Windows
Analysis Report
2Qvkmk7HGr.exe
Overview
General Information
Sample name: | 2Qvkmk7HGr.exerenamed because original name is a hash value |
Original sample name: | 4bb69f9fad0620ecb64971676b9f2cbc.exe |
Analysis ID: | 1538071 |
MD5: | 4bb69f9fad0620ecb64971676b9f2cbc |
SHA1: | 519d65503d586d0442ea411d03e790d52b564eee |
SHA256: | 6ce6a03625c3a1e2b97d490363a3ec5be1706ec424493d7de2c9cad2644c3311 |
Tags: | exeStealcuser-abuse_ch |
Infos: | |
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- 2Qvkmk7HGr.exe (PID: 7032 cmdline:
"C:\Users\ user\Deskt op\2Qvkmk7 HGr.exe" MD5: 4BB69F9FAD0620ECB64971676B9F2CBC) - explorer.exe (PID: 2580 cmdline:
C:\Windows \Explorer. EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
- tcgiwaf (PID: 5432 cmdline:
C:\Users\u ser\AppDat a\Roaming\ tcgiwaf MD5: 4BB69F9FAD0620ECB64971676B9F2CBC)
- tcgiwaf (PID: 5848 cmdline:
C:\Users\u ser\AppDat a\Roaming\ tcgiwaf MD5: 4BB69F9FAD0620ECB64971676B9F2CBC)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
SmokeLoader | The SmokeLoader family is a generic backdoor with a range of capabilities which depend on the modules included in any given build of the malware. The malware is delivered in a variety of ways and is broadly associated with criminal activity. The malware frequently tries to hide its C2 activity by generating requests to legitimate sites such as microsoft.com, bing.com, adobe.com, and others. Typically the actual Download returns an HTTP 404 but still contains data in the Response Body. |
{"Version": 2022, "C2 list": ["http://tnc-corp.ru/tmp/index.php", "http://volisc.biz/tmp/index.php", "http://livbev.online/tmp/index.php", "http://liverds.at/tmp/index.php"]}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
JoeSecurity_SmokeLoader_2 | Yara detected SmokeLoader | Joe Security | ||
Windows_Trojan_Smokeloader_4e31426e | unknown | unknown |
| |
Windows_Trojan_Smokeloader_3687686f | unknown | unknown |
| |
Click to see the 7 entries |
System Summary |
---|
Source: | Author: Max Altgelt (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T09:38:55.064900+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 55686 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:16.001247+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 55718 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:33.091816+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 55719 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:57.293501+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 55720 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:40:22.237445+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 54853 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:40:43.105564+0200 | 2039103 | 1 | A Network Trojan was detected | 192.168.2.4 | 54854 | 211.171.233.126 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 7_2_004032A0 |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process Stats: |
Source: | Code function: | 0_2_00403054 | |
Source: | Code function: | 0_2_00401583 | |
Source: | Code function: | 0_2_00402721 | |
Source: | Code function: | 0_2_0040158E | |
Source: | Code function: | 0_2_004015BC | |
Source: | Code function: | 5_2_00403054 | |
Source: | Code function: | 5_2_00401583 | |
Source: | Code function: | 5_2_00402721 | |
Source: | Code function: | 5_2_0040158E | |
Source: | Code function: | 5_2_004015BC |
Source: | Code function: | 0_2_00401A28 | |
Source: | Code function: | 5_2_00401A28 | |
Source: | Code function: | 7_2_0040D8CA | |
Source: | Code function: | 7_2_00410CF7 | |
Source: | Code function: | 7_2_004084F9 | |
Source: | Code function: | 7_2_004121FD | |
Source: | Code function: | 7_2_0041026F | |
Source: | Code function: | 7_2_004113EF | |
Source: | Code function: | 7_2_004107B3 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 7_2_00403690 |
Source: | Code function: | 0_2_00531C87 |
Source: | File created: | Jump to behavior |
Source: | Command line argument: | 7_2_00403A10 | |
Source: | Command line argument: | 7_2_00403A10 | |
Source: | Command line argument: | 7_2_00403A10 | |
Source: | Command line argument: | 7_2_00403A10 | |
Source: | Command line argument: | 7_2_00403A10 | |
Source: | Command line argument: | 7_2_00403A10 |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Data Obfuscation |
---|
Source: | Unpacked PE file: | ||
Source: | Unpacked PE file: |
Source: | Code function: | 7_2_0040AE2E |
Source: | Code function: | 0_2_00402957 | |
Source: | Code function: | 0_2_00402926 | |
Source: | Code function: | 0_2_00402942 | |
Source: | Code function: | 0_2_00539228 | |
Source: | Code function: | 0_2_005333C4 | |
Source: | Code function: | 0_2_005395E2 | |
Source: | Code function: | 0_2_005395E2 | |
Source: | Code function: | 0_2_005529A9 | |
Source: | Code function: | 0_2_0055298D | |
Source: | Code function: | 0_2_005529BE | |
Source: | Code function: | 5_2_00402957 | |
Source: | Code function: | 5_2_00402926 | |
Source: | Code function: | 5_2_00402942 | |
Source: | Code function: | 5_2_005629A9 | |
Source: | Code function: | 5_2_0056298D | |
Source: | Code function: | 5_2_005629BE | |
Source: | Code function: | 5_2_00629228 | |
Source: | Code function: | 5_2_006295E2 | |
Source: | Code function: | 5_2_006233C4 | |
Source: | Code function: | 5_2_006295E2 | |
Source: | Code function: | 7_2_004078E8 | |
Source: | Code function: | 7_2_00405496 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File deleted: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior | ||
Source: | Key enumerated: | Jump to behavior |
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: | ||
Source: | API/Special instruction interceptor: |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Code function: | 7_2_004032A0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | System information queried: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | System information queried: | Jump to behavior | ||
Source: | System information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 7_2_0040540B |
Source: | Code function: | 7_2_0040AE2E |
Source: | Code function: | 0_2_00531564 | |
Source: | Code function: | 0_2_0055092B | |
Source: | Code function: | 0_2_00550D90 | |
Source: | Code function: | 5_2_0056092B | |
Source: | Code function: | 5_2_00560D90 | |
Source: | Code function: | 5_2_00621564 |
Source: | Code function: | 7_2_0040540B | |
Source: | Code function: | 7_2_0040456C | |
Source: | Code function: | 7_2_00408D38 | |
Source: | Code function: | 7_2_00405FB4 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | File created: | Jump to dropped file |
Source: | Network Connect: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 7_2_0040FAF0 | |
Source: | Code function: | 7_2_004032A0 |
Source: | Code function: | 7_2_00403560 |
Source: | Code function: | 7_2_00409A64 |
Source: | Code function: | 7_2_004032A0 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 2 Command and Scripting Interpreter | 1 DLL Side-Loading | 33 Process Injection | 11 Masquerading | OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 12 Virtualization/Sandbox Evasion | LSASS Memory | 421 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 Exploitation for Client Execution | Logon Script (Windows) | Logon Script (Windows) | 33 Process Injection | Security Account Manager | 12 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | 112 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Deobfuscate/Decode Files or Information | NTDS | 3 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 Hidden Files and Directories | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 3 Obfuscated Files or Information | Cached Domain Credentials | 2 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 12 Software Packing | DCSync | 115 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 1 File Deletion | /etc/passwd and /etc/shadow | Network Sniffing | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | |||
41% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1306978 | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1306978 | ||
100% | Joe Sandbox ML | |||
39% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
5% | Virustotal | Browse | ||
6% | Virustotal | Browse | ||
6% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tnc-corp.ru | 211.171.233.126 | true | true |
| unknown |
volisc.biz | unknown | unknown | true |
| unknown |
liverds.at | unknown | unknown | true |
| unknown |
livbev.online | unknown | unknown | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true | unknown | ||
true | unknown | ||
true | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
211.171.233.126 | tnc-corp.ru | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1538071 |
Start date and time: | 2024-10-20 09:36:05 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 7m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | 2Qvkmk7HGr.exerenamed because original name is a hash value |
Original Sample Name: | 4bb69f9fad0620ecb64971676b9f2cbc.exe |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@3/2@72/1 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 20.190.159.0, 20.190.159.64, 20.190.159.68, 20.190.159.4, 20.190.159.75, 20.190.159.71, 20.190.159.2, 40.126.31.67
- Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, ctldl.windowsupdate.com, login.msa.msidentity.com, fe3cr.delivery.mp.microsoft.com, www.tm.lg.prod.aadmsa.trafficmanager.net
- Execution Graph export aborted for target tcgiwaf, PID 5848 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtEnumerateKey calls found.
- Report size getting too big, too many NtOpenKey calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
03:37:24 | API Interceptor | |
08:37:23 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
211.171.233.126 | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, CryptOne, LummaC Stealer, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, PureLog Stealer | Browse |
| ||
Get hash | malicious | LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
| ||
Get hash | malicious | LummaC, Glupteba, LummaC Stealer, SmokeLoader, Socks5Systemz, Stealc | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
tnc-corp.ru | Get hash | malicious | SmokeLoader | Browse |
| |
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
LGDACOMLGDACOMCorporationKR | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | SmokeLoader | Browse |
|
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 376832 |
Entropy (8bit): | 6.531759115195053 |
Encrypted: | false |
SSDEEP: | 6144:gQLgu6NlN0niBcbNynh3oDisWPHVz0Ws1gbBqkNj8f:gQ5690icodkifKWs2BqkN |
MD5: | 4BB69F9FAD0620ECB64971676B9F2CBC |
SHA1: | 519D65503D586D0442EA411D03E790D52B564EEE |
SHA-256: | 6CE6A03625C3A1E2B97D490363A3EC5BE1706EC424493D7DE2C9CAD2644C3311 |
SHA-512: | 7168F65A3362C41B5FE7E4BDA908A0372B1061CF100B841715C854FCDA4635C0E722D37309DE71D7E16B9D94302B9A21F36353A0C1B9F02FD68FE3FE1C3BEDEA |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 6.531759115195053 |
TrID: |
|
File name: | 2Qvkmk7HGr.exe |
File size: | 376'832 bytes |
MD5: | 4bb69f9fad0620ecb64971676b9f2cbc |
SHA1: | 519d65503d586d0442ea411d03e790d52b564eee |
SHA256: | 6ce6a03625c3a1e2b97d490363a3ec5be1706ec424493d7de2c9cad2644c3311 |
SHA512: | 7168f65a3362c41b5fe7e4bda908a0372b1061cf100b841715c854fcda4635c0e722d37309de71d7e16b9d94302b9a21f36353a0c1b9f02fd68fe3fe1c3bedea |
SSDEEP: | 6144:gQLgu6NlN0niBcbNynh3oDisWPHVz0Ws1gbBqkNj8f:gQ5690icodkifKWs2BqkN |
TLSH: | B084F12239D0C072D5A756304835D7A42A3FBD325A61C55F37583B6F2E332D2AA3636B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u@$.1!J.1!J.1!J./s..(!J./s..G!J./s...!J...1.4!J.1!K..!J./s..0!J./s..0!J./s..0!J.Rich1!J.........................PE..L.....td... |
Icon Hash: | 60406e76566e5c46 |
Entrypoint: | 0x404fc1 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x647409B6 [Mon May 29 02:11:02 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 734589f5246b662a5747f60ad9c50ca5 |
Instruction |
---|
call 00007F16BD119F23h |
jmp 00007F16BD1152FEh |
mov edi, edi |
push ebp |
mov ebp, esp |
sub esp, 20h |
mov eax, dword ptr [ebp+08h] |
push esi |
push edi |
push 00000008h |
pop ecx |
mov esi, 004012ACh |
lea edi, dword ptr [ebp-20h] |
rep movsd |
mov dword ptr [ebp-08h], eax |
mov eax, dword ptr [ebp+0Ch] |
pop edi |
mov dword ptr [ebp-04h], eax |
pop esi |
test eax, eax |
je 00007F16BD11548Eh |
test byte ptr [eax], 00000008h |
je 00007F16BD115489h |
mov dword ptr [ebp-0Ch], 01994000h |
lea eax, dword ptr [ebp-0Ch] |
push eax |
push dword ptr [ebp-10h] |
push dword ptr [ebp-1Ch] |
push dword ptr [ebp-20h] |
call dword ptr [004010DCh] |
leave |
retn 0008h |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ebx |
mov eax, dword ptr [ebp+0Ch] |
add eax, 0Ch |
mov dword ptr [ebp-04h], eax |
mov ebx, dword ptr fs:[00000000h] |
mov eax, dword ptr [ebx] |
mov dword ptr fs:[00000000h], eax |
mov eax, dword ptr [ebp+08h] |
mov ebx, dword ptr [ebp+0Ch] |
mov ebp, dword ptr [ebp-04h] |
mov esp, dword ptr [ebx-04h] |
jmp eax |
pop ebx |
leave |
retn 0008h |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
pop eax |
pop ecx |
xchg dword ptr [esp], eax |
jmp eax |
mov edi, edi |
push ebp |
mov ebp, esp |
push ecx |
push ecx |
push ebx |
push esi |
push edi |
mov esi, dword ptr fs:[00000000h] |
mov dword ptr [ebp-04h], esi |
mov dword ptr [ebp-08h], 00405089h |
push 00000000h |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp-08h] |
push dword ptr [ebp+08h] |
call 00007F16BD12289Ah |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x4a358 | 0x3c | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5d000 | 0x9ee0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x67000 | 0xd04 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f40 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1b8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x49d5c | 0x49e00 | eadfd2c747f20fe6ac4a71fc9841e0ba | False | 0.7261394881556683 | data | 7.0024890042663355 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x4b000 | 0x1199c | 0x6000 | 7533c829322fe243afafb774a12f4603 | False | 0.08304850260416667 | data | 0.9871638251375947 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x5d000 | 0x9ee0 | 0xa000 | 84539bd8d34906b7b6a50500487bfccf | False | 0.455322265625 | data | 5.178429957892636 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x67000 | 0x1c32 | 0x1e00 | 5c8c35ed1ab5a0d1207fbd5baa0f41b3 | False | 0.3671875 | data | 3.739122301762688 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x63d70 | 0x330 | Device independent bitmap graphic, 48 x 96 x 1, image size 0 | 0.1948529411764706 | ||
RT_CURSOR | 0x640a0 | 0x130 | Device independent bitmap graphic, 32 x 64 x 1, image size 0 | 0.33223684210526316 | ||
RT_CURSOR | 0x641f8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 0 | 0.2953091684434968 | ||
RT_CURSOR | 0x650a0 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 0 | 0.46705776173285196 | ||
RT_CURSOR | 0x65948 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 0 | 0.5361271676300579 | ||
RT_ICON | 0x5d4f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | India | 0.392590618336887 |
RT_ICON | 0x5d4f0 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors | Tamil | Sri Lanka | 0.392590618336887 |
RT_ICON | 0x5e398 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | India | 0.5496389891696751 |
RT_ICON | 0x5e398 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors | Tamil | Sri Lanka | 0.5496389891696751 |
RT_ICON | 0x5ec40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | India | 0.6215437788018433 |
RT_ICON | 0x5ec40 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors | Tamil | Sri Lanka | 0.6215437788018433 |
RT_ICON | 0x5f308 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | India | 0.6596820809248555 |
RT_ICON | 0x5f308 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors | Tamil | Sri Lanka | 0.6596820809248555 |
RT_ICON | 0x5f870 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | India | 0.49761410788381744 |
RT_ICON | 0x5f870 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | Tamil | Sri Lanka | 0.49761410788381744 |
RT_ICON | 0x61e18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | India | 0.5173545966228893 |
RT_ICON | 0x61e18 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | Tamil | Sri Lanka | 0.5173545966228893 |
RT_ICON | 0x62ec0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | India | 0.5004098360655738 |
RT_ICON | 0x62ec0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | Tamil | Sri Lanka | 0.5004098360655738 |
RT_ICON | 0x63848 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | India | 0.5682624113475178 |
RT_ICON | 0x63848 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | Tamil | Sri Lanka | 0.5682624113475178 |
RT_DIALOG | 0x66148 | 0x58 | data | 0.8977272727272727 | ||
RT_STRING | 0x661a0 | 0x57a | data | Tamil | India | 0.42368045649072755 |
RT_STRING | 0x661a0 | 0x57a | data | Tamil | Sri Lanka | 0.42368045649072755 |
RT_STRING | 0x66720 | 0x2cc | data | Tamil | India | 0.473463687150838 |
RT_STRING | 0x66720 | 0x2cc | data | Tamil | Sri Lanka | 0.473463687150838 |
RT_STRING | 0x669f0 | 0x4ea | data | Tamil | India | 0.4507154213036566 |
RT_STRING | 0x669f0 | 0x4ea | data | Tamil | Sri Lanka | 0.4507154213036566 |
RT_ACCELERATOR | 0x63d28 | 0x48 | data | Tamil | India | 0.8472222222222222 |
RT_ACCELERATOR | 0x63d28 | 0x48 | data | Tamil | Sri Lanka | 0.8472222222222222 |
RT_GROUP_CURSOR | 0x641d0 | 0x22 | data | 1.0294117647058822 | ||
RT_GROUP_CURSOR | 0x65eb0 | 0x30 | data | 0.9375 | ||
RT_GROUP_ICON | 0x63cb0 | 0x76 | data | Tamil | India | 0.6610169491525424 |
RT_GROUP_ICON | 0x63cb0 | 0x76 | data | Tamil | Sri Lanka | 0.6610169491525424 |
RT_VERSION | 0x65ee0 | 0x264 | data | 0.5359477124183006 |
DLL | Import |
---|---|
KERNEL32.dll | GetComputerNameA, TlsGetValue, GetConsoleAliasExesA, CreateProcessW, ClearCommError, InterlockedIncrement, GetCurrentProcess, SetEnvironmentVariableW, SetComputerNameW, GetTickCount, CreateNamedPipeW, EnumTimeFormatsA, CreateActCtxW, GetCurrencyFormatW, GetEnvironmentStrings, SetFileShortNameW, GetLocaleInfoW, ReadConsoleInputA, SetVolumeMountPointA, GetVersionExW, GetTimeFormatW, GetFileAttributesW, GetModuleFileNameW, GetShortPathNameA, CreateJobObjectA, LCMapStringA, VerifyVersionInfoW, InterlockedExchange, GetLogicalDriveStringsA, GetLastError, SetLastError, GetProcAddress, VirtualAlloc, DefineDosDeviceA, GlobalFree, GetTempFileNameA, LoadLibraryA, CreateSemaphoreW, InterlockedExchangeAdd, GetNumberFormatW, OpenEventA, GetCommMask, OpenJobObjectW, GetModuleFileNameA, GlobalUnWire, GetCurrentDirectoryA, GetShortPathNameW, GetDiskFreeSpaceExA, SetFileAttributesW, CommConfigDialogW, UnhandledExceptionFilter, SetUnhandledExceptionFilter, HeapReAlloc, HeapAlloc, GetStartupInfoW, RaiseException, RtlUnwind, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, TerminateProcess, IsDebuggerPresent, HeapFree, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, TlsAlloc, TlsSetValue, TlsFree, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, WideCharToMultiByte, HeapSize, GetLocaleInfoA, GetModuleHandleA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetConsoleCP, GetConsoleMode, FlushFileBuffers, SetFilePointer, CloseHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle, CreateFileA |
USER32.dll | GetAltTabInfoW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Tamil | India | |
Tamil | Sri Lanka |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-10-20T09:38:55.064900+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 55686 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:16.001247+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 55718 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:33.091816+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 55719 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:39:57.293501+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 55720 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:40:22.237445+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 54853 | 211.171.233.126 | 80 | TCP |
2024-10-20T09:40:43.105564+0200 | 2039103 | ET MALWARE Suspected Smokeloader Activity (POST) | 1 | 192.168.2.4 | 54854 | 211.171.233.126 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 09:38:53.863775969 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:53.868602991 CEST | 80 | 55686 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:38:53.868773937 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:53.869266987 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:53.869303942 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:53.874066114 CEST | 80 | 55686 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:38:53.874205112 CEST | 80 | 55686 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:38:55.064829111 CEST | 80 | 55686 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:38:55.064899921 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:55.064965010 CEST | 55686 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:38:55.069853067 CEST | 80 | 55686 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:14.789788008 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:14.794790030 CEST | 80 | 55718 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:14.794900894 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:14.795099974 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:14.795286894 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:14.799910069 CEST | 80 | 55718 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:14.800055027 CEST | 80 | 55718 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:16.000078917 CEST | 80 | 55718 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:16.001246929 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:16.001317978 CEST | 55718 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:16.006119013 CEST | 80 | 55718 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:31.905277014 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:31.910216093 CEST | 80 | 55719 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:31.911501884 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:31.911593914 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:31.911611080 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:31.916490078 CEST | 80 | 55719 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:31.916512012 CEST | 80 | 55719 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:33.091749907 CEST | 80 | 55719 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:33.091815948 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:33.091866016 CEST | 55719 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:33.096693039 CEST | 80 | 55719 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:56.127829075 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:56.132867098 CEST | 80 | 55720 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:56.133037090 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:56.133203030 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:56.133219004 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:56.138170958 CEST | 80 | 55720 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:56.138183117 CEST | 80 | 55720 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:57.289772987 CEST | 80 | 55720 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:39:57.293500900 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:57.293502092 CEST | 55720 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:39:57.298705101 CEST | 80 | 55720 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:21.071033001 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:21.077368975 CEST | 80 | 54853 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:21.077462912 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:21.077653885 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:21.077682972 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:21.082524061 CEST | 80 | 54853 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:21.082588911 CEST | 80 | 54853 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:22.237370014 CEST | 80 | 54853 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:22.237445116 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:22.237498999 CEST | 54853 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:22.243139029 CEST | 80 | 54853 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:41.907824039 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:41.912914038 CEST | 80 | 54854 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:41.912995100 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:41.913100004 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:41.913130045 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:41.917915106 CEST | 80 | 54854 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:41.918102980 CEST | 80 | 54854 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:43.105464935 CEST | 80 | 54854 | 211.171.233.126 | 192.168.2.4 |
Oct 20, 2024 09:40:43.105564117 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:43.106950998 CEST | 54854 | 80 | 192.168.2.4 | 211.171.233.126 |
Oct 20, 2024 09:40:43.111843109 CEST | 80 | 54854 | 211.171.233.126 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 20, 2024 09:37:23.464411974 CEST | 63831 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:24.477906942 CEST | 63831 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:25.493490934 CEST | 63831 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:27.508902073 CEST | 63831 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:27.701919079 CEST | 53 | 63831 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:27.701935053 CEST | 53 | 63831 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:27.701941013 CEST | 53 | 63831 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:27.701946020 CEST | 53 | 63831 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:27.705244064 CEST | 54856 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:28.712131023 CEST | 54856 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:29.712110996 CEST | 54856 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:31.727678061 CEST | 54856 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:35.727746964 CEST | 54856 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:37.214426041 CEST | 53 | 54856 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.214464903 CEST | 53 | 54856 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.214497089 CEST | 53 | 54856 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.214525938 CEST | 53 | 54856 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.214561939 CEST | 53 | 54856 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.217175007 CEST | 52899 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:37.226423025 CEST | 53 | 52899 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:37.228619099 CEST | 59508 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:38.227806091 CEST | 59508 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:37:38.234502077 CEST | 53 | 59508 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:37:45.312041044 CEST | 53 | 59508 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:38:51.331573009 CEST | 51992 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:52.337474108 CEST | 51992 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:53.337481976 CEST | 51992 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:53.862907887 CEST | 53 | 51992 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:38:53.862921953 CEST | 53 | 51992 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:38:53.862989902 CEST | 53 | 51992 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:38:55.068178892 CEST | 64564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:56.071932077 CEST | 64564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:57.081801891 CEST | 64564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:38:59.087507010 CEST | 64564 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:02.967356920 CEST | 53 | 64564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:02.967367887 CEST | 53 | 64564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:02.967375994 CEST | 53 | 64564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:02.967389107 CEST | 53 | 64564 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:02.972198963 CEST | 60541 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:02.981376886 CEST | 53 | 60541 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:02.985948086 CEST | 50035 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:03.994590998 CEST | 50035 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:05.008824110 CEST | 50035 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:07.000643969 CEST | 50035 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:10.781418085 CEST | 53 | 50035 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:10.781434059 CEST | 53 | 50035 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:10.781441927 CEST | 53 | 50035 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:10.781451941 CEST | 53 | 50035 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:16.004688978 CEST | 56440 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:17.009521961 CEST | 56440 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:18.009525061 CEST | 56440 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:20.009536982 CEST | 56440 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:20.848484993 CEST | 53 | 56440 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:20.848506927 CEST | 53 | 56440 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:20.848520041 CEST | 53 | 56440 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:20.848531961 CEST | 53 | 56440 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:20.864247084 CEST | 51211 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:20.873393059 CEST | 53 | 51211 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:20.882436991 CEST | 54723 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:21.874319077 CEST | 54723 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:22.891041994 CEST | 54723 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:24.885687113 CEST | 54723 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:27.918654919 CEST | 53 | 54723 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:27.918673038 CEST | 53 | 54723 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:27.918683052 CEST | 53 | 54723 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:27.918694019 CEST | 53 | 54723 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:33.099148035 CEST | 53040 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:34.087735891 CEST | 53040 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:35.103343964 CEST | 53040 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:37.118973970 CEST | 53040 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:41.121043921 CEST | 53040 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:42.128823996 CEST | 53 | 53040 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.128842115 CEST | 53 | 53040 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.128850937 CEST | 53 | 53040 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.128863096 CEST | 53 | 53040 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.128931046 CEST | 53 | 53040 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.144233942 CEST | 51193 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:42.153511047 CEST | 53 | 51193 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:42.158812046 CEST | 62529 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:43.166395903 CEST | 62529 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:44.170075893 CEST | 62529 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:46.166450024 CEST | 62529 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:50.182689905 CEST | 62529 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:51.006125927 CEST | 53 | 62529 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:51.006141901 CEST | 53 | 62529 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:51.006150961 CEST | 53 | 62529 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:51.006161928 CEST | 53 | 62529 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:51.006165981 CEST | 53 | 62529 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:39:57.297740936 CEST | 52296 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:58.291162968 CEST | 52296 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:39:59.306598902 CEST | 52296 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:01.306811094 CEST | 52296 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:05.261745930 CEST | 53 | 52296 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:05.261797905 CEST | 53 | 52296 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:05.261809111 CEST | 53 | 52296 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:05.261816978 CEST | 53 | 52296 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:05.276205063 CEST | 50586 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:05.288279057 CEST | 53 | 50586 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:05.302545071 CEST | 62550 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:06.290985107 CEST | 62550 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:07.290999889 CEST | 62550 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:07.298880100 CEST | 53 | 62550 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:13.759941101 CEST | 53 | 62550 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:13.759958029 CEST | 53 | 62550 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:22.245542049 CEST | 56660 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:23.259813070 CEST | 56660 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:24.259974957 CEST | 56660 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:26.259892941 CEST | 56660 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:29.140971899 CEST | 53 | 56660 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:29.140989065 CEST | 53 | 56660 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:29.140997887 CEST | 53 | 56660 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:29.141005993 CEST | 53 | 56660 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:29.145399094 CEST | 56033 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:29.154721022 CEST | 53 | 56033 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:29.157561064 CEST | 65292 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:30.169682980 CEST | 65292 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:31.182416916 CEST | 65292 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:33.184174061 CEST | 65292 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:37.204145908 CEST | 65292 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:37.993104935 CEST | 53 | 65292 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:37.993119955 CEST | 53 | 65292 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:37.993127108 CEST | 53 | 65292 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:37.993135929 CEST | 53 | 65292 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:37.993146896 CEST | 53 | 65292 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:43.115511894 CEST | 54646 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:44.123583078 CEST | 54646 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:45.124490023 CEST | 54646 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:47.123059034 CEST | 54646 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:51.032890081 CEST | 53 | 54646 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:51.032912016 CEST | 53 | 54646 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:51.032924891 CEST | 53 | 54646 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:51.032937050 CEST | 53 | 54646 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:51.044414043 CEST | 52663 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:51.053415060 CEST | 53 | 52663 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:51.059890032 CEST | 58405 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:52.072747946 CEST | 58405 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:53.074752092 CEST | 58405 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:55.094579935 CEST | 58405 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:59.089540958 CEST | 58405 | 53 | 192.168.2.4 | 1.1.1.1 |
Oct 20, 2024 09:40:59.940843105 CEST | 53 | 58405 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:59.940856934 CEST | 53 | 58405 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:59.940874100 CEST | 53 | 58405 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:59.940882921 CEST | 53 | 58405 | 1.1.1.1 | 192.168.2.4 |
Oct 20, 2024 09:40:59.940891027 CEST | 53 | 58405 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Oct 20, 2024 09:37:23.464411974 CEST | 192.168.2.4 | 1.1.1.1 | 0x4ff0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:24.477906942 CEST | 192.168.2.4 | 1.1.1.1 | 0x4ff0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:25.493490934 CEST | 192.168.2.4 | 1.1.1.1 | 0x4ff0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:27.508902073 CEST | 192.168.2.4 | 1.1.1.1 | 0x4ff0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:27.705244064 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:28.712131023 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:29.712110996 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:31.727678061 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:35.727746964 CEST | 192.168.2.4 | 1.1.1.1 | 0x32c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.217175007 CEST | 192.168.2.4 | 1.1.1.1 | 0xc841 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.228619099 CEST | 192.168.2.4 | 1.1.1.1 | 0x4471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:38.227806091 CEST | 192.168.2.4 | 1.1.1.1 | 0x4471 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:51.331573009 CEST | 192.168.2.4 | 1.1.1.1 | 0x995b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:52.337474108 CEST | 192.168.2.4 | 1.1.1.1 | 0x995b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:53.337481976 CEST | 192.168.2.4 | 1.1.1.1 | 0x995b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:55.068178892 CEST | 192.168.2.4 | 1.1.1.1 | 0x165c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:56.071932077 CEST | 192.168.2.4 | 1.1.1.1 | 0x165c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:57.081801891 CEST | 192.168.2.4 | 1.1.1.1 | 0x165c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:59.087507010 CEST | 192.168.2.4 | 1.1.1.1 | 0x165c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.972198963 CEST | 192.168.2.4 | 1.1.1.1 | 0x3880 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.985948086 CEST | 192.168.2.4 | 1.1.1.1 | 0x8207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:03.994590998 CEST | 192.168.2.4 | 1.1.1.1 | 0x8207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:05.008824110 CEST | 192.168.2.4 | 1.1.1.1 | 0x8207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:07.000643969 CEST | 192.168.2.4 | 1.1.1.1 | 0x8207 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:16.004688978 CEST | 192.168.2.4 | 1.1.1.1 | 0xacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:17.009521961 CEST | 192.168.2.4 | 1.1.1.1 | 0xacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:18.009525061 CEST | 192.168.2.4 | 1.1.1.1 | 0xacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.009536982 CEST | 192.168.2.4 | 1.1.1.1 | 0xacd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.864247084 CEST | 192.168.2.4 | 1.1.1.1 | 0x91a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.882436991 CEST | 192.168.2.4 | 1.1.1.1 | 0xeccf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:21.874319077 CEST | 192.168.2.4 | 1.1.1.1 | 0xeccf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:22.891041994 CEST | 192.168.2.4 | 1.1.1.1 | 0xeccf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:24.885687113 CEST | 192.168.2.4 | 1.1.1.1 | 0xeccf | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:33.099148035 CEST | 192.168.2.4 | 1.1.1.1 | 0xae7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:34.087735891 CEST | 192.168.2.4 | 1.1.1.1 | 0xae7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:35.103343964 CEST | 192.168.2.4 | 1.1.1.1 | 0xae7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:37.118973970 CEST | 192.168.2.4 | 1.1.1.1 | 0xae7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:41.121043921 CEST | 192.168.2.4 | 1.1.1.1 | 0xae7c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.144233942 CEST | 192.168.2.4 | 1.1.1.1 | 0x605b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.158812046 CEST | 192.168.2.4 | 1.1.1.1 | 0x1106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:43.166395903 CEST | 192.168.2.4 | 1.1.1.1 | 0x1106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:44.170075893 CEST | 192.168.2.4 | 1.1.1.1 | 0x1106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:46.166450024 CEST | 192.168.2.4 | 1.1.1.1 | 0x1106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:50.182689905 CEST | 192.168.2.4 | 1.1.1.1 | 0x1106 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:57.297740936 CEST | 192.168.2.4 | 1.1.1.1 | 0x360 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:58.291162968 CEST | 192.168.2.4 | 1.1.1.1 | 0x360 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:59.306598902 CEST | 192.168.2.4 | 1.1.1.1 | 0x360 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:01.306811094 CEST | 192.168.2.4 | 1.1.1.1 | 0x360 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.276205063 CEST | 192.168.2.4 | 1.1.1.1 | 0x93dd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.302545071 CEST | 192.168.2.4 | 1.1.1.1 | 0xffbe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:06.290985107 CEST | 192.168.2.4 | 1.1.1.1 | 0xffbe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:07.290999889 CEST | 192.168.2.4 | 1.1.1.1 | 0xffbe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:22.245542049 CEST | 192.168.2.4 | 1.1.1.1 | 0x898b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:23.259813070 CEST | 192.168.2.4 | 1.1.1.1 | 0x898b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:24.259974957 CEST | 192.168.2.4 | 1.1.1.1 | 0x898b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:26.259892941 CEST | 192.168.2.4 | 1.1.1.1 | 0x898b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.145399094 CEST | 192.168.2.4 | 1.1.1.1 | 0x4a84 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.157561064 CEST | 192.168.2.4 | 1.1.1.1 | 0x263 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:30.169682980 CEST | 192.168.2.4 | 1.1.1.1 | 0x263 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:31.182416916 CEST | 192.168.2.4 | 1.1.1.1 | 0x263 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:33.184174061 CEST | 192.168.2.4 | 1.1.1.1 | 0x263 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.204145908 CEST | 192.168.2.4 | 1.1.1.1 | 0x263 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:43.115511894 CEST | 192.168.2.4 | 1.1.1.1 | 0x2d67 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:44.123583078 CEST | 192.168.2.4 | 1.1.1.1 | 0x2d67 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:45.124490023 CEST | 192.168.2.4 | 1.1.1.1 | 0x2d67 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:47.123059034 CEST | 192.168.2.4 | 1.1.1.1 | 0x2d67 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.044414043 CEST | 192.168.2.4 | 1.1.1.1 | 0xcd97 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.059890032 CEST | 192.168.2.4 | 1.1.1.1 | 0x3f1c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:52.072747946 CEST | 192.168.2.4 | 1.1.1.1 | 0x3f1c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:53.074752092 CEST | 192.168.2.4 | 1.1.1.1 | 0x3f1c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:55.094579935 CEST | 192.168.2.4 | 1.1.1.1 | 0x3f1c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.089540958 CEST | 192.168.2.4 | 1.1.1.1 | 0x3f1c | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Oct 20, 2024 09:37:27.701919079 CEST | 1.1.1.1 | 192.168.2.4 | 0x4ff0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:27.701935053 CEST | 1.1.1.1 | 192.168.2.4 | 0x4ff0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:27.701941013 CEST | 1.1.1.1 | 192.168.2.4 | 0x4ff0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:27.701946020 CEST | 1.1.1.1 | 192.168.2.4 | 0x4ff0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.214426041 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.214464903 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.214497089 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.214525938 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.214561939 CEST | 1.1.1.1 | 192.168.2.4 | 0x32c7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:37.226423025 CEST | 1.1.1.1 | 192.168.2.4 | 0xc841 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:37:45.312041044 CEST | 1.1.1.1 | 192.168.2.4 | 0x4471 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 189.195.132.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 187.156.6.228 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 197.164.156.210 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862907887 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 125.7.253.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 189.195.132.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 187.156.6.228 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 197.164.156.210 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862921953 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 125.7.253.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.171.233.126 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 189.195.132.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.249.249.14 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 181.123.219.23 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 190.224.203.37 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 201.191.99.134 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 211.202.224.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 187.156.6.228 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 197.164.156.210 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:38:53.862989902 CEST | 1.1.1.1 | 192.168.2.4 | 0x995b | No error (0) | 125.7.253.10 | A (IP address) | IN (0x0001) | false | ||
Oct 20, 2024 09:39:02.967356920 CEST | 1.1.1.1 | 192.168.2.4 | 0x165c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.967367887 CEST | 1.1.1.1 | 192.168.2.4 | 0x165c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.967375994 CEST | 1.1.1.1 | 192.168.2.4 | 0x165c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.967389107 CEST | 1.1.1.1 | 192.168.2.4 | 0x165c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:02.981376886 CEST | 1.1.1.1 | 192.168.2.4 | 0x3880 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:10.781418085 CEST | 1.1.1.1 | 192.168.2.4 | 0x8207 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:10.781434059 CEST | 1.1.1.1 | 192.168.2.4 | 0x8207 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:10.781441927 CEST | 1.1.1.1 | 192.168.2.4 | 0x8207 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:10.781451941 CEST | 1.1.1.1 | 192.168.2.4 | 0x8207 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.848484993 CEST | 1.1.1.1 | 192.168.2.4 | 0xacd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.848506927 CEST | 1.1.1.1 | 192.168.2.4 | 0xacd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.848520041 CEST | 1.1.1.1 | 192.168.2.4 | 0xacd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.848531961 CEST | 1.1.1.1 | 192.168.2.4 | 0xacd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:20.873393059 CEST | 1.1.1.1 | 192.168.2.4 | 0x91a6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:27.918654919 CEST | 1.1.1.1 | 192.168.2.4 | 0xeccf | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:27.918673038 CEST | 1.1.1.1 | 192.168.2.4 | 0xeccf | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:27.918683052 CEST | 1.1.1.1 | 192.168.2.4 | 0xeccf | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:27.918694019 CEST | 1.1.1.1 | 192.168.2.4 | 0xeccf | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.128823996 CEST | 1.1.1.1 | 192.168.2.4 | 0xae7c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.128842115 CEST | 1.1.1.1 | 192.168.2.4 | 0xae7c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.128850937 CEST | 1.1.1.1 | 192.168.2.4 | 0xae7c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.128863096 CEST | 1.1.1.1 | 192.168.2.4 | 0xae7c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.128931046 CEST | 1.1.1.1 | 192.168.2.4 | 0xae7c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:42.153511047 CEST | 1.1.1.1 | 192.168.2.4 | 0x605b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:51.006125927 CEST | 1.1.1.1 | 192.168.2.4 | 0x1106 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:51.006141901 CEST | 1.1.1.1 | 192.168.2.4 | 0x1106 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:51.006150961 CEST | 1.1.1.1 | 192.168.2.4 | 0x1106 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:51.006161928 CEST | 1.1.1.1 | 192.168.2.4 | 0x1106 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:39:51.006165981 CEST | 1.1.1.1 | 192.168.2.4 | 0x1106 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.261745930 CEST | 1.1.1.1 | 192.168.2.4 | 0x360 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.261797905 CEST | 1.1.1.1 | 192.168.2.4 | 0x360 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.261809111 CEST | 1.1.1.1 | 192.168.2.4 | 0x360 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.261816978 CEST | 1.1.1.1 | 192.168.2.4 | 0x360 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:05.288279057 CEST | 1.1.1.1 | 192.168.2.4 | 0x93dd | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:13.759941101 CEST | 1.1.1.1 | 192.168.2.4 | 0xffbe | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:13.759958029 CEST | 1.1.1.1 | 192.168.2.4 | 0xffbe | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.140971899 CEST | 1.1.1.1 | 192.168.2.4 | 0x898b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.140989065 CEST | 1.1.1.1 | 192.168.2.4 | 0x898b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.140997887 CEST | 1.1.1.1 | 192.168.2.4 | 0x898b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.141005993 CEST | 1.1.1.1 | 192.168.2.4 | 0x898b | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:29.154721022 CEST | 1.1.1.1 | 192.168.2.4 | 0x4a84 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.993104935 CEST | 1.1.1.1 | 192.168.2.4 | 0x263 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.993119955 CEST | 1.1.1.1 | 192.168.2.4 | 0x263 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.993127108 CEST | 1.1.1.1 | 192.168.2.4 | 0x263 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.993135929 CEST | 1.1.1.1 | 192.168.2.4 | 0x263 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:37.993146896 CEST | 1.1.1.1 | 192.168.2.4 | 0x263 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.032890081 CEST | 1.1.1.1 | 192.168.2.4 | 0x2d67 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.032912016 CEST | 1.1.1.1 | 192.168.2.4 | 0x2d67 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.032924891 CEST | 1.1.1.1 | 192.168.2.4 | 0x2d67 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.032937050 CEST | 1.1.1.1 | 192.168.2.4 | 0x2d67 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:51.053415060 CEST | 1.1.1.1 | 192.168.2.4 | 0xcd97 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.940843105 CEST | 1.1.1.1 | 192.168.2.4 | 0x3f1c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.940856934 CEST | 1.1.1.1 | 192.168.2.4 | 0x3f1c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.940874100 CEST | 1.1.1.1 | 192.168.2.4 | 0x3f1c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.940882921 CEST | 1.1.1.1 | 192.168.2.4 | 0x3f1c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false | |
Oct 20, 2024 09:40:59.940891027 CEST | 1.1.1.1 | 192.168.2.4 | 0x3f1c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 55686 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:38:53.869266987 CEST | 283 | OUT | |
Oct 20, 2024 09:38:53.869303942 CEST | 191 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 55718 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:39:14.795099974 CEST | 284 | OUT | |
Oct 20, 2024 09:39:14.795286894 CEST | 176 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 55719 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:39:31.911593914 CEST | 280 | OUT | |
Oct 20, 2024 09:39:31.911611080 CEST | 268 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 55720 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:39:56.133203030 CEST | 283 | OUT | |
Oct 20, 2024 09:39:56.133219004 CEST | 317 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 54853 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:40:21.077653885 CEST | 284 | OUT | |
Oct 20, 2024 09:40:21.077682972 CEST | 209 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 54854 | 211.171.233.126 | 80 | 2580 | C:\Windows\explorer.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Oct 20, 2024 09:40:41.913100004 CEST | 282 | OUT | |
Oct 20, 2024 09:40:41.913130045 CEST | 134 | OUT |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 03:36:58 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\Desktop\2Qvkmk7HGr.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 376'832 bytes |
MD5 hash: | 4BB69F9FAD0620ECB64971676B9F2CBC |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 03:37:05 |
Start date: | 20/10/2024 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72b770000 |
File size: | 5'141'208 bytes |
MD5 hash: | 662F4F92FDE3557E86D110526BB578D5 |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 5 |
Start time: | 03:37:23 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\AppData\Roaming\tcgiwaf |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 376'832 bytes |
MD5 hash: | 4BB69F9FAD0620ECB64971676B9F2CBC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 7 |
Start time: | 03:40:01 |
Start date: | 20/10/2024 |
Path: | C:\Users\user\AppData\Roaming\tcgiwaf |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 376'832 bytes |
MD5 hash: | 4BB69F9FAD0620ECB64971676B9F2CBC |
Has elevated privileges: | false |
Has administrator privileges: | false |
Programmed in: | C, C++ or other language |
Reputation: | low |
Has exited: | false |
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 37.4% |
Total number of Nodes: | 107 |
Total number of Limit Nodes: | 3 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00531C87 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0055003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00550E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401919 Relevance: 1.3, APIs: 1, Instructions: 79sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401959 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401970 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401977 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040198A Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00531946 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 0055092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00402721 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401A28 Relevance: .3, Instructions: 258COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00531564 Relevance: .1, Instructions: 61COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00550D90 Relevance: .0, Instructions: 43COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Execution Graph
Execution Coverage: | 8.7% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 0% |
Total number of Nodes: | 107 |
Total number of Limit Nodes: | 3 |
Graph
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0056003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00621C87 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00560E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Control-flow Graph
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00401919 Relevance: 1.3, APIs: 1, Instructions: 79sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401959 Relevance: 1.3, APIs: 1, Instructions: 66sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401970 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401977 Relevance: 1.3, APIs: 1, Instructions: 56sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00401987 Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040198A Relevance: 1.3, APIs: 1, Instructions: 50sleepCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00621946 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Function 00403690 Relevance: 58.0, APIs: 26, Strings: 7, Instructions: 244memoryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 004032A0 Relevance: 45.7, APIs: 24, Strings: 2, Instructions: 202timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403560 Relevance: 18.1, APIs: 12, Instructions: 98timeprocesspipeCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040540B Relevance: 7.6, APIs: 5, Instructions: 58COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00408D38 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00404E73 Relevance: 21.1, APIs: 14, Instructions: 86COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00403938 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 49libraryCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00409E5A Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040B833 Relevance: 7.5, APIs: 5, Instructions: 47COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 00406641 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D8A1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040FF4C Relevance: 6.1, APIs: 4, Instructions: 103COMMON
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040D78D Relevance: 6.0, APIs: 4, Instructions: 49COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Function 0040BF9F Relevance: 6.0, APIs: 4, Instructions: 31COMMON
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Similarity |
|