Windows
Analysis Report
file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
- file.exe (PID: 6884 cmdline:
"C:\Users\ user\Deskt op\file.ex e" MD5: 24DD75B0A7BB9A0E0918EE0DD84A581A)
- chrome.exe (PID: 7076 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http:/// MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7008 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1932 --fi eld-trial- handle=198 4,i,178168 6431372594 9295,15185 8444904587 16427,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 5300 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1932 --fi eld-trial- handle=198 4,i,178168 6431372594 9295,15185 8444904587 16427,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- chrome.exe (PID: 7148 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --st art-maximi zed --sing le-argumen t http://% 3cfnc1%3e( 79)/ MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4) - chrome.exe (PID: 7244 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =2040 --fi eld-trial- handle=200 4,i,152479 3065504387 0069,15177 3892960223 28392,2621 44 --disab le-feature s=Optimiza tionGuideM odelDownlo ading,Opti mizationHi nts,Optimi zationHint sFetching, Optimizati onTargetPr ediction / prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Lumma Stealer, LummaC2 Stealer | Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. | No Attribution |
{"C2 url": ["wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "palmeventeryjusk.shop", "wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "palmeventeryjusk.shop", "wifeplasterbakewis.shop", "mealplayerpreceodsju.shop", "bordersoarmanusjuw.shop", "suitcaseacanehalk.shop", "absentconvicsjawun.shop", "absentconvicsjawun.shop", "pushjellysingeywus.shop", "economicscreateojsu.shop", "entitlementappwo.shop", "palmeventeryjusk.shop"], "Build id": "pGlMMn--qb"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Windows_Trojan_Donutloader_f40e3759 | unknown | unknown |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
Timestamp: | 04/27/24-13:26:27.497604 |
SID: | 2052047 |
Source Port: | 49755 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:36.893528 |
SID: | 2052046 |
Source Port: | 54027 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:23.378200 |
SID: | 2052047 |
Source Port: | 49751 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:27:32.334368 |
SID: | 2052046 |
Source Port: | 60308 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:26.585236 |
SID: | 2052047 |
Source Port: | 49754 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:23.272724 |
SID: | 2052046 |
Source Port: | 65136 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:29.422008 |
SID: | 2052047 |
Source Port: | 49757 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:25.775214 |
SID: | 2052047 |
Source Port: | 49753 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:24.897555 |
SID: | 2052047 |
Source Port: | 49752 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:28.686063 |
SID: | 2052047 |
Source Port: | 49756 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:26:31.854854 |
SID: | 2052047 |
Source Port: | 49758 |
Destination Port: | 443 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/27/24-13:27:00.927077 |
SID: | 2052046 |
Source Port: | 60371 |
Destination Port: | 53 |
Protocol: | UDP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: | ||
Source: | String decryptor: |
Source: | Code function: | 0_2_028F5B57 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0239D23C | |
Source: | Code function: | 0_2_02371209 | |
Source: | Code function: | 0_2_0237D36C | |
Source: | Code function: | 0_2_0236401C | |
Source: | Code function: | 0_2_0237911D | |
Source: | Code function: | 0_2_0237F11C | |
Source: | Code function: | 0_2_02373175 | |
Source: | Code function: | 0_2_0237515E | |
Source: | Code function: | 0_2_02379631 | |
Source: | Code function: | 0_2_02383627 | |
Source: | Code function: | 0_2_02372697 | |
Source: | Code function: | 0_2_0236B75C | |
Source: | Code function: | 0_2_023794B4 | |
Source: | Code function: | 0_2_0237849E | |
Source: | Code function: | 0_2_02397507 | |
Source: | Code function: | 0_2_023845AC | |
Source: | Code function: | 0_2_02384590 | |
Source: | Code function: | 0_2_02375A77 | |
Source: | Code function: | 0_2_0239BB15 | |
Source: | Code function: | 0_2_02393B7C | |
Source: | Code function: | 0_2_0239C86C | |
Source: | Code function: | 0_2_023788A5 | |
Source: | Code function: | 0_2_02371915 | |
Source: | Code function: | 0_2_02380955 | |
Source: | Code function: | 0_2_0237694C | |
Source: | Code function: | 0_2_023839BC | |
Source: | Code function: | 0_2_02372989 | |
Source: | Code function: | 0_2_02374EBA | |
Source: | Code function: | 0_2_0239CEAC | |
Source: | Code function: | 0_2_0239AE9D | |
Source: | Code function: | 0_2_02399F12 | |
Source: | Code function: | 0_2_02377FBE | |
Source: | Code function: | 0_2_02378C75 | |
Source: | Code function: | 0_2_02385C7C | |
Source: | Code function: | 0_2_02376C52 | |
Source: | Code function: | 0_2_0236ECFC | |
Source: | Code function: | 0_2_02382CEC | |
Source: | Code function: | 0_2_0237CCDC | |
Source: | Code function: | 0_2_02376DCC | |
Source: | Code function: | 0_2_029012B0 | |
Source: | Code function: | 0_2_028F7239 | |
Source: | Code function: | 0_2_028F5390 | |
Source: | Code function: | 0_2_02915ACB | |
Source: | Code function: | 0_2_0291B800 | |
Source: | Code function: | 0_2_0291AE30 | |
Source: | Code function: | 0_2_02901F80 | |
Source: | Code function: | 0_2_028F4F10 | |
Source: | Code function: | 0_2_028E9D20 | |
Source: | Code function: | 0_2_028FB2A0 | |
Source: | Code function: | 0_2_028ED2C0 | |
Source: | Code function: | 0_2_028F5216 | |
Source: | Code function: | 0_2_02904240 | |
Source: | Code function: | 0_2_0291A0D9 | |
Source: | Code function: | 0_2_028F403B | |
Source: | Code function: | 0_2_02912140 | |
Source: | Code function: | 0_2_028F76E1 | |
Source: | Code function: | 0_2_028FD6E0 | |
Source: | Code function: | 0_2_02904786 | |
Source: | Code function: | 0_2_028EF7CD | |
Source: | Code function: | 0_2_028F3722 | |
Source: | Code function: | 0_2_028F1739 | |
Source: | Code function: | 0_2_029184D6 | |
Source: | Code function: | 0_2_0291B470 | |
Source: | Code function: | 0_2_02919461 | |
Source: | Code function: | 0_2_028F347E | |
Source: | Code function: | 0_2_028F6582 | |
Source: | Code function: | 0_2_028E25E0 | |
Source: | Code function: | 0_2_028F6A62 | |
Source: | Code function: | 0_2_028F7A78 | |
Source: | Code function: | 0_2_028F7BF5 | |
Source: | Code function: | 0_2_02901BEB | |
Source: | Code function: | 0_2_02902B54 | |
Source: | Code function: | 0_2_02902B70 | |
Source: | Code function: | 0_2_028FB930 | |
Source: | Code function: | 0_2_028EFED9 | |
Source: | Code function: | 0_2_028F6E69 | |
Source: | Code function: | 0_2_028FEF19 | |
Source: | Code function: | 0_2_028F0F4D | |
Source: | Code function: | 0_2_028F0C5B |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: | ||
Source: | URLs: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: | ||
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0290DDE0 |
Source: | Code function: | 0_2_0290DDE0 |
System Summary |
---|
Source: | Matched rule: |
Source: | Code function: | 0_2_023AF57F |
Source: | Code function: | 0_2_023AF57F | |
Source: | Code function: | 0_2_02360589 | |
Source: | Code function: | 0_2_023672CC | |
Source: | Code function: | 0_2_0236804C | |
Source: | Code function: | 0_2_023651AC | |
Source: | Code function: | 0_2_0236667C | |
Source: | Code function: | 0_2_02377593 | |
Source: | Code function: | 0_2_02371A9C | |
Source: | Code function: | 0_2_0239CB6C | |
Source: | Code function: | 0_2_02386BBF | |
Source: | Code function: | 0_2_023888A3 | |
Source: | Code function: | 0_2_02388965 | |
Source: | Code function: | 0_2_023839BC | |
Source: | Code function: | 0_2_023889DC | |
Source: | Code function: | 0_2_02397EBC | |
Source: | Code function: | 0_2_0239CEAC | |
Source: | Code function: | 0_2_02365C9C | |
Source: | Code function: | 0_2_02369C8C | |
Source: | Code function: | 0_2_02364DAC | |
Source: | Code function: | 0_2_02905183 | |
Source: | Code function: | 0_2_028F5B57 | |
Source: | Code function: | 0_2_02901F80 | |
Source: | Code function: | 0_2_028E4C40 | |
Source: | Code function: | 0_2_028E8250 | |
Source: | Code function: | 0_2_028E4260 | |
Source: | Code function: | 0_2_028E3370 | |
Source: | Code function: | 0_2_028E1000 | |
Source: | Code function: | 0_2_028F0060 | |
Source: | Code function: | 0_2_0291B130 | |
Source: | Code function: | 0_2_028E6610 | |
Source: | Code function: | 0_2_028E3770 | |
Source: | Code function: | 0_2_02916480 | |
Source: | Code function: | 0_2_0291B470 | |
Source: | Code function: | 0_2_028E5890 | |
Source: | Code function: | 0_2_02906E67 | |
Source: | Code function: | 0_2_02906FA0 | |
Source: | Code function: | 0_2_02906F29 | |
Source: | Code function: | 0_2_028E6C20 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Classification label: |
Source: | Code function: | 0_2_02360C99 |
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static file information: |
Source: | Code function: | 0_2_02380376 | |
Source: | Code function: | 0_2_02382030 | |
Source: | Code function: | 0_2_02381661 | |
Source: | Code function: | 0_2_023B0976 | |
Source: | Code function: | 0_2_029005F4 | |
Source: | Code function: | 0_2_028FE93A | |
Source: | Code function: | 0_2_028FFC25 |
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | System information queried: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_02915B70 |
Source: | Code function: | 0_2_02360589 | |
Source: | Code function: | 0_2_02360B49 | |
Source: | Code function: | 0_2_02361198 | |
Source: | Code function: | 0_2_02361199 | |
Source: | Code function: | 0_2_02360EF9 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior | ||
Source: | Directory queried: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Process Injection | 11 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | 2 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Process Injection | LSASS Memory | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 31 Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 1 PowerShell | Logon Script (Windows) | Logon Script (Windows) | 11 Deobfuscate/Decode Files or Information | Security Account Manager | 2 Process Discovery | SMB/Windows Admin Shares | 2 Clipboard Data | 3 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 3 Obfuscated Files or Information | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 14 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 12 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
2% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
2% | Virustotal | Browse | ||
13% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
13% | Virustotal | Browse | ||
2% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
13% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
17% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
1% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
google.com | 142.250.80.14 | true | false | high | |
palmeventeryjusk.shop | 172.67.155.93 | true | true |
| unknown |
www.google.com | 142.251.32.100 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
false | high | ||
false | high | ||
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown | |
false | high | ||
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
239.255.255.250 | unknown | Reserved | unknown | unknown | false | |
142.251.32.100 | www.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.80.100 | unknown | United States | 15169 | GOOGLEUS | false | |
172.67.155.93 | palmeventeryjusk.shop | United States | 13335 | CLOUDFLARENETUS | true |
IP |
---|
192.168.2.4 |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1432518 |
Start date and time: | 2024-04-27 13:25:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 5m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 12 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@30/0@10/5 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 142.251.40.238, 142.251.111.84, 142.251.41.3, 34.104.35.123, 23.206.121.28, 192.229.211.108, 142.250.65.227, 142.251.41.14
- Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, ocsp.digicert.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
13:26:24 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
239.255.255.250 | Get hash | malicious | BitCoin Miner, SilentXMRMiner | Browse | ||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Discord Token Stealer | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Unknown | Browse | |||
Get hash | malicious | Mars Stealer, RedLine, SectopRAT, Stealc, Vidar | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
Get hash | malicious | TechSupportScam | Browse | |||
Get hash | malicious | HTMLPhisher | Browse | |||
172.67.155.93 | Get hash | malicious | LummaC | Browse | ||
Get hash | malicious | LummaC | Browse | |||
Get hash | malicious | LummaC | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
google.com | Get hash | malicious | BitCoin Miner, SilentXMRMiner | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Discord Token Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, RedLine, SectopRAT, Stealc, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
palmeventeryjusk.shop | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
| ||
Get hash | malicious | LummaC | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Stealit | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Discord Token Stealer | Browse |
| ||
Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
28a2c9bd18a11de089ef85a160da29e4 | Get hash | malicious | BitCoin Miner, SilentXMRMiner | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Discord Token Stealer | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mars Stealer, RedLine, SectopRAT, Stealc, Vidar | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | TechSupportScam | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC | Browse |
| |
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Latrodectus | Browse |
| ||
Get hash | malicious | MicroClip | Browse |
| ||
Get hash | malicious | AsyncRAT | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
| ||
Get hash | malicious | RisePro Stealer | Browse |
|
File type: | |
Entropy (8bit): | 6.685042377595043 |
TrID: |
|
File name: | file.exe |
File size: | 1'800'704 bytes |
MD5: | 24dd75b0a7bb9a0e0918ee0dd84a581a |
SHA1: | de796b237488df3d26a99aa8a78098c010aeb2c9 |
SHA256: | 878966291372a9633242af15570a8bbe31699b5e0b650e806af4742da1f6b35d |
SHA512: | 53f951d795fbf760dd593619bb3f96fd604bc15adb4f637457d28fbd78ae3764afd4e9c9a755a6241431ad4664dd30e4a2df84e33fe59954f7c55da0e4038557 |
SSDEEP: | 24576:qnbbGmgK4brDi4IxgRqzwqNb+Yz73P2EMZbG0JEtXlCbWqx9quTYtXU+x42dLE:oHsKh4nqzF3PYdStVCb7DTiXU+C2ZE |
TLSH: | AB857C22A3914437D4721E355D2BD2B42D267D312EB4E84A7EF8BE0D1E38B41BD357A2 |
File Content Preview: | MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
Icon Hash: | 031b33374923232f |
Entrypoint: | 0x5025d8 |
Entrypoint Section: | .itext |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
DLL Characteristics: | NX_COMPAT, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | f62b90e31eca404f228fcf7068b00f31 |
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
push ebx |
push esi |
push edi |
mov eax, 00500930h |
call 00007FB3DC5CC6F6h |
push FFFFFFECh |
mov eax, dword ptr [00505E5Ch] |
mov eax, dword ptr [eax] |
mov ebx, dword ptr [eax+00000170h] |
push ebx |
call 00007FB3DC5CD5A1h |
and eax, FFFFFF7Fh |
push eax |
push FFFFFFECh |
mov eax, dword ptr [00505E5Ch] |
push ebx |
call 00007FB3DC5CD7F6h |
xor eax, eax |
push ebp |
push 00502653h |
push dword ptr fs:[eax] |
mov dword ptr fs:[eax], esp |
push 00000001h |
call 00007FB3DC5CCF41h |
call 00007FB3DC6C3DDCh |
mov eax, dword ptr [00500568h] |
push eax |
push 005005CCh |
mov eax, dword ptr [00505E5Ch] |
mov eax, dword ptr [eax] |
call 00007FB3DC63FBCDh |
call 00007FB3DC6C3E30h |
xor eax, eax |
pop edx |
pop ecx |
pop ecx |
mov dword ptr fs:[eax], edx |
jmp 00007FB3DC6C5DABh |
jmp 00007FB3DC5C7E1Dh |
call 00007FB3DC6C3BACh |
mov eax, 00000001h |
call 00007FB3DC5C88DEh |
call 00007FB3DC5C8261h |
mov eax, dword ptr [00505E5Ch] |
mov eax, dword ptr [eax] |
mov edx, 005027E8h |
call 00007FB3DC63F6D8h |
push 00000005h |
mov eax, dword ptr [00505E5Ch] |
mov eax, dword ptr [eax] |
mov eax, dword ptr [eax+00000170h] |
push eax |
call 00007FB3DC5CD7B7h |
mov eax, dword ptr [00505E5Ch] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [004DACA0h] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x10e000 | 0x3840 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x114000 | 0xaf200 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x113000 | 0x18 | .rdata |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x10ea80 | 0x88c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xffdc8 | 0xffe00 | b9852eae83b24e65fe1d67a2f1390c9a | False | 0.48306210307767466 | data | 6.484390133841002 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.itext | 0x101000 | 0x17f4 | 0x1800 | 8e0d52126a75001416d71c23878be2c1 | False | 0.5244140625 | data | 6.003729381717893 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.data | 0x103000 | 0x308c | 0x3200 | c2acc8e96fc244753abd1d87bb624bc0 | False | 0.425078125 | data | 4.3575606000501415 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.bss | 0x107000 | 0x6198 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.idata | 0x10e000 | 0x3840 | 0x3a00 | 0e1e8128f777a5ff18a144305a4fb39c | False | 0.3108836206896552 | data | 5.2048781278956655 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.tls | 0x112000 | 0x3c | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rdata | 0x113000 | 0x18 | 0x200 | 9cf98ea6bb17a35d99fa770a2e9a8ff0 | False | 0.05078125 | MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "Q" | 0.2108262677871819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x114000 | 0xaf200 | 0xaf200 | e56b7a46fa248db713f13fd0a70ee7d9 | False | 0.550715727605282 | data | 6.709232434049833 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_CURSOR | 0x114c74 | 0x134 | Targa image data - Map 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
RT_CURSOR | 0x114da8 | 0x134 | data | English | United States | 0.4642857142857143 |
RT_CURSOR | 0x114edc | 0x134 | data | English | United States | 0.4805194805194805 |
RT_CURSOR | 0x115010 | 0x134 | data | English | United States | 0.38311688311688313 |
RT_CURSOR | 0x115144 | 0x134 | data | English | United States | 0.36038961038961037 |
RT_CURSOR | 0x115278 | 0x134 | data | English | United States | 0.4090909090909091 |
RT_CURSOR | 0x1153ac | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4967532467532468 |
RT_BITMAP | 0x1154e0 | 0x4e8 | Device independent bitmap graphic, 48 x 48 x 4, image size 1152 | 0.2945859872611465 | ||
RT_BITMAP | 0x1159c8 | 0xe8 | Device independent bitmap graphic, 16 x 16 x 4, image size 128 | 0.521551724137931 | ||
RT_ICON | 0x115ab0 | 0x42028 | Device independent bitmap graphic, 256 x 512 x 32, image size 270336 | English | United States | 0.1779410894458088 |
RT_ICON | 0x157ad8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.4320539419087137 |
RT_ICON | 0x15a080 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.5265009380863039 |
RT_ICON | 0x15b128 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.6196721311475409 |
RT_ICON | 0x15bab0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.726063829787234 |
RT_STRING | 0x15bf18 | 0xec | data | 0.6059322033898306 | ||
RT_STRING | 0x15c004 | 0x250 | data | 0.47466216216216217 | ||
RT_STRING | 0x15c254 | 0x28c | data | 0.4647239263803681 | ||
RT_STRING | 0x15c4e0 | 0x3e4 | data | 0.4347389558232932 | ||
RT_STRING | 0x15c8c4 | 0x9c | data | 0.717948717948718 | ||
RT_STRING | 0x15c960 | 0xe8 | data | 0.6293103448275862 | ||
RT_STRING | 0x15ca48 | 0x468 | data | 0.3820921985815603 | ||
RT_STRING | 0x15ceb0 | 0x38c | data | 0.3898678414096916 | ||
RT_STRING | 0x15d23c | 0x3dc | data | 0.39271255060728744 | ||
RT_STRING | 0x15d618 | 0x360 | data | 0.37037037037037035 | ||
RT_STRING | 0x15d978 | 0x40c | data | 0.3783783783783784 | ||
RT_STRING | 0x15dd84 | 0x108 | data | 0.5113636363636364 | ||
RT_STRING | 0x15de8c | 0xcc | data | 0.6029411764705882 | ||
RT_STRING | 0x15df58 | 0x234 | data | 0.5070921985815603 | ||
RT_STRING | 0x15e18c | 0x3c8 | data | 0.3181818181818182 | ||
RT_STRING | 0x15e554 | 0x32c | data | 0.43349753694581283 | ||
RT_STRING | 0x15e880 | 0x2a0 | data | 0.41964285714285715 | ||
RT_RCDATA | 0x15eb20 | 0x82e8 | data | English | United States | 0.11261637622344235 |
RT_RCDATA | 0x166e08 | 0x10 | data | 1.5 | ||
RT_RCDATA | 0x166e18 | 0x1800 | PE32+ executable (console) x86-64, for MS Windows | English | United States | 0.3924153645833333 |
RT_RCDATA | 0x168618 | 0x6bc | data | 0.6467517401392111 | ||
RT_RCDATA | 0x168cd4 | 0x5b10 | PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows | English | United States | 0.3255404941660947 |
RT_RCDATA | 0x16e7e4 | 0x125 | Delphi compiled form 'TMainForm' | 0.7508532423208191 | ||
RT_RCDATA | 0x16e90c | 0x3a2 | Delphi compiled form 'TNewDiskForm' | 0.524731182795699 | ||
RT_RCDATA | 0x16ecb0 | 0x320 | Delphi compiled form 'TSelectFolderForm' | 0.53625 | ||
RT_RCDATA | 0x16efd0 | 0x300 | Delphi compiled form 'TSelectLanguageForm' | 0.5703125 | ||
RT_RCDATA | 0x16f2d0 | 0x5d9 | Delphi compiled form 'TUninstallProgressForm' | 0.4562458249832999 | ||
RT_RCDATA | 0x16f8ac | 0x461 | Delphi compiled form 'TUninstSharedFileForm' | 0.4335414808206958 | ||
RT_RCDATA | 0x16fd10 | 0x2092 | Delphi compiled form 'TWizardForm' | 0.2299112497001679 | ||
RT_GROUP_CURSOR | 0x171da4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x171db8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.25 |
RT_GROUP_CURSOR | 0x171dcc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x171de0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x171df4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x171e08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_CURSOR | 0x171e1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
RT_GROUP_ICON | 0x171e30 | 0x4c | data | English | United States | 0.8026315789473685 |
RT_VERSION | 0x171e7c | 0x15c | data | English | United States | 0.5689655172413793 |
RT_MANIFEST | 0x171fd8 | 0x62c | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.4240506329113924 |
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExW, RegOpenKeyExW, RegCloseKey |
user32.dll | GetKeyboardType, LoadStringW, MessageBoxA, CharNextW |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW |
user32.dll | CreateWindowExW, WindowFromPoint, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, OemToCharBuffA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuW, CharToOemBuffA, AdjustWindowRectEx, ActivateKeyboardLayout |
msimg32.dll | AlphaBlend |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceW |
version.dll | VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW |
mpr.dll | WNetOpenEnumW, WNetGetUniversalNameW, WNetGetConnectionW, WNetEnumResourceW, WNetCloseEnum |
kernel32.dll | lstrcpyW, lstrcmpW, WriteProfileStringW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, TransactNamedPipe, TerminateProcess, SwitchToThread, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexW, MultiByteToWideChar, MulDiv, MoveFileExW, MoveFileW, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsDBCSLeadByte, IsBadWritePtr, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadLocale, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetShortPathNameW, GetProfileStringW, GetProcAddress, GetPrivateProfileStringW, GetOverlappedResult, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetComputerNameW, GetCommandLineW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushFileBuffers, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CompareFileTime, CloseHandle |
advapi32.dll | SetSecurityDescriptorDacl, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, InitializeSecurityDescriptor, GetUserNameW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid |
comctl32.dll | InitCommonControls |
kernel32.dll | Sleep |
oleaut32.dll | GetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit |
comctl32.dll | InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls |
shell32.dll | ShellExecuteExW, ShellExecuteW, SHGetFileInfoW, ExtractIconW |
shell32.dll | SHGetPathFromIDListW, SHGetMalloc, SHChangeNotify, SHBrowseForFolderW |
comdlg32.dll | GetSaveFileNameW, GetOpenFileNameW |
ole32.dll | CoDisconnectObject |
advapi32.dll | AdjustTokenPrivileges |
oleaut32.dll | SysFreeString |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/27/24-13:26:27.497604 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:36.893528 | UDP | 2052046 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (palmeventeryjusk .shop) | 54027 | 53 | 192.168.2.4 | 1.1.1.1 |
04/27/24-13:26:23.378200 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:27:32.334368 | UDP | 2052046 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (palmeventeryjusk .shop) | 60308 | 53 | 192.168.2.4 | 1.1.1.1 |
04/27/24-13:26:26.585236 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:23.272724 | UDP | 2052046 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (palmeventeryjusk .shop) | 65136 | 53 | 192.168.2.4 | 1.1.1.1 |
04/27/24-13:26:29.422008 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:25.775214 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:24.897555 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:28.686063 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:26:31.854854 | TCP | 2052047 | ET TROJAN Observed Lumma Stealer Related Domain (palmeventeryjusk .shop in TLS SNI) | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
04/27/24-13:27:00.927077 | UDP | 2052046 | ET TROJAN Lumma Stealer Related CnC Domain in DNS Lookup (palmeventeryjusk .shop) | 60371 | 53 | 192.168.2.4 | 1.1.1.1 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 13:25:49.943315029 CEST | 49678 | 443 | 192.168.2.4 | 104.46.162.224 |
Apr 27, 2024 13:25:51.099540949 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 27, 2024 13:26:00.710753918 CEST | 49675 | 443 | 192.168.2.4 | 173.222.162.32 |
Apr 27, 2024 13:26:03.353935957 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.354022980 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.354094028 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.354284048 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.354322910 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.363100052 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.363136053 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.363199949 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.363450050 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.363472939 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.487814903 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.487843990 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.487900019 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.488073111 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.488084078 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.616375923 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.616625071 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.616688013 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.617568970 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.617645025 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.618500948 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.618570089 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.618649006 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.618666887 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.626761913 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.626951933 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.626967907 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.630496025 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.630615950 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.630846024 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.630944014 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.630950928 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.631017923 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.660742998 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.723220110 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.723228931 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.750591040 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.750917912 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.750933886 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.751777887 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.751830101 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.752319098 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.752372980 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.752446890 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.752454042 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:03.926346064 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:03.957632065 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.107861042 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.107959986 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.107978106 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.108093023 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.109169006 CEST | 49735 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.109186888 CEST | 443 | 49735 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.110429049 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.110460043 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.113435984 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.113436937 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.113465071 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.244013071 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.244200945 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.244260073 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.244427919 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.245307922 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.245645046 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.245657921 CEST | 443 | 49736 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.245691061 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.245851040 CEST | 49736 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.250019073 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.250044107 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.250480890 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.253179073 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.253191948 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.373996019 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.377403975 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.377412081 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.377698898 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.378603935 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.378664017 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.379065990 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.420154095 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.513676882 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.516681910 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.516796112 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.516798973 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.516808987 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.516813993 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.516865015 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.517160892 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.517226934 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.517227888 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.517236948 CEST | 443 | 49737 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.517357111 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.517384052 CEST | 49737 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.519227982 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.519310951 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.519880056 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.543422937 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.543473959 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.543612003 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.543817997 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.543837070 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.560154915 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.633769035 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.633804083 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.633904934 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.633985043 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.634031057 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.634140015 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.634567022 CEST | 49738 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.634574890 CEST | 443 | 49738 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.773471117 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.773514986 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.773627043 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.773667097 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.773680925 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.773713112 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.775146008 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.775154114 CEST | 443 | 49739 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.775204897 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.775204897 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.777318001 CEST | 49739 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.801343918 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.805644035 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.805658102 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.805938959 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.806338072 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.806394100 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.806499004 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:04.848140001 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:04.961178064 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:05.061453104 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:05.061542988 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:05.061599970 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:05.061598063 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:05.061619997 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:05.061651945 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:05.061665058 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:05.061702013 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:06.193391085 CEST | 49740 | 443 | 192.168.2.4 | 142.251.32.100 |
Apr 27, 2024 13:26:06.193439007 CEST | 443 | 49740 | 142.251.32.100 | 192.168.2.4 |
Apr 27, 2024 13:26:12.781169891 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:12.781203985 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:12.781269073 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:12.783240080 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:12.783260107 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:12.966896057 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:12.966963053 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:12.969240904 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:12.969248056 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:12.969480038 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.008904934 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.013236046 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.013262033 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:13.013329029 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.014372110 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.014384031 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:13.052156925 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.137136936 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.137217045 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.137281895 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.137375116 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.137404919 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.137432098 CEST | 49743 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.137445927 CEST | 443 | 49743 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.170802116 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.170893908 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.170969009 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.171207905 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:13.171224117 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.340667009 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:13.340729952 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.344827890 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.344835997 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:13.345160961 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:13.410856962 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:13.672152042 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:13.672224998 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.532735109 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.532821894 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.533153057 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.723370075 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.837100983 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.880116940 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.926002026 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.926223040 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.926285028 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.993984938 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.994024992 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:14.994054079 CEST | 49745 | 443 | 192.168.2.4 | 23.51.58.94 |
Apr 27, 2024 13:26:14.994074106 CEST | 443 | 49745 | 23.51.58.94 | 192.168.2.4 |
Apr 27, 2024 13:26:15.146749020 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.192118883 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357043028 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357099056 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357117891 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357135057 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357172966 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357182980 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.357196093 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357218981 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.357225895 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357244968 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.357275009 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.357450008 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357512951 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.357520103 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357625961 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:15.357677937 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.714184046 CEST | 49744 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:15.714195013 CEST | 443 | 49744 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:23.374608040 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.374638081 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:23.374732018 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.378200054 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.378211975 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:23.565673113 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:23.565752029 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.569737911 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.569742918 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:23.569941998 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:23.614833117 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.614873886 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:23.614903927 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:24.074681997 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:24.074743032 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:24.074790955 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:24.889646053 CEST | 49751 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:24.889672041 CEST | 443 | 49751 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:24.895817041 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:24.895906925 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:24.895997047 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:24.897555113 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:24.897592068 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.080940962 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.081034899 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.082190990 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.082204103 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.082418919 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.083679914 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.083719015 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.083758116 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.598952055 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599013090 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599034071 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599057913 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599080086 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599118948 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.599118948 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.599158049 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599210978 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.599365950 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599415064 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599445105 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599457026 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.599473000 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599507093 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599520922 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.599534988 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.599582911 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.600203991 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.600272894 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.600323915 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.603082895 CEST | 49752 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.603106022 CEST | 443 | 49752 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.774765968 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.774852991 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.774957895 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.775213957 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.775253057 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.959090948 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.959184885 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.964989901 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.965053082 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.965281010 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.966296911 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.966438055 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.966480970 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:25.966578007 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:25.966593027 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.490942001 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.491069078 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.491136074 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.491905928 CEST | 49753 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.491941929 CEST | 443 | 49753 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.584763050 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.584849119 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.584949017 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.585236073 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.585272074 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.822817087 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.822918892 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.824115038 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.824145079 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.824372053 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:26.840790033 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.840868950 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:26.840905905 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.349021912 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.349159956 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.349216938 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.349280119 CEST | 49754 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.349318027 CEST | 443 | 49754 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.497147083 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.497179985 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.497281075 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.497603893 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.497615099 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.690948009 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.691073895 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.699695110 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.699703932 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.699892044 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.700980902 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.701148987 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.701174974 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:27.701236963 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:27.701244116 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.221221924 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.221292973 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.221374035 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.221491098 CEST | 49755 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.221503019 CEST | 443 | 49755 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.685704947 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.685731888 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.685795069 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.686063051 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.686074018 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.871433020 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.871530056 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.872754097 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.872759104 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.872955084 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:28.874068022 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.874165058 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:28.874187946 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:29.362118006 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:29.362221956 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:29.362292051 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:29.362346888 CEST | 49756 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:29.362365007 CEST | 443 | 49756 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:29.421571016 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:29.421602011 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:29.421706915 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:29.422008038 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:29.422019005 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.623589993 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.623689890 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.624743938 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.624753952 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.624953985 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.626003981 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.626080990 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.626085043 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.993469000 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.993551016 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:30.993597984 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.993679047 CEST | 49757 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:30.993691921 CEST | 443 | 49757 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:31.854362011 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:31.854392052 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:31.854479074 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:31.854854107 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:31.854863882 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.039856911 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.039954901 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.041337013 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.041351080 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.041558027 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.042680979 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043092012 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043118954 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.043190956 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043226957 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.043301105 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043337107 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.043416977 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043428898 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.043519020 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043545008 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.043653011 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.043677092 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.084147930 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:32.084255934 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:32.128159046 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:34.291620970 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:34.291712046 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:34.291763067 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:34.291904926 CEST | 49758 | 443 | 192.168.2.4 | 172.67.155.93 |
Apr 27, 2024 13:26:34.291920900 CEST | 443 | 49758 | 172.67.155.93 | 192.168.2.4 |
Apr 27, 2024 13:26:53.939943075 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:53.939975023 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:53.940035105 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:53.940352917 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:53.940365076 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.250576019 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.250643015 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.252068996 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.252075911 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.252413034 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.259740114 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.304115057 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547151089 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547178030 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547207117 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547240973 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.547249079 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547280073 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.547306061 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.547337055 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547375917 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547386885 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.547391891 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547429085 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.547432899 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547442913 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.547486067 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.552809000 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.552818060 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:26:54.552844048 CEST | 49760 | 443 | 192.168.2.4 | 20.12.23.50 |
Apr 27, 2024 13:26:54.552848101 CEST | 443 | 49760 | 20.12.23.50 | 192.168.2.4 |
Apr 27, 2024 13:27:04.739649057 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:04.739707947 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:04.739782095 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:04.740008116 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:04.740022898 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:04.997128010 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:04.997486115 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:04.997515917 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:04.998382092 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:04.998447895 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:05.007551908 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:05.007606983 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:05.059920073 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:05.059931040 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:05.105917931 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:08.895874977 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 27, 2024 13:27:08.896028996 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 27, 2024 13:27:08.982978106 CEST | 80 | 49723 | 199.232.210.172 | 192.168.2.4 |
Apr 27, 2024 13:27:08.983072042 CEST | 80 | 49724 | 199.232.210.172 | 192.168.2.4 |
Apr 27, 2024 13:27:08.983108997 CEST | 80 | 49723 | 199.232.210.172 | 192.168.2.4 |
Apr 27, 2024 13:27:08.983143091 CEST | 80 | 49724 | 199.232.210.172 | 192.168.2.4 |
Apr 27, 2024 13:27:08.983263016 CEST | 49723 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 27, 2024 13:27:08.983273983 CEST | 49724 | 80 | 192.168.2.4 | 199.232.210.172 |
Apr 27, 2024 13:27:15.027540922 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:15.027602911 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Apr 27, 2024 13:27:15.027661085 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:17.234832048 CEST | 49762 | 443 | 192.168.2.4 | 142.250.80.100 |
Apr 27, 2024 13:27:17.234862089 CEST | 443 | 49762 | 142.250.80.100 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 27, 2024 13:26:00.628803968 CEST | 53 | 59867 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:00.637655020 CEST | 53 | 54787 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:00.669126987 CEST | 56952 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 27, 2024 13:26:00.670176029 CEST | 65252 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:26:00.758431911 CEST | 53 | 65252 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:00.762217045 CEST | 53 | 56952 | 8.8.8.8 | 192.168.2.4 |
Apr 27, 2024 13:26:03.013057947 CEST | 53 | 51907 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:03.263155937 CEST | 52041 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:26:03.263290882 CEST | 61763 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:26:03.353068113 CEST | 53 | 61763 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:03.353280067 CEST | 53 | 52041 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:21.140412092 CEST | 138 | 138 | 192.168.2.4 | 192.168.2.255 |
Apr 27, 2024 13:26:21.768251896 CEST | 53 | 55188 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:23.272723913 CEST | 65136 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:26:23.369961023 CEST | 53 | 65136 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:30.487952948 CEST | 53 | 51914 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:36.893527985 CEST | 54027 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:26:36.989690065 CEST | 53 | 54027 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:26:45.947042942 CEST | 53 | 63873 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:00.193162918 CEST | 53 | 65450 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:00.927077055 CEST | 60371 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:27:01.017467976 CEST | 53 | 60371 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:04.649708033 CEST | 56663 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:27:04.650015116 CEST | 55939 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:27:04.737871885 CEST | 53 | 56663 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:04.738251925 CEST | 53 | 55939 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:17.324198008 CEST | 53 | 56762 | 1.1.1.1 | 192.168.2.4 |
Apr 27, 2024 13:27:32.334367990 CEST | 60308 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 27, 2024 13:27:32.430865049 CEST | 53 | 60308 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 27, 2024 13:26:00.669126987 CEST | 192.168.2.4 | 8.8.8.8 | 0xe761 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:26:00.670176029 CEST | 192.168.2.4 | 1.1.1.1 | 0x4bd0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:26:03.263155937 CEST | 192.168.2.4 | 1.1.1.1 | 0x6c23 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:26:03.263290882 CEST | 192.168.2.4 | 1.1.1.1 | 0xe1a6 | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 13:26:23.272723913 CEST | 192.168.2.4 | 1.1.1.1 | 0xc577 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:26:36.893527985 CEST | 192.168.2.4 | 1.1.1.1 | 0x2a1e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:27:00.927077055 CEST | 192.168.2.4 | 1.1.1.1 | 0x87e9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:27:04.649708033 CEST | 192.168.2.4 | 1.1.1.1 | 0xdb52 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 27, 2024 13:27:04.650015116 CEST | 192.168.2.4 | 1.1.1.1 | 0x694d | Standard query (0) | 65 | IN (0x0001) | false | |
Apr 27, 2024 13:27:32.334367990 CEST | 192.168.2.4 | 1.1.1.1 | 0xb2c5 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 27, 2024 13:26:00.758431911 CEST | 1.1.1.1 | 192.168.2.4 | 0x4bd0 | No error (0) | 142.250.80.14 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:00.762217045 CEST | 8.8.8.8 | 192.168.2.4 | 0xe761 | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:03.353068113 CEST | 1.1.1.1 | 192.168.2.4 | 0xe1a6 | No error (0) | 65 | IN (0x0001) | false | |||
Apr 27, 2024 13:26:03.353280067 CEST | 1.1.1.1 | 192.168.2.4 | 0x6c23 | No error (0) | 142.251.32.100 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:23.369961023 CEST | 1.1.1.1 | 192.168.2.4 | 0xc577 | No error (0) | 172.67.155.93 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:23.369961023 CEST | 1.1.1.1 | 192.168.2.4 | 0xc577 | No error (0) | 104.21.7.13 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:36.989690065 CEST | 1.1.1.1 | 192.168.2.4 | 0x2a1e | No error (0) | 172.67.155.93 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:26:36.989690065 CEST | 1.1.1.1 | 192.168.2.4 | 0x2a1e | No error (0) | 104.21.7.13 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:27:01.017467976 CEST | 1.1.1.1 | 192.168.2.4 | 0x87e9 | No error (0) | 172.67.155.93 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:27:01.017467976 CEST | 1.1.1.1 | 192.168.2.4 | 0x87e9 | No error (0) | 104.21.7.13 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:27:04.737871885 CEST | 1.1.1.1 | 192.168.2.4 | 0xdb52 | No error (0) | 142.250.80.100 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:27:04.738251925 CEST | 1.1.1.1 | 192.168.2.4 | 0x694d | No error (0) | 65 | IN (0x0001) | false | |||
Apr 27, 2024 13:27:32.430865049 CEST | 1.1.1.1 | 192.168.2.4 | 0xb2c5 | No error (0) | 104.21.7.13 | A (IP address) | IN (0x0001) | false | ||
Apr 27, 2024 13:27:32.430865049 CEST | 1.1.1.1 | 192.168.2.4 | 0xb2c5 | No error (0) | 172.67.155.93 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49735 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:03 UTC | 353 | OUT | |
2024-04-27 11:26:04 UTC | 1815 | IN | |
2024-04-27 11:26:04 UTC | 427 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.4 | 49736 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:03 UTC | 510 | OUT | |
2024-04-27 11:26:04 UTC | 1842 | IN | |
2024-04-27 11:26:04 UTC | 458 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
2 | 192.168.2.4 | 49737 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:03 UTC | 353 | OUT | |
2024-04-27 11:26:04 UTC | 1761 | IN | |
2024-04-27 11:26:04 UTC | 417 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
3 | 192.168.2.4 | 49738 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:04 UTC | 742 | OUT | |
2024-04-27 11:26:04 UTC | 356 | IN | |
2024-04-27 11:26:04 UTC | 899 | IN | |
2024-04-27 11:26:04 UTC | 1255 | IN | |
2024-04-27 11:26:04 UTC | 977 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
4 | 192.168.2.4 | 49739 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:04 UTC | 912 | OUT | |
2024-04-27 11:26:04 UTC | 356 | IN | |
2024-04-27 11:26:04 UTC | 899 | IN | |
2024-04-27 11:26:04 UTC | 1255 | IN | |
2024-04-27 11:26:04 UTC | 1031 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
5 | 192.168.2.4 | 49740 | 142.251.32.100 | 443 | 7008 | C:\Program Files\Google\Chrome\Application\chrome.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:04 UTC | 738 | OUT | |
2024-04-27 11:26:05 UTC | 356 | IN | |
2024-04-27 11:26:05 UTC | 899 | IN | |
2024-04-27 11:26:05 UTC | 1255 | IN | |
2024-04-27 11:26:05 UTC | 959 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
6 | 192.168.2.4 | 49743 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:13 UTC | 161 | OUT | |
2024-04-27 11:26:13 UTC | 467 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
7 | 192.168.2.4 | 49745 | 23.51.58.94 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:14 UTC | 239 | OUT | |
2024-04-27 11:26:14 UTC | 456 | IN | |
2024-04-27 11:26:14 UTC | 55 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
8 | 192.168.2.4 | 49744 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:15 UTC | 306 | OUT | |
2024-04-27 11:26:15 UTC | 560 | IN | |
2024-04-27 11:26:15 UTC | 15824 | IN | |
2024-04-27 11:26:15 UTC | 8666 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
9 | 192.168.2.4 | 49751 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:23 UTC | 268 | OUT | |
2024-04-27 11:26:23 UTC | 8 | OUT | |
2024-04-27 11:26:24 UTC | 804 | IN | |
2024-04-27 11:26:24 UTC | 7 | IN | |
2024-04-27 11:26:24 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
10 | 192.168.2.4 | 49752 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:25 UTC | 269 | OUT | |
2024-04-27 11:26:25 UTC | 51 | OUT | |
2024-04-27 11:26:25 UTC | 812 | IN | |
2024-04-27 11:26:25 UTC | 557 | IN | |
2024-04-27 11:26:25 UTC | 729 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN | |
2024-04-27 11:26:25 UTC | 1369 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
11 | 192.168.2.4 | 49753 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:25 UTC | 287 | OUT | |
2024-04-27 11:26:25 UTC | 15331 | OUT | |
2024-04-27 11:26:25 UTC | 2829 | OUT | |
2024-04-27 11:26:26 UTC | 812 | IN | |
2024-04-27 11:26:26 UTC | 23 | IN | |
2024-04-27 11:26:26 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
12 | 192.168.2.4 | 49754 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:26 UTC | 286 | OUT | |
2024-04-27 11:26:26 UTC | 8781 | OUT | |
2024-04-27 11:26:27 UTC | 808 | IN | |
2024-04-27 11:26:27 UTC | 23 | IN | |
2024-04-27 11:26:27 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
13 | 192.168.2.4 | 49755 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:27 UTC | 287 | OUT | |
2024-04-27 11:26:27 UTC | 15331 | OUT | |
2024-04-27 11:26:27 UTC | 5103 | OUT | |
2024-04-27 11:26:28 UTC | 806 | IN | |
2024-04-27 11:26:28 UTC | 23 | IN | |
2024-04-27 11:26:28 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
14 | 192.168.2.4 | 49756 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:28 UTC | 286 | OUT | |
2024-04-27 11:26:28 UTC | 7087 | OUT | |
2024-04-27 11:26:29 UTC | 808 | IN | |
2024-04-27 11:26:29 UTC | 23 | IN | |
2024-04-27 11:26:29 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
15 | 192.168.2.4 | 49757 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:30 UTC | 286 | OUT | |
2024-04-27 11:26:30 UTC | 1407 | OUT | |
2024-04-27 11:26:30 UTC | 812 | IN | |
2024-04-27 11:26:30 UTC | 23 | IN | |
2024-04-27 11:26:30 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
16 | 192.168.2.4 | 49758 | 172.67.155.93 | 443 | 6884 | C:\Users\user\Desktop\file.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:32 UTC | 288 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:32 UTC | 15331 | OUT | |
2024-04-27 11:26:34 UTC | 810 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
17 | 192.168.2.4 | 49760 | 20.12.23.50 | 443 |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-04-27 11:26:54 UTC | 306 | OUT | |
2024-04-27 11:26:54 UTC | 560 | IN | |
2024-04-27 11:26:54 UTC | 15824 | IN | |
2024-04-27 11:26:54 UTC | 9633 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
Target ID: | 0 |
Start time: | 13:25:52 |
Start date: | 27/04/2024 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1'800'704 bytes |
MD5 hash: | 24DD75B0A7BB9A0E0918EE0DD84A581A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Yara matches: |
|
Reputation: | low |
Has exited: | true |
Target ID: | 1 |
Start time: | 13:25:57 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Target ID: | 2 |
Start time: | 13:25:58 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 13:25:58 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 5 |
Start time: | 13:25:58 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 13:26:24 |
Start date: | 27/04/2024 |
Path: | C:\Program Files\Google\Chrome\Application\chrome.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff76e190000 |
File size: | 3'242'272 bytes |
MD5 hash: | 45DE480806D1B5D462A7DDE4DCEFC4E4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Execution Graph
Execution Coverage: | 8% |
Dynamic/Decrypted Code Coverage: | 100% |
Signature Coverage: | 25.1% |
Total number of Nodes: | 459 |
Total number of Limit Nodes: | 35 |
Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E9D20 Relevance: 6.7, Strings: 5, Instructions: 468COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E4C40 Relevance: 5.5, Strings: 4, Instructions: 498COMMON
Control-flow Graph
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029184D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02360B49 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02901F80 Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029012B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02360589 Relevance: 1.9, APIs: 1, Instructions: 399threadCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02915ACB Relevance: 1.5, APIs: 1, Instructions: 41memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02915B70 Relevance: 1.5, APIs: 1, Instructions: 16libraryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291AE30 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291B800 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F5390 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F7239 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F4F10 Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0290A245 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83memoryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029171E7 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 41libraryCOMMON
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029183AF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 79libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023B01FD Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291890C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 65memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 029159F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023AEE4F Relevance: 1.6, APIs: 1, Instructions: 325memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0290E6AB Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291914C Relevance: 1.5, APIs: 1, Instructions: 34memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0290DDE0 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 153clipboardCOMMON
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02380955 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028FEF19 Relevance: 15.5, Strings: 12, Instructions: 473COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02371209 Relevance: 13.8, Strings: 11, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028EF7CD Relevance: 13.8, Strings: 11, Instructions: 100COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02385C7C Relevance: 7.7, Strings: 6, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02904240 Relevance: 7.7, Strings: 6, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0236B75C Relevance: 6.7, Strings: 5, Instructions: 468COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0236667C Relevance: 5.5, Strings: 4, Instructions: 498COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239CEAC Relevance: 4.1, Strings: 3, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291B470 Relevance: 4.1, Strings: 3, Instructions: 313COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02386BBF Relevance: 3.6, Strings: 2, Instructions: 1113COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023672CC Relevance: 3.4, Strings: 2, Instructions: 859COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E5890 Relevance: 3.4, Strings: 2, Instructions: 859COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023888A3 Relevance: 3.3, Strings: 2, Instructions: 794COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02906E67 Relevance: 3.3, Strings: 2, Instructions: 794COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023839BC Relevance: 2.9, Strings: 2, Instructions: 369COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023788A5 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F6E69 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02382CEC Relevance: 2.8, Strings: 2, Instructions: 263COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02399F12 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02397EBC Relevance: 1.9, Strings: 1, Instructions: 632COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02916480 Relevance: 1.9, Strings: 1, Instructions: 632COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02377593 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02388965 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02906F29 Relevance: 1.7, Strings: 1, Instructions: 410COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023889DC Relevance: 1.6, Strings: 1, Instructions: 367COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02906FA0 Relevance: 1.6, Strings: 1, Instructions: 367COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237D36C Relevance: 1.6, Strings: 1, Instructions: 325COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028FB930 Relevance: 1.6, Strings: 1, Instructions: 325COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237CCDC Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028FB2A0 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02904786 Relevance: 1.6, Strings: 1, Instructions: 309COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239CB6C Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291B130 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E6C20 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239C86C Relevance: 1.5, Strings: 1, Instructions: 257COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239D23C Relevance: 1.5, Strings: 1, Instructions: 221COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237911D Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F76E1 Relevance: 1.4, Strings: 1, Instructions: 103COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02376DCC Relevance: 1.3, Strings: 1, Instructions: 85COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237515E Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F3722 Relevance: 1.3, Strings: 1, Instructions: 77COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02374EBA Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F347E Relevance: 1.3, Strings: 1, Instructions: 69COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02369C8C Relevance: .8, Instructions: 838COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E8250 Relevance: .8, Instructions: 838COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023651AC Relevance: .7, Instructions: 740COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E3770 Relevance: .7, Instructions: 740COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02365C9C Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E4260 Relevance: .6, Instructions: 607COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E1000 Relevance: .5, Instructions: 536COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02373175 Relevance: .5, Instructions: 509COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F1739 Relevance: .5, Instructions: 509COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0236804C Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E6610 Relevance: .5, Instructions: 473COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02379631 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F7BF5 Relevance: .3, Instructions: 341COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02378C75 Relevance: .3, Instructions: 310COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02372989 Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F0F4D Relevance: .2, Instructions: 249COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02372697 Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F0C5B Relevance: .2, Instructions: 234COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237849E Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F6A62 Relevance: .2, Instructions: 222COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237694C Relevance: .1, Instructions: 146COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02371A9C Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F0060 Relevance: .1, Instructions: 129COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02376C52 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F5216 Relevance: .1, Instructions: 128COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02361199 Relevance: .1, Instructions: 107COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02364DAC Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E3370 Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0236401C Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023794B4 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028E25E0 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F7A78 Relevance: .1, Instructions: 95COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02361198 Relevance: .1, Instructions: 66COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02393B7C Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02912140 Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0237F11C Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028FD6E0 Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023845AC Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02902B70 Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02397507 Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239BB15 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0291A0D9 Relevance: .0, Instructions: 35COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02360EF9 Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02384590 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02902B54 Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02375A77 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0236ECFC Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028ED2C0 Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F403B Relevance: .0, Instructions: 26COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02371915 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028EFED9 Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02377FBE Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 028F6582 Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0239AE9D Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02919461 Relevance: .0, Instructions: 9COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02383627 Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02901BEB Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |