadAcceleratorsW, RegisterClassExW, CharNextW, LoadCursorW, GetClassInfoExW, wvsprintfW, FrameRect, ClientToScreen, GetWindowLongA, SetWindowLongA, CallWindowProcA, FindWindowExW, CheckMenuItem, EnableMenuItem, RegisterClipboardFormatW, SendDlgItemMessageW, SetWindowsHookExW, GetClassNameW, CallNextHookEx, WindowFromPoint, GetKeyState, GetWindowDC, LoadMenuW, InflateRect, OffsetRect, DrawFrameControl, DrawStateW, DestroyMenu, GetSubMenu, EndPaint, BeginPaint, RedrawWindow, GetCursorPos, TrackPopupMenuEx, SetMenuDefaultItem, CharLowerW, UnhookWindowsHookEx, RegisterWindowMessageW, IsWindowUnicode, GetMenuItemInfoW, SetMenuItemInfoW, PostMessageW, SetFocus, GetSysColor, DrawTextW, DrawFocusRect, GetSysColorBrush, FillRect, TrackMouseEvent, InvalidateRect, MoveWindow, LoadIconW, LoadBitmapW, CreateWindowExW, GetSystemMetrics, KillTimer, SetTimer, ScreenToClient, GetWindowTextLengthW, GetWindowTextW, CallWindowProcW, DestroyWindow, DefWindowProcW, InsertMenuW, IsWindowEnabled, GetSystemMenu, IsDlgButtonChecked, CheckDlgButton, GetDlgItemTextW, GetActiveWindow, EnableWindow, CreateDialogParamW, DialogBoxParamW, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, IsWindow, ShowWindow, SetWindowTextW, LoadImageW, DestroyIcon, SetWindowLongW, GetDC, GetWindow, GetWindowRect, SystemParametersInfoW, GetClientRect, MapWindowPoints, SetWindowPos, MessageBoxW, GetDlgItem, GetParent, SetDlgItemTextW, ReleaseDC, GetWindowLongW, SendMessageW, EndDialog, UpdateWindow, AppendMenuW |
GDI32.dll | GetTextExtentPoint32W, ExcludeClipRect, CreateDIBSection, SetBrushOrgEx, CreateBitmap, CreatePatternBrush, PatBlt, CreateSolidBrush, ExtTextOutW, CreateCompatibleDC, CreateCompatibleBitmap, SetBkColor, SetTextColor, SelectObject, DeleteDC, GetTextMetricsW, DeleteObject, GetDeviceCaps, BitBlt, SetBkMode, GetObjectW, GetStockObject, CreateFontIndirectW |
COMDLG32.dll | GetOpenFileNameW, GetSaveFileNameW |
ADVAPI32.dll | RegOpenKeyExA, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegOpenKeyExW, RegSetValueExW, RegQueryInfoKeyW, RegEnumKeyExW, RegQueryValueExW, RegQueryValueExA, RegDeleteKeyW |
SHELL32.dll | SHGetSpecialFolderPathW, DragQueryPoint, DragFinish, SHGetSpecialFolderLocation, DragQueryFileW, SHGetDesktopFolder, SHGetMalloc, SHGetFolderPathW, SHGetFileInfoW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteW |
ole32.dll | RegisterDragDrop, RevokeDragDrop, OleUninitialize, OleInitialize, CoInitialize, CoUninitialize, CoCreateInstance, CoTaskMemRealloc, ReleaseStgMedium, CoTaskMemAlloc, CoTaskMemFree, CoLockObjectExternal, DoDragDrop |
OLEAUT32.dll | SysAllocString, SysFreeString, VarUI4FromStr |
COMCTL32.dll | ImageList_Destroy, ImageList_ReplaceIcon, ImageList_Create, PropertySheetW, DestroyPropertySheetPage, CreatePropertySheetPageW, ImageList_AddMasked, ImageList_Add, ImageList_Draw, InitCommonControlsEx, CreateStatusWindowW, ImageList_GetImageCount |
VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Swedish | Sweden | |
English | United States | |
English | Great Britain |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-14T09:41:19.941969+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:19.941969+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:19.948249+0200 | 2056570 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mathcucom .sbs) | 1 | 192.168.2.4 | 63793 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:20.457525+0200 | 2056571 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (mathcucom .sbs in TLS SNI) | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-10-14T09:41:20.905771+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-10-14T09:41:20.905771+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | TCP |
2024-10-14T09:41:20.913836+0200 | 2056568 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (allocatinow .sbs) | 1 | 192.168.2.4 | 57419 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:20.923976+0200 | 2056566 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (enlargkiw .sbs) | 1 | 192.168.2.4 | 59480 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:21.465726+0200 | 2056567 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (enlargkiw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
2024-10-14T09:41:21.927938+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
2024-10-14T09:41:21.927938+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | TCP |
2024-10-14T09:41:21.935684+0200 | 2056564 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (resinedyw .sbs) | 1 | 192.168.2.4 | 61189 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:22.430952+0200 | 2056565 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (resinedyw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
2024-10-14T09:41:22.865609+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
2024-10-14T09:41:22.865609+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | TCP |
2024-10-14T09:41:22.882835+0200 | 2056562 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (vennurviot .sbs) | 1 | 192.168.2.4 | 54020 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:23.419075+0200 | 2056563 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (vennurviot .sbs in TLS SNI) | 1 | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
2024-10-14T09:41:23.863313+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
2024-10-14T09:41:23.863313+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | TCP |
2024-10-14T09:41:23.865115+0200 | 2056560 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (ehticsprocw .sbs) | 1 | 192.168.2.4 | 55426 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:24.361546+0200 | 2056561 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (ehticsprocw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
2024-10-14T09:41:24.794499+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
2024-10-14T09:41:24.794499+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | TCP |
2024-10-14T09:41:24.826858+0200 | 2056558 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (condifendteu .sbs) | 1 | 192.168.2.4 | 63303 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:25.328291+0200 | 2056559 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (condifendteu .sbs in TLS SNI) | 1 | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
2024-10-14T09:41:25.755191+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
2024-10-14T09:41:25.755191+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | TCP |
2024-10-14T09:41:25.756813+0200 | 2056556 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (drawwyobstacw .sbs) | 1 | 192.168.2.4 | 59559 | 1.1.1.1 | 53 | UDP |
2024-10-14T09:41:26.247417+0200 | 2056557 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (drawwyobstacw .sbs in TLS SNI) | 1 | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:26.721336+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:26.721336+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | TCP |
2024-10-14T09:41:28.061383+0200 | 2858666 | ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup | 1 | 192.168.2.4 | 49748 | 104.102.49.254 | 443 | TCP |
2024-10-14T09:41:28.784132+0200 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.4 | 49749 | 104.21.53.8 | 443 | TCP |
2024-10-14T09:41:28.784132+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49749 | 104.21.53.8 | 443 | TCP |
2024-10-14T09:41:29.769239+0200 | 2049812 | ET MALWARE Lumma Stealer Related Activity M2 | 1 | 192.168.2.4 | 49750 | 104.21.53.8 | 443 | TCP |
2024-10-14T09:41:29.769239+0200 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.4 | 49750 | 104.21.53.8 | 443 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 09:41:18.834940910 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:18.834969044 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:18.835040092 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:18.837810993 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:18.837821007 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.433150053 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.433340073 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.437124014 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.437129021 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.437514067 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.491250992 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.491250992 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.491480112 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.942049980 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.942255020 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.942394018 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.944299936 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.944309950 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.944340944 CEST | 49734 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:19.944345951 CEST | 443 | 49734 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.961669922 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:19.961764097 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:19.962125063 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:19.962410927 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:19.962445021 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.457432985 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.457525015 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.459364891 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.459412098 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.459815979 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.461056948 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.461100101 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.461152077 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.905783892 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.905889034 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.905944109 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.906080008 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.906119108 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.906146049 CEST | 49736 | 443 | 192.168.2.4 | 188.114.96.3 |
Oct 14, 2024 09:41:20.906161070 CEST | 443 | 49736 | 188.114.96.3 | 192.168.2.4 |
Oct 14, 2024 09:41:20.939310074 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:20.939352036 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:20.939424992 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:20.939732075 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:20.939748049 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.465435028 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.465725899 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.467255116 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.467283964 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.467760086 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.469002962 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.469053030 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.469114065 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.927956104 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.928067923 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.928131104 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.933027029 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.933072090 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.933104992 CEST | 49739 | 443 | 192.168.2.4 | 172.67.152.13 |
Oct 14, 2024 09:41:21.933120966 CEST | 443 | 49739 | 172.67.152.13 | 192.168.2.4 |
Oct 14, 2024 09:41:21.950958967 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:21.951010942 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:21.951071978 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:21.951479912 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:21.951508045 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.430788994 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.430952072 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.435312033 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.435338974 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.435735941 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.444118023 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.444118023 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.444207907 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.865674019 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.865897894 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.866008043 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.866326094 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.866326094 CEST | 49741 | 443 | 192.168.2.4 | 172.67.205.156 |
Oct 14, 2024 09:41:22.866350889 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.866363049 CEST | 443 | 49741 | 172.67.205.156 | 192.168.2.4 |
Oct 14, 2024 09:41:22.906192064 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:22.906233072 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:22.906306028 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:22.906949997 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:22.906965017 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.418759108 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.419075012 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.420475960 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.420501947 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.421013117 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.422410011 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.422446012 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.422636986 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.863419056 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.863647938 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.863715887 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.863787889 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.863830090 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.863861084 CEST | 49743 | 443 | 192.168.2.4 | 172.67.140.193 |
Oct 14, 2024 09:41:23.863876104 CEST | 443 | 49743 | 172.67.140.193 | 192.168.2.4 |
Oct 14, 2024 09:41:23.880709887 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:23.880747080 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:23.880805016 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:23.881117105 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:23.881128073 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.361320019 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.361546040 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.364856958 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.364870071 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.365253925 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.374089003 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.374140024 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.374458075 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.794476986 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.794713020 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.794780970 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.794862032 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.794882059 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.794898033 CEST | 49745 | 443 | 192.168.2.4 | 172.67.173.224 |
Oct 14, 2024 09:41:24.794905901 CEST | 443 | 49745 | 172.67.173.224 | 192.168.2.4 |
Oct 14, 2024 09:41:24.842199087 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:24.842243910 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:24.842323065 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:24.842675924 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:24.842689991 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.327877045 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.328290939 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.329565048 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.329590082 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.329962969 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.331068993 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.331098080 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.331151009 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.755207062 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.755311966 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.755423069 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.755755901 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.755755901 CEST | 49746 | 443 | 192.168.2.4 | 172.67.141.136 |
Oct 14, 2024 09:41:25.755786896 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.755806923 CEST | 443 | 49746 | 172.67.141.136 | 192.168.2.4 |
Oct 14, 2024 09:41:25.770857096 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:25.770896912 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:25.771161079 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:25.771285057 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:25.771298885 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.247353077 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.247416973 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.249511957 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.249516964 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.249708891 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.250771999 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.250771999 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.250821114 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.721333981 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.721398115 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.721462011 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.721813917 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.721822023 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.721832991 CEST | 49747 | 443 | 192.168.2.4 | 188.114.97.3 |
Oct 14, 2024 09:41:26.721837044 CEST | 443 | 49747 | 188.114.97.3 | 192.168.2.4 |
Oct 14, 2024 09:41:26.733858109 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:26.733946085 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:26.734031916 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:26.734345913 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:26.734381914 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:27.436997890 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:27.437072992 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:27.438967943 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:27.438992023 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:27.439217091 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:27.440509081 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:27.487402916 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.061394930 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.061414003 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.061450958 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.061516047 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.061556101 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.061582088 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.183851957 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.183872938 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.183949947 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.184005976 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.184036016 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.184079885 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.190717936 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.190776110 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.190783978 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.190794945 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.190867901 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.190984964 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.190984964 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.192559004 CEST | 49748 | 443 | 192.168.2.4 | 104.102.49.254 |
Oct 14, 2024 09:41:28.192575932 CEST | 443 | 49748 | 104.102.49.254 | 192.168.2.4 |
Oct 14, 2024 09:41:28.202399969 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.202488899 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.202595949 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.202877998 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.202919006 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.671761990 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.671840906 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.673321009 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.673357964 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.673587084 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.674807072 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.674849033 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.674895048 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784131050 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784168959 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784241915 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.784265995 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784291029 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784329891 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.784358978 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.784518003 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.784545898 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.784579039 CEST | 49749 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.784594059 CEST | 443 | 49749 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.854022980 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.854100943 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:28.854188919 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.854464054 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:28.854500055 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.337938070 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.338047028 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.339346886 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.339374065 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.339601994 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.340753078 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.340789080 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.340959072 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.769236088 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.769300938 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.769377947 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.769539118 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.769589901 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Oct 14, 2024 09:41:29.769642115 CEST | 49750 | 443 | 192.168.2.4 | 104.21.53.8 |
Oct 14, 2024 09:41:29.769659042 CEST | 443 | 49750 | 104.21.53.8 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2024 09:41:18.811662912 CEST | 59316 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:18.826179981 CEST | 53 | 59316 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:19.948249102 CEST | 63793 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:19.960006952 CEST | 53 | 63793 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:20.913836002 CEST | 57419 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:20.922637939 CEST | 53 | 57419 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:20.923975945 CEST | 59480 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:20.938632965 CEST | 53 | 59480 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:21.935683966 CEST | 61189 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:21.950117111 CEST | 53 | 61189 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:22.882834911 CEST | 54020 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:22.905225992 CEST | 53 | 54020 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:23.865114927 CEST | 55426 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:23.879785061 CEST | 53 | 55426 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:24.826858044 CEST | 63303 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:24.840157986 CEST | 53 | 63303 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:25.756813049 CEST | 59559 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:25.770072937 CEST | 53 | 59559 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:26.724972010 CEST | 51493 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:26.733023882 CEST | 53 | 51493 | 1.1.1.1 | 192.168.2.4 |
Oct 14, 2024 09:41:28.192564011 CEST | 54846 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 14, 2024 09:41:28.201606989 CEST | 53 | 54846 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 14, 2024 09:41:18.811662912 CEST | 192.168.2.4 | 1.1.1.1 | 0x43f1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:19.948249102 CEST | 192.168.2.4 | 1.1.1.1 | 0x10f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:20.913836002 CEST | 192.168.2.4 | 1.1.1.1 | 0x6e15 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:20.923975945 CEST | 192.168.2.4 | 1.1.1.1 | 0xf630 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:21.935683966 CEST | 192.168.2.4 | 1.1.1.1 | 0xeefa | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:22.882834911 CEST | 192.168.2.4 | 1.1.1.1 | 0xb0b0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:23.865114927 CEST | 192.168.2.4 | 1.1.1.1 | 0x90eb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:24.826858044 CEST | 192.168.2.4 | 1.1.1.1 | 0x8199 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:25.756813049 CEST | 192.168.2.4 | 1.1.1.1 | 0xb827 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:26.724972010 CEST | 192.168.2.4 | 1.1.1.1 | 0x28af | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:28.192564011 CEST | 192.168.2.4 | 1.1.1.1 | 0xbbb9 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 14, 2024 09:41:18.826179981 CEST | 1.1.1.1 | 192.168.2.4 | 0x43f1 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:18.826179981 CEST | 1.1.1.1 | 192.168.2.4 | 0x43f1 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:19.960006952 CEST | 1.1.1.1 | 192.168.2.4 | 0x10f5 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:19.960006952 CEST | 1.1.1.1 | 192.168.2.4 | 0x10f5 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:20.922637939 CEST | 1.1.1.1 | 192.168.2.4 | 0x6e15 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 14, 2024 09:41:20.938632965 CEST | 1.1.1.1 | 192.168.2.4 | 0xf630 | No error (0) | 172.67.152.13 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:20.938632965 CEST | 1.1.1.1 | 192.168.2.4 | 0xf630 | No error (0) | 104.21.33.249 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:21.950117111 CEST | 1.1.1.1 | 192.168.2.4 | 0xeefa | No error (0) | 172.67.205.156 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:21.950117111 CEST | 1.1.1.1 | 192.168.2.4 | 0xeefa | No error (0) | 104.21.77.78 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:22.905225992 CEST | 1.1.1.1 | 192.168.2.4 | 0xb0b0 | No error (0) | 172.67.140.193 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:22.905225992 CEST | 1.1.1.1 | 192.168.2.4 | 0xb0b0 | No error (0) | 104.21.46.170 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:23.879785061 CEST | 1.1.1.1 | 192.168.2.4 | 0x90eb | No error (0) | 172.67.173.224 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:23.879785061 CEST | 1.1.1.1 | 192.168.2.4 | 0x90eb | No error (0) | 104.21.30.221 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:24.840157986 CEST | 1.1.1.1 | 192.168.2.4 | 0x8199 | No error (0) | 172.67.141.136 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:24.840157986 CEST | 1.1.1.1 | 192.168.2.4 | 0x8199 | No error (0) | 104.21.79.35 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:25.770072937 CEST | 1.1.1.1 | 192.168.2.4 | 0xb827 | No error (0) | 188.114.97.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:25.770072937 CEST | 1.1.1.1 | 192.168.2.4 | 0xb827 | No error (0) | 188.114.96.3 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:26.733023882 CEST | 1.1.1.1 | 192.168.2.4 | 0x28af | No error (0) | 104.102.49.254 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:28.201606989 CEST | 1.1.1.1 | 192.168.2.4 | 0xbbb9 | No error (0) | 104.21.53.8 | A (IP address) | IN (0x0001) | false | ||
Oct 14, 2024 09:41:28.201606989 CEST | 1.1.1.1 | 192.168.2.4 | 0xbbb9 | No error (0) | 172.67.206.204 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49734 | 188.114.97.3 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:19 UTC | 261 | OUT | |
2024-10-14 07:41:19 UTC | 8 | OUT | |
2024-10-14 07:41:19 UTC | 823 | IN | |
2024-10-14 07:41:19 UTC | 15 | IN | |
2024-10-14 07:41:19 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 188.114.96.3 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:20 UTC | 260 | OUT | |
2024-10-14 07:41:20 UTC | 8 | OUT | |
2024-10-14 07:41:20 UTC | 823 | IN | |
2024-10-14 07:41:20 UTC | 15 | IN | |
2024-10-14 07:41:20 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49739 | 172.67.152.13 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:21 UTC | 260 | OUT | |
2024-10-14 07:41:21 UTC | 8 | OUT | |
2024-10-14 07:41:21 UTC | 811 | IN | |
2024-10-14 07:41:21 UTC | 15 | IN | |
2024-10-14 07:41:21 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49741 | 172.67.205.156 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:22 UTC | 260 | OUT | |
2024-10-14 07:41:22 UTC | 8 | OUT | |
2024-10-14 07:41:22 UTC | 815 | IN | |
2024-10-14 07:41:22 UTC | 15 | IN | |
2024-10-14 07:41:22 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49743 | 172.67.140.193 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:23 UTC | 261 | OUT | |
2024-10-14 07:41:23 UTC | 8 | OUT | |
2024-10-14 07:41:23 UTC | 823 | IN | |
2024-10-14 07:41:23 UTC | 15 | IN | |
2024-10-14 07:41:23 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49745 | 172.67.173.224 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:24 UTC | 262 | OUT | |
2024-10-14 07:41:24 UTC | 8 | OUT | |
2024-10-14 07:41:24 UTC | 817 | IN | |
2024-10-14 07:41:24 UTC | 15 | IN | |
2024-10-14 07:41:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49746 | 172.67.141.136 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:25 UTC | 263 | OUT | |
2024-10-14 07:41:25 UTC | 8 | OUT | |
2024-10-14 07:41:25 UTC | 817 | IN | |
2024-10-14 07:41:25 UTC | 15 | IN | |
2024-10-14 07:41:25 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49747 | 188.114.97.3 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:26 UTC | 264 | OUT | |
2024-10-14 07:41:26 UTC | 8 | OUT | |
2024-10-14 07:41:26 UTC | 835 | IN | |
2024-10-14 07:41:26 UTC | 15 | IN | |
2024-10-14 07:41:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49748 | 104.102.49.254 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:27 UTC | 219 | OUT | |
2024-10-14 07:41:28 UTC | 1870 | IN | |
2024-10-14 07:41:28 UTC | 14514 | IN | |
2024-10-14 07:41:28 UTC | 16384 | IN | |
2024-10-14 07:41:28 UTC | 3768 | IN | |
2024-10-14 07:41:28 UTC | 171 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49749 | 104.21.53.8 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:28 UTC | 264 | OUT | |
2024-10-14 07:41:28 UTC | 8 | OUT | |
2024-10-14 07:41:28 UTC | 553 | IN | |
2024-10-14 07:41:28 UTC | 816 | IN | |
2024-10-14 07:41:28 UTC | 1369 | IN | |
2024-10-14 07:41:28 UTC | 1369 | IN | |
2024-10-14 07:41:28 UTC | 887 | IN | |
2024-10-14 07:41:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49750 | 104.21.53.8 | 443 | 7416 | C:\Users\user\Desktop\Verus.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-10-14 07:41:29 UTC | 354 | OUT | |
2024-10-14 07:41:29 UTC | 52 | OUT | |
2024-10-14 07:41:29 UTC | 831 | IN | |
2024-10-14 07:41:29 UTC | 15 | IN | |
2024-10-14 07:41:29 UTC | 5 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:41:02 |
Start date: | 14/10/2024 |
Path: | C:\Users\user\Desktop\Verus.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 2'394'152 bytes |
MD5 hash: | 9639830D1A300D2E4C409C5809374039 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 6 |
Start time: | 03:41:29 |
Start date: | 14/10/2024 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x520000 |
File size: | 483'680 bytes |
MD5 hash: | C31336C1EFC2CCB44B4326EA793040F2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Execution Graph
Execution Coverage: | 0.6% |
Dynamic/Decrypted Code Coverage: | 51.3% |
Signature Coverage: | 40% |
Total number of Nodes: | 115 |
Total number of Limit Nodes: | 16 |
Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B50CB3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B506F3 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004A6509 Relevance: 1.6, APIs: 1, Instructions: 308memoryCOMMONLIBRARYCODE
Control-flow Graph
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00BAA795 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00BA93B3 Relevance: 1.6, APIs: 1, Instructions: 318memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00453190 Relevance: 83.2, APIs: 42, Strings: 5, Instructions: 945windowstringregistryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B72350 Relevance: 38.9, Strings: 30, Instructions: 1384COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 004406C0 Relevance: 37.3, APIs: 17, Strings: 4, Instructions: 506registrystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420B80 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 155stringwindowfileCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E530 Relevance: 21.3, APIs: 8, Strings: 4, Instructions: 270synchronizationCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E6D0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 51libraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CB70 Relevance: 10.2, Strings: 8, Instructions: 163COMMON
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B6C106 Relevance: 10.2, Strings: 8, Instructions: 156COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B6E106 Relevance: 10.2, Strings: 8, Instructions: 153COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0045C7B0 Relevance: 9.1, APIs: 6, Instructions: 134timestringwindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D0E0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004788E0 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BD1D0 Relevance: 4.6, APIs: 3, Instructions: 118stringfileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424350 Relevance: 4.6, APIs: 3, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B75080 Relevance: 4.2, Strings: 3, Instructions: 453COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5F430 Relevance: 4.1, Strings: 3, Instructions: 358COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5F040 Relevance: 4.1, Strings: 3, Instructions: 317COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7F0A0 Relevance: 2.7, Strings: 2, Instructions: 242COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B5B566 Relevance: 2.6, Strings: 2, Instructions: 83COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00490B59 Relevance: 2.5, APIs: 2, Instructions: 17memoryCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BC690 Relevance: 1.6, APIs: 1, Instructions: 128timeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B7D070 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0043F0B0 Relevance: 1.5, APIs: 1, Instructions: 34comCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B684F2 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B62418 Relevance: 1.3, Strings: 1, Instructions: 10COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B59440 Relevance: .6, Instructions: 596COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B50001 Relevance: .5, Instructions: 534COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B552E0 Relevance: .4, Instructions: 389COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B67007 Relevance: .4, Instructions: 355COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B963E0 Relevance: .3, Instructions: 346COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0048F030 Relevance: .3, Instructions: 266COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00476C50 Relevance: .2, Instructions: 210COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B8D4E0 Relevance: .2, Instructions: 189COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B57260 Relevance: .2, Instructions: 169COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0048EE30 Relevance: .2, Instructions: 151COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A62ED Relevance: .1, Instructions: 148COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004A632F Relevance: .1, Instructions: 130COMMONLIBRARYCODE
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00B92160 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B51303 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B70050 Relevance: .1, Instructions: 84COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B614B3 Relevance: .1, Instructions: 72COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B922C0 Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B51302 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B7D460 Relevance: .0, Instructions: 40COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B51063 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B61566 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00B702E3 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00422920 Relevance: 82.6, APIs: 45, Strings: 2, Instructions: 364stringtimewindowCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041CF40 Relevance: 75.6, APIs: 42, Strings: 1, Instructions: 322windowlibraryCOMMON
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00434400 Relevance: 65.0, APIs: 33, Strings: 4, Instructions: 276windowlibrarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EC70 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 304windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424870 Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 344windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C8D0 Relevance: 56.3, APIs: 30, Strings: 2, Instructions: 344windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442010 Relevance: 55.8, APIs: 20, Strings: 17, Instructions: 279stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004488F0 Relevance: 44.1, APIs: 21, Strings: 4, Instructions: 307windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C7E0 Relevance: 44.0, APIs: 22, Strings: 3, Instructions: 241windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00447030 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 157windowlibraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CED0 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 370windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424510 Relevance: 42.2, APIs: 23, Strings: 1, Instructions: 215windowstringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00438560 Relevance: 42.1, APIs: 5, Strings: 19, Instructions: 132stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046A170 Relevance: 38.8, APIs: 18, Strings: 4, Instructions: 281windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00451220 Relevance: 37.0, APIs: 20, Strings: 1, Instructions: 282windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460850 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 131windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450430 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 243windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466B50 Relevance: 33.3, APIs: 12, Strings: 7, Instructions: 98librarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004571B0 Relevance: 33.3, APIs: 12, Strings: 7, Instructions: 98librarystringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446AB0 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 165windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004448F0 Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 166timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041F0F0 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 185stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00463140 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 146windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B250 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 100windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A890 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 226windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042E510 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 219synchronizationCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045AB60 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 201windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041AA00 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 133windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440DF0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 145registryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046C440 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 400windowstringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00472440 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 283stringtimeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416BE0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 245stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A390 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 135stringthreadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00490B85 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 68memorylibraryloaderCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452D70 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 309windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044F090 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 137windowstringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00460E20 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 118stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004610F0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 118stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00450C50 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 101windowregistrythreadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004460E0 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 222stringwindowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462B20 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 181windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456A40 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 153windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442530 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 114stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436D10 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 91stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436BF0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 85stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045CD80 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 254windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E350 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 112windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A6B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 88stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A810 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 76windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00420C85 Relevance: 15.1, APIs: 10, Instructions: 80stringwindowfileCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004231D1 Relevance: 15.1, APIs: 10, Instructions: 64threadsynchronizationCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466EF0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 123windowtimeCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041EF00 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 118stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00423100 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 64processCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C980 Relevance: 13.6, APIs: 9, Instructions: 143stringtimewindowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043E940 Relevance: 13.6, APIs: 9, Instructions: 81windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00457060 Relevance: 13.6, APIs: 9, Instructions: 77windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468D20 Relevance: 13.6, APIs: 9, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004627A0 Relevance: 13.6, APIs: 9, Instructions: 64COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004649E0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 168stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004180E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 164threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A190 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 138threadCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E240 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 77windowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00432930 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436AC0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 49stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041B040 Relevance: 12.1, APIs: 8, Instructions: 64windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EA71 Relevance: 12.0, APIs: 8, Instructions: 48windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00428870 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 185stringwindowCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470810 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133stringwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442D80 Relevance: 10.6, APIs: 7, Instructions: 122COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045F0A0 Relevance: 10.6, APIs: 7, Instructions: 94windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CCB0 Relevance: 10.6, APIs: 7, Instructions: 87windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456090 Relevance: 10.6, APIs: 7, Instructions: 83windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C8B4 Relevance: 10.6, APIs: 7, Instructions: 74windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468520 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CF70 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 69stringCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466960 Relevance: 10.6, APIs: 7, Instructions: 61stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466AB0 Relevance: 10.6, APIs: 7, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CBA0 Relevance: 10.6, APIs: 7, Instructions: 60windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468A30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58stringwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004603A0 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A6A0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 49stringwindowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446830 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 49windowCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416390 Relevance: 9.1, APIs: 6, Instructions: 139synchronizationsleepthreadCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E340 Relevance: 9.1, APIs: 6, Instructions: 137stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004666A0 Relevance: 9.1, APIs: 6, Instructions: 123windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CA60 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CB60 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B190 Relevance: 9.1, APIs: 6, Instructions: 63windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468130 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456C60 Relevance: 9.1, APIs: 6, Instructions: 59stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448110 Relevance: 9.1, APIs: 6, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004465B0 Relevance: 9.1, APIs: 6, Instructions: 53windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456FB0 Relevance: 9.1, APIs: 6, Instructions: 53stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E910 Relevance: 9.1, APIs: 6, Instructions: 52windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043A2B0 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004609C0 Relevance: 9.0, APIs: 6, Instructions: 47windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456F41 Relevance: 9.0, APIs: 6, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00456E30 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00464FD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58stringCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406B70 Relevance: 7.8, APIs: 5, Instructions: 257COMMON
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045C4F0 Relevance: 7.7, APIs: 5, Instructions: 221stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00471150 Relevance: 7.7, APIs: 5, Instructions: 162stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446EF0 Relevance: 7.6, APIs: 5, Instructions: 124COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446DB0 Relevance: 7.6, APIs: 5, Instructions: 123COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00479110 Relevance: 7.6, APIs: 6, Instructions: 87stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F220 Relevance: 7.6, APIs: 5, Instructions: 87COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416AF0 Relevance: 7.6, APIs: 5, Instructions: 80stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442BF0 Relevance: 7.6, APIs: 5, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004502F0 Relevance: 7.6, APIs: 5, Instructions: 73threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00446760 Relevance: 7.6, APIs: 5, Instructions: 68windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004429A0 Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044EBC0 Relevance: 7.6, APIs: 5, Instructions: 66stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416290 Relevance: 7.6, APIs: 5, Instructions: 58threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442880 Relevance: 7.6, APIs: 5, Instructions: 57COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004430B0 Relevance: 7.6, APIs: 5, Instructions: 50windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004562D0 Relevance: 7.5, APIs: 5, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416220 Relevance: 7.5, APIs: 5, Instructions: 47threadCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EB50 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AB30 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044ABA0 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B000 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044B120 Relevance: 7.5, APIs: 5, Instructions: 35COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0042F180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47filestringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041A5A0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043B060 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043D100 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00437220 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00490F3C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046F070 Relevance: 6.2, APIs: 4, Instructions: 201windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00410E80 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00407000 Relevance: 6.2, APIs: 4, Instructions: 159COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004B9040 Relevance: 6.2, APIs: 4, Instructions: 157COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452940 Relevance: 6.1, APIs: 4, Instructions: 138windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00470070 Relevance: 6.1, APIs: 4, Instructions: 134COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422120 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004586B0 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045A380 Relevance: 6.1, APIs: 4, Instructions: 107windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E120 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C1F0 Relevance: 6.1, APIs: 4, Instructions: 101windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E030 Relevance: 6.1, APIs: 4, Instructions: 91windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00412270 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040E900 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040AB20 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044E460 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00458410 Relevance: 6.1, APIs: 4, Instructions: 76fileCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041E810 Relevance: 6.1, APIs: 4, Instructions: 76windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044AED0 Relevance: 6.1, APIs: 4, Instructions: 75windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C460 Relevance: 6.1, APIs: 4, Instructions: 71stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C390 Relevance: 6.1, APIs: 4, Instructions: 69stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00468BA0 Relevance: 6.1, APIs: 4, Instructions: 68COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00444EC0 Relevance: 6.1, APIs: 4, Instructions: 68stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E260 Relevance: 6.1, APIs: 4, Instructions: 65stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004BCF80 Relevance: 6.1, APIs: 4, Instructions: 65timeCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004466B0 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004621E0 Relevance: 6.0, APIs: 4, Instructions: 49windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00442780 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00421240 Relevance: 6.0, APIs: 4, Instructions: 46windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044C180 Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00452130 Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044CAC9 Relevance: 6.0, APIs: 4, Instructions: 44windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004482B0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448330 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00424200 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045E600 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0041C630 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004167A0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A870 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416830 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004168C0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00416950 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A900 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004169E0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044A990 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046CE40 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436E50 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EE60 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00422F30 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00440FB0 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043AA80 Relevance: 6.0, APIs: 4, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0043EC30 Relevance: 6.0, APIs: 4, Instructions: 37windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466D40 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00462730 Relevance: 6.0, APIs: 4, Instructions: 36windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0045EA70 Relevance: 6.0, APIs: 4, Instructions: 26windowCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00466CF0 Relevance: 6.0, APIs: 4, Instructions: 22windowCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004651E0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 115windowCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404480 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 101COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00436D99 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00478830 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45stringCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0046E580 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00448041 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37windowCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D1E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406ED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0044D260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33stringCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00490CEC Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00477190 Relevance: 5.1, APIs: 4, Instructions: 59stringCOMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|