Edit tour
Windows
Analysis Report
#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe
Overview
General Information
| Sample name: | #Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exerenamed because original name is a hash value |
| Original sample name: | _patched.exe |
| Analysis ID: | 1664105 |
| MD5: | cb0642ac717f55a8aac26b51fa96151d |
| SHA1: | fd2fdcf2d3f048fe90bed0217f4318c7c33a8446 |
| SHA256: | 04248506f0dca37b8eddfeeae66c70dca3009a97247c3e5170db66b53ddf45fa |
| Tags: | de-pumpedexeLummaStealeruser-aachum |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Detected potential crypto function
Found evasive API chain (may stop execution after checking a module file name)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Shows file infection / information gathering behavior (enumerates multiple directory for files)
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe (PID: 6168 cmdline: "C:\Users\ user\Deskt op\#Ud835# Udc12#Ud83 5#Udc04#Ud 835#Udc13# Ud835#Udc1 4#Ud835#Ud c0f_patche d.exe" MD5: CB0642AC717F55A8AAC26B51FA96151D)
- cleanup
{"C2 url": ["bxattlepath.digital/ogda", "jawdedmirror.run/ewqd", "changeaie.top/geps", "lonfgshadow.live/xawi", "liftally.top/xasj", "nighetwhisper.top/lekd", "salaccgfa.top/gsooz", "zestmodp.top/zeda", "owlflright.digital/qopy"], "Build id": "637b55279021aab33278188cfa638397"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-13T17:03:08.964479+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49730 | 89.169.54.153 | 443 | TCP |
| 2025-04-13T17:03:30.611373+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49721 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:33.177726+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49723 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:34.437276+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49724 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:35.957124+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49725 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:40.731669+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49726 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:41.664933+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49727 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:42.859474+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49728 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:44.915880+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.4 | 49729 | 172.67.157.7 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 0_3_00C3E4C8 | |
| Source: | Code function: | 0_3_00C3A7C9 | |
| Source: | Code function: | 0_3_00C3CD6E | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Directory queried: | ||
| Source: | Code function: | 0_3_00C56040 | |
| Source: | Code function: | 0_3_00C6F060 | |
| Source: | Code function: | 0_3_00C4E2A0 | |
| Source: | Code function: | 0_3_00C6F2B0 | |
| Source: | Code function: | 0_3_00C3E39A | |
| Source: | Code function: | 0_3_00C67580 | |
| Source: | Code function: | 0_3_00C6F610 | |
| Source: | Code function: | 0_3_00C2D9F0 | |
| Source: | Code function: | 0_3_00C32A63 | |
| Source: | Code function: | 0_3_00C3FCB0 | |
| Source: | Code function: | 0_3_00C3FCB0 | |
| Source: | Code function: | 0_3_00C3FCB0 | |
| Source: | Code function: | 0_3_00C6DDB0 | |
| Source: | Code function: | 0_3_00C6DED0 | |
| Source: | Code function: | 0_3_00C560DB | |
| Source: | Code function: | 0_3_00C3B06D | |
| Source: | Code function: | 0_3_00C4D1C1 | |
| Source: | Code function: | 0_3_00C551D7 | |
| Source: | Code function: | 0_3_00C551D7 | |
| Source: | Code function: | 0_3_00C551D7 | |
| Source: | Code function: | 0_3_00C5D140 | |
| Source: | Code function: | 0_3_00C3215D | |
| Source: | Code function: | 0_3_00C542EB | |
| Source: | Code function: | 0_3_00C2C2F0 | |
| Source: | Code function: | 0_3_00C2C2F0 | |
| Source: | Code function: | 0_3_00C2B250 | |
| Source: | Code function: | 0_3_00C2B200 | |
| Source: | Code function: | 0_3_00C31211 | |
| Source: | Code function: | 0_3_00C51210 | |
| Source: | Code function: | 0_3_00C3D36F | |
| Source: | Code function: | 0_3_00C63300 | |
| Source: | Code function: | 0_3_00C63300 | |
| Source: | Code function: | 0_3_00C544C6 | |
| Source: | Code function: | 0_3_00C4F4BF | |
| Source: | Code function: | 0_3_00C5445D | |
| Source: | Code function: | 0_3_00C54477 | |
| Source: | Code function: | 0_3_00C31405 | |
| Source: | Code function: | 0_3_00C22410 | |
| Source: | Code function: | 0_3_00C5554B | |
| Source: | Code function: | 0_3_00C5554B | |
| Source: | Code function: | 0_3_00C30563 | |
| Source: | Code function: | 0_3_00C42517 | |
| Source: | Code function: | 0_3_00C55511 | |
| Source: | Code function: | 0_3_00C55511 | |
| Source: | Code function: | 0_3_00C41535 | |
| Source: | Code function: | 0_3_00C41535 | |
| Source: | Code function: | 0_3_00C41535 | |
| Source: | Code function: | 0_3_00C55533 | |
| Source: | Code function: | 0_3_00C55533 | |
| Source: | Code function: | 0_3_00C286D0 | |
| Source: | Code function: | 0_3_00C47690 | |
| Source: | Code function: | 0_3_00C50676 | |
| Source: | Code function: | 0_3_00C6F790 | |
| Source: | Code function: | 0_3_00C32798 | |
| Source: | Code function: | 0_3_00C5476C | |
| Source: | Code function: | 0_3_00C54769 | |
| Source: | Code function: | 0_3_00C5F8F0 | |
| Source: | Code function: | 0_3_00C2C8A0 | |
| Source: | Code function: | 0_3_00C43850 | |
| Source: | Code function: | 0_3_00C6B800 | |
| Source: | Code function: | 0_3_00C3C9C7 | |
| Source: | Code function: | 0_3_00C2A940 | |
| Source: | Code function: | 0_3_00C42940 | |
| Source: | Code function: | 0_3_00C4C949 | |
| Source: | Code function: | 0_3_00C50909 | |
| Source: | Code function: | 0_3_00C45A00 | |
| Source: | Code function: | 0_3_00C45A00 | |
| Source: | Code function: | 0_3_00C4FA35 | |
| Source: | Code function: | 0_3_00C32BD9 | |
| Source: | Code function: | 0_3_00C41BAB | |
| Source: | Code function: | 0_3_00C67B50 | |
| Source: | Code function: | 0_3_00C53B17 | |
| Source: | Code function: | 0_3_00C55CC9 | |
| Source: | Code function: | 0_3_00C65C83 | |
| Source: | Code function: | 0_3_00C21C50 | |
| Source: | Code function: | 0_3_00C55C60 | |
| Source: | Code function: | 0_3_00C55C11 | |
| Source: | Code function: | 0_3_00C50C13 | |
| Source: | Code function: | 0_3_00C50C13 | |
| Source: | Code function: | 0_3_00C6DC20 | |
| Source: | Code function: | 0_3_00C6BC30 | |
| Source: | Code function: | 0_3_00C4CEFD | |
| Source: | Code function: | 0_3_00C21E80 | |
| Source: | Code function: | 0_3_00C29F40 | |
| Source: | Code function: | 0_3_00C29F40 | |
| Source: | Code function: | 0_3_00C46F50 | |
| Source: | Code function: | 0_3_00C46F50 | |
| Source: | Code function: | 0_3_00C51F50 | |
| Source: | Code function: | 0_3_00C41F6C | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_3_00C5D580 | |
| Source: | Code function: | 0_3_00C5D580 | |
| Source: | Code function: | 0_3_004C10E8 | |
| Source: | Code function: | 0_3_004C0B72 | |
| Source: | Code function: | 0_3_004C0CD8 | |
| Source: | Code function: | 0_3_004C066E | |
| Source: | Code function: | 0_2_004620FC | |
| Source: | Code function: | 0_2_004620A9 | |
| Source: | Code function: | 0_2_0046213A | |
| Source: | Code function: | 0_3_00C56040 | |
| Source: | Code function: | 0_3_00C4E2A0 | |
| Source: | Code function: | 0_3_00C464E0 | |
| Source: | Code function: | 0_3_00C2D490 | |
| Source: | Code function: | 0_3_00C35444 | |
| Source: | Code function: | 0_3_00C63430 | |
| Source: | Code function: | 0_3_00C67580 | |
| Source: | Code function: | 0_3_00C2B6D0 | |
| Source: | Code function: | 0_3_00C36720 | |
| Source: | Code function: | 0_3_00C398D0 | |
| Source: | Code function: | 0_3_00C638F0 | |
| Source: | Code function: | 0_3_00C2D9F0 | |
| Source: | Code function: | 0_3_00C6EB10 | |
| Source: | Code function: | 0_3_00C3FCB0 | |
| Source: | Code function: | 0_3_00C6DED0 | |
| Source: | Code function: | 0_3_00C560DB | |
| Source: | Code function: | 0_3_00C22040 | |
| Source: | Code function: | 0_3_00C6C060 | |
| Source: | Code function: | 0_3_00C41015 | |
| Source: | Code function: | 0_3_00C4D1C1 | |
| Source: | Code function: | 0_3_00C551D7 | |
| Source: | Code function: | 0_3_00C431E0 | |
| Source: | Code function: | 0_3_00C621A1 | |
| Source: | Code function: | 0_3_00C29160 | |
| Source: | Code function: | 0_3_00C23110 | |
| Source: | Code function: | 0_3_00C2C2F0 | |
| Source: | Code function: | 0_3_00C5D2F0 | |
| Source: | Code function: | 0_3_00C602FA | |
| Source: | Code function: | 0_3_00C44290 | |
| Source: | Code function: | 0_3_00C2F2A9 | |
| Source: | Code function: | 0_3_00C362B0 | |
| Source: | Code function: | 0_3_00C51210 | |
| Source: | Code function: | 0_3_00C65210 | |
| Source: | Code function: | 0_3_00C3D36F | |
| Source: | Code function: | 0_3_00C63300 | |
| Source: | Code function: | 0_3_00C544C6 | |
| Source: | Code function: | 0_3_00C6B4F0 | |
| Source: | Code function: | 0_3_00C5F4FE | |
| Source: | Code function: | 0_3_00C54477 | |
| Source: | Code function: | 0_3_00C22410 | |
| Source: | Code function: | 0_3_00C6E410 | |
| Source: | Code function: | 0_3_00C41535 | |
| Source: | Code function: | 0_3_00C286D0 | |
| Source: | Code function: | 0_3_00C47690 | |
| Source: | Code function: | 0_3_00C2B600 | |
| Source: | Code function: | 0_3_00C567C0 | |
| Source: | Code function: | 0_3_00C6E790 | |
| Source: | Code function: | 0_3_00C3B772 | |
| Source: | Code function: | 0_3_00C34724 | |
| Source: | Code function: | 0_3_00C6D890 | |
| Source: | Code function: | 0_3_00C2C8A0 | |
| Source: | Code function: | 0_3_00C5B8B1 | |
| Source: | Code function: | 0_3_00C6B800 | |
| Source: | Code function: | 0_3_00C5A810 | |
| Source: | Code function: | 0_3_00C279E0 | |
| Source: | Code function: | 0_3_00C3D9A7 | |
| Source: | Code function: | 0_3_00C2A940 | |
| Source: | Code function: | 0_3_00C4B976 | |
| Source: | Code function: | 0_3_00C69970 | |
| Source: | Code function: | 0_3_00C57902 | |
| Source: | Code function: | 0_3_00C50909 | |
| Source: | Code function: | 0_3_00C5891F | |
| Source: | Code function: | 0_3_00C64930 | |
| Source: | Code function: | 0_3_00C2FAE0 | |
| Source: | Code function: | 0_3_00C62AF0 | |
| Source: | Code function: | 0_3_00C65AA9 | |
| Source: | Code function: | 0_3_00C23AB0 | |
| Source: | Code function: | 0_3_00C45A00 | |
| Source: | Code function: | 0_3_00C5EBC2 | |
| Source: | Code function: | 0_3_00C3ABDA | |
| Source: | Code function: | 0_3_00C28BE0 | |
| Source: | Code function: | 0_3_00C5AB30 | |
| Source: | Code function: | 0_3_00C30C10 | |
| Source: | Code function: | 0_3_00C6BC30 | |
| Source: | Code function: | 0_3_00C3DDC2 | |
| Source: | Code function: | 0_3_00C43DD0 | |
| Source: | Code function: | 0_3_00C54DAE | |
| Source: | Code function: | 0_3_00C48DDF | |
| Source: | Code function: | 0_3_00C2BDB0 | |
| Source: | Code function: | 0_3_00C54DB0 | |
| Source: | Code function: | 0_3_00C60DB0 | |
| Source: | Code function: | 0_3_00C62D50 | |
| Source: | Code function: | 0_3_00C4BD6A | |
| Source: | Code function: | 0_3_00C42D10 | |
| Source: | Code function: | 0_3_00C35D3F | |
| Source: | Code function: | 0_3_00C33ED2 | |
| Source: | Code function: | 0_3_00C3BE01 | |
| Source: | Code function: | 0_3_00C31E19 | |
| Source: | Code function: | 0_3_00C3EFCF | |
| Source: | Code function: | 0_3_00C2BFD0 | |
| Source: | Code function: | 0_3_00C59FD9 | |
| Source: | Code function: | 0_3_00C29F40 | |
| Source: | Code function: | 0_3_00C46F50 | |
| Source: | Code function: | 0_3_00C5BF72 | |
| Source: | Code function: | 0_2_0087614F | |
| Source: | Code function: | 0_2_0087679B | |
| Source: | Code function: | 0_2_008841E0 | |
| Source: | Code function: | 0_2_00876286 | |
| Source: | Code function: | 0_2_008762F2 | |
| Source: | Code function: | 0_2_0087623C | |
| Source: | Code function: | 0_2_00876407 | |
| Source: | Code function: | 0_2_00876440 | |
| Source: | Code function: | 0_2_0088846B | |
| Source: | Code function: | 0_2_00876564 | |
| Source: | Code function: | 0_2_008766EE | |
| Source: | Code function: | 0_2_00874660 | |
| Source: | Code function: | 0_2_00866860 | |
| Source: | Code function: | 0_2_0085C990 | |
| Source: | Code function: | 0_2_008889AF | |
| Source: | Code function: | 0_2_00854A00 | |
| Source: | Code function: | 0_2_0085ED30 | |
| Source: | Code function: | 0_2_0088AD32 | |
| Source: | Code function: | 0_2_00888EF3 | |
| Source: | Code function: | 0_2_0084EE40 | |
| Source: | Code function: | 0_2_0088310B | |
| Source: | Code function: | 0_2_0088735F | |
| Source: | Code function: | 0_2_008835E0 | |
| Source: | Code function: | 0_2_0087F7ED | |
| Source: | Code function: | 0_2_008839B4 | |
| Source: | Code function: | 0_2_00883DC0 | |
| Source: | Code function: | 0_2_00875DDD | |
| Source: | Code function: | 0_2_00875DF4 | |
| Source: | Code function: | 0_2_0087BD02 | |
| Source: | Code function: | 0_2_00889FD1 | |
| Source: | Code function: | 0_2_0046069F | |
| Source: | Code function: | 0_2_00460000 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00460DAF | |
| Source: | Code function: | 0_3_00C638F0 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00885F6B | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_3_00C4F5F6 | |
| Source: | Code function: | 0_2_0087C320 | |
| Source: | Code function: | 0_2_00877BF5 | |
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Evasive API call chain: | graph_0-44856 | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-44811 | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_3_00C6A1B0 | |
| Source: | Code function: | 0_2_00874072 | |
| Source: | Code function: | 0_2_00885F6B | |
| Source: | Code function: | 0_2_0046069F | |
| Source: | Code function: | 0_2_00460C5F | |
| Source: | Code function: | 0_2_0046100F | |
| Source: | Code function: | 0_2_004612AE | |
| Source: | Code function: | 0_2_004612AF | |
| Source: | Code function: | 0_2_00461C9D | |
| Source: | Code function: | 0_2_00874072 | |
| Source: | Code function: | 0_2_00874742 | |
| Source: | Code function: | 0_2_0087765B | |
| Source: | Code function: | 0_2_0087DA0A | |
| Source: | Code function: | 0_2_00873FE7 | |
| Source: | Code function: | 0_2_00886128 | |
| Source: | Code function: | 0_2_0088615C | |
| Source: | Code function: | 0_2_0088629B | |
| Source: | Code function: | 0_2_008823CA | |
| Source: | Code function: | 0_2_0087A4BA | |
| Source: | Code function: | 0_2_00882622 | |
| Source: | Code function: | 0_2_008847E2 | |
| Source: | Code function: | 0_2_008829C1 | |
| Source: | Code function: | 0_2_00882AD8 | |
| Source: | Code function: | 0_2_00882BE4 | |
| Source: | Code function: | 0_2_00882B70 | |
| Source: | Code function: | 0_2_00882DB6 | |
| Source: | Code function: | 0_2_00882EDE | |
| Source: | Code function: | 0_2_00882E77 | |
| Source: | Code function: | 0_2_00882F1A | |
| Source: | Code function: | 0_2_008771D5 | |
| Source: | Code function: | 0_2_0087D794 | |
| Source: | Code function: | 0_2_00881D5C | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00877054 | |
| Source: | Code function: | 0_2_00877054 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 2 System Time Discovery | Remote Services | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | LSASS Memory | 231 Security Software Discovery | Remote Desktop Protocol | 21 Data from Local System | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 2 Clipboard Data | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 33 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 15% | Virustotal | Browse | ||
| 19% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bxattlepath.digital | 172.67.157.7 | true | true | unknown | |
| h1.mockupeastcoast.shop | 89.169.54.153 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| false | high | ||
| false |
| unknown | |
| true |
| unknown | |
| true |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | unknown | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 89.169.54.153 | h1.mockupeastcoast.shop | Russian Federation | 31514 | INF-NET-ASRU | false | |
| 172.67.157.7 | bxattlepath.digital | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1664105 |
| Start date and time: | 2025-04-13 17:02:13 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 5m 16s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | #Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exerenamed because original name is a hash value |
| Original Sample Name: | _patched.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/0@2/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.76.34.6, 204.79.197.222, 20.12.23.50
- Excluded domains from analysis (whitelisted): fp.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryDirectoryFile calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 11:03:30 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 89.169.54.153 | Get hash | malicious | LummaC Stealer | Browse | ||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| h1.mockupeastcoast.shop | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| INF-NET-ASRU | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | GO Backdoor, LummaC Stealer | Browse |
| ||
| Get hash | malicious | Koadic | Browse |
| ||
| Get hash | malicious | HTMLPhisher, LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 7.13758628639177 |
| TrID: |
|
| File name: | #Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| File size: | 866'816 bytes |
| MD5: | cb0642ac717f55a8aac26b51fa96151d |
| SHA1: | fd2fdcf2d3f048fe90bed0217f4318c7c33a8446 |
| SHA256: | 04248506f0dca37b8eddfeeae66c70dca3009a97247c3e5170db66b53ddf45fa |
| SHA512: | cb8edef783aa3fce93d9c653e837ff2247da3871fdee7d01c3ba42ed7d8cb10e5af4eeb78e00f34a9c05a0f9f471f0a9ecfb4ce61eeb54a0d4f494ba441c6465 |
| SSDEEP: | 24576:Bj7O0GqeykpUg8nWBsSjrpEwOf5FL+976:BjCrZ8n8sSjqFfn |
| TLSH: | 9805AF11BF7DD0B2E60386B50DBBEB19193AD620573999C3F3D80A5A4E152E17A3930F |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.h...;...;...;KG_;...;.p\;...;.pM;...;.pJ;c..;...;...;...;...;.pC;...;.pX;...;Rich...;........PE..L.....[M................... |
 | |
| Icon Hash: | 90cececece8e8eb0 |
| Entrypoint: | 0x4350ea |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x4D5BD5E8 [Wed Feb 16 13:49:28 2011 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 7b2997a8c0eb02c7c49d90436d73e91a |
| Instruction |
|---|
| call 00007F47CCE40CC8h |
| jmp 00007F47CCE37DD9h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| mov esi, ecx |
| mov byte ptr [esi+0Ch], 00000000h |
| test eax, eax |
| jne 00007F47CCE37F95h |
| call 00007F47CCE3F9A1h |
| mov dword ptr [esi+08h], eax |
| mov ecx, dword ptr [eax+6Ch] |
| mov dword ptr [esi], ecx |
| mov ecx, dword ptr [eax+68h] |
| mov dword ptr [esi+04h], ecx |
| mov ecx, dword ptr [esi] |
| cmp ecx, dword ptr [004737D0h] |
| je 00007F47CCE37F44h |
| mov ecx, dword ptr [004736E8h] |
| test dword ptr [eax+70h], ecx |
| jne 00007F47CCE37F39h |
| call 00007F47CCE3AD18h |
| mov dword ptr [esi], eax |
| mov eax, dword ptr [esi+04h] |
| cmp eax, dword ptr [00473D18h] |
| je 00007F47CCE37F48h |
| mov eax, dword ptr [esi+08h] |
| mov ecx, dword ptr [004736E8h] |
| test dword ptr [eax+70h], ecx |
| jne 00007F47CCE37F3Ah |
| call 00007F47CCE40F1Fh |
| mov dword ptr [esi+04h], eax |
| mov eax, dword ptr [esi+08h] |
| test byte ptr [eax+70h], 00000002h |
| jne 00007F47CCE37F46h |
| or dword ptr [eax+70h], 02h |
| mov byte ptr [esi+0Ch], 00000001h |
| jmp 00007F47CCE37F3Ch |
| mov ecx, dword ptr [eax] |
| mov dword ptr [esi], ecx |
| mov eax, dword ptr [eax+04h] |
| mov dword ptr [esi+04h], eax |
| mov eax, esi |
| pop esi |
| pop ebp |
| retn 0004h |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| mov edx, dword ptr [ebp+0Ch] |
| push esi |
| mov esi, dword ptr [ebp+08h] |
| push edi |
| movzx eax, byte ptr [esi] |
| lea ecx, dword ptr [eax-41h] |
| inc esi |
| cmp ecx, 19h |
| jnbe 00007F47CCE37F35h |
| add eax, 20h |
| movzx ecx, byte ptr [edx] |
| lea edi, dword ptr [ecx-41h] |
| inc edx |
| cmp edi, 19h |
| jnbe 00007F47CCE37F35h |
| add ecx, 20h |
| test eax, eax |
| je 00007F47CCE37F36h |
| cmp eax, ecx |
| je 00007F47CCE37F0Ch |
| pop edi |
| sub eax, ecx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x726fc | 0x28 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x83000 | 0x1b4 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x84000 | 0x8a50 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x5d370 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x68900 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x5d000 | 0x14c | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5b93a | 0x5ba00 | 50e8a179d1e63220a19ce9b15e89db9b | False | 0.47480388813096863 | data | 6.688292002187406 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x5d000 | 0x15e7e | 0x16000 | 03401a72f28ab6174e6c44ca51e0ad53 | False | 0.35771040482954547 | data | 5.166079207834812 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x73000 | 0xf6e4 | 0xd800 | ce50be183a177ae2449abb9c50cbb746 | False | 0.06718388310185185 | data | 1.4646929400389537 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x83000 | 0x1b4 | 0x200 | c1a699aa15354d6ed118ffeb9aec2718 | False | 0.486328125 | data | 5.107242909879373 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x84000 | 0x4e400 | 0x4e400 | 9c61ea802d930318809980bfdc121800 | False | 0.9231978833865815 | data | 7.9241746770983434 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_MANIFEST | 0x83058 | 0x15a | ASCII text, with CRLF line terminators | English | United States | 0.5491329479768786 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetFileAttributesExA, CreateFileA, SetFilePointerEx, WriteFile, ReadFile, CloseHandle, WideCharToMultiByte, InterlockedIncrement, InterlockedDecrement, InterlockedExchange, MultiByteToWideChar, Sleep, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, GetLastError, HeapFree, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleHandleW, GetProcAddress, ExitProcess, GetCommandLineA, HeapAlloc, HeapReAlloc, GetTimeZoneInformation, GetSystemTimeAsFileTime, GetCPInfo, RtlUnwind, RaiseException, LCMapStringA, LCMapStringW, HeapCreate, VirtualFree, VirtualAlloc, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, GetModuleFileNameA, LoadLibraryA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetStringTypeA, GetStringTypeW, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, GetModuleHandleA, SetFilePointer, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, SetStdHandle |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-13T17:03:08.964479+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49730 | 89.169.54.153 | 443 | TCP |
| 2025-04-13T17:03:30.611373+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49721 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:33.177726+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49723 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:34.437276+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49724 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:35.957124+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49725 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:40.731669+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49726 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:41.664933+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49727 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:42.859474+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49728 | 172.67.157.7 | 443 | TCP |
| 2025-04-13T17:03:44.915880+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.4 | 49729 | 172.67.157.7 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 13, 2025 17:03:30.343193054 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.343282938 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:30.343380928 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.372432947 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.372457027 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:30.611303091 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:30.611372948 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.614486933 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.614497900 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:30.614737988 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:30.744082928 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.762506962 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.762722015 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:30.762737989 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338238001 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338273048 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338294029 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338314056 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338350058 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338357925 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.338367939 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338378906 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338413000 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.338538885 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338553905 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338584900 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.338594913 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338645935 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.338937998 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.338974953 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.339035034 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.339039087 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.480181932 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.490240097 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490425110 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490506887 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.490537882 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490638018 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490701914 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.490715027 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490788937 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490844011 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490921974 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.490935087 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.490988016 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.491084099 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.491203070 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.491259098 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.491271019 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.491338968 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.491398096 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.491408110 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492134094 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492188931 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.492199898 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492295980 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492371082 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492438078 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492438078 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.492463112 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492492914 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.492666006 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.492729902 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.517959118 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.518032074 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:31.518095016 CEST | 49721 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:31.518114090 CEST | 443 | 49721 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:32.952608109 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:32.952708960 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:32.952863932 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:32.953234911 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:32.953269005 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.177627087 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.177726030 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.179099083 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.179131031 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.179397106 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.181118011 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.181323051 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.181358099 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.181407928 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.181421995 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.869702101 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.869843006 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:33.870012045 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:33.870012045 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.183296919 CEST | 49723 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.183347940 CEST | 443 | 49723 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.212822914 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.212902069 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.212997913 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.213429928 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.213462114 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.437181950 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.437275887 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.438853025 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.438877106 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.439277887 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:34.440691948 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.440802097 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:34.440828085 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.008862972 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.009000063 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.009191990 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.009337902 CEST | 49724 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.009357929 CEST | 443 | 49724 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.719892979 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.719959974 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.720536947 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.720980883 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.721002102 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.957047939 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.957123995 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.958550930 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.958568096 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.958884954 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.960279942 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.960448027 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.960472107 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:35.960527897 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:35.960541964 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:36.629235983 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:36.629597902 CEST | 443 | 49725 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:36.629628897 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:36.629668951 CEST | 49725 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.493731022 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.493839025 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:40.493935108 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.494496107 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.494524956 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:40.731571913 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:40.731668949 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.733583927 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.733598948 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:40.733932972 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:40.736607075 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.736802101 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:40.736834049 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.169491053 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.169616938 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.169701099 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.169862986 CEST | 49726 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.169882059 CEST | 443 | 49726 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.427175045 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.427227974 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.427320004 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.427709103 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.427722931 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.664828062 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.664932966 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.666490078 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.666501999 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.666728973 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:41.668138981 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.668283939 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:41.668319941 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.101490021 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.101603031 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.101826906 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.101886988 CEST | 49727 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.101903915 CEST | 443 | 49727 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.623590946 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.623689890 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.623789072 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.624289989 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.624314070 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.859381914 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.859473944 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.860827923 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.860836983 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.861160040 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.862328053 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.862992048 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863013029 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.863130093 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863154888 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.863281012 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863363028 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.863486052 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863508940 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.863652945 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863689899 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.863842964 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863868952 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.863924980 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.864135027 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.864166975 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.904280901 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.904470921 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.904524088 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.904537916 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.948270082 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.948626995 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.948728085 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:42.992263079 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:42.992490053 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:43.036302090 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:43.090136051 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:43.090260029 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:43.090374947 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:43.090537071 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:43.206424952 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.662321091 CEST | 443 | 49728 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.662631035 CEST | 49728 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.691868067 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.691925049 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.692015886 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.692339897 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.692356110 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.915796041 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.915879965 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.917160034 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.917180061 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.917421103 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:44.919102907 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.919138908 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:44.919188023 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.495304108 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.495388985 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.495502949 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:45.496047020 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:45.496064901 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.496098042 CEST | 49729 | 443 | 192.168.2.4 | 172.67.157.7 |
| Apr 13, 2025 17:03:45.496104002 CEST | 443 | 49729 | 172.67.157.7 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.677043915 CEST | 49730 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.677143097 CEST | 443 | 49730 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.677248001 CEST | 49730 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.677733898 CEST | 49730 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.677773952 CEST | 443 | 49730 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.890578032 CEST | 443 | 49730 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.891380072 CEST | 49731 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.891442060 CEST | 443 | 49731 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.891527891 CEST | 49731 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.892034054 CEST | 49731 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:45.892049074 CEST | 443 | 49731 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:46.117130995 CEST | 443 | 49731 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:46.117681026 CEST | 49732 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:46.117737055 CEST | 443 | 49732 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:46.117820978 CEST | 49732 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:46.118755102 CEST | 49732 | 443 | 192.168.2.4 | 89.169.54.153 |
| Apr 13, 2025 17:03:46.118817091 CEST | 443 | 49732 | 89.169.54.153 | 192.168.2.4 |
| Apr 13, 2025 17:03:46.118875980 CEST | 49732 | 443 | 192.168.2.4 | 89.169.54.153 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 13, 2025 17:03:30.162303925 CEST | 64061 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 13, 2025 17:03:30.323297024 CEST | 53 | 64061 | 1.1.1.1 | 192.168.2.4 |
| Apr 13, 2025 17:03:45.499922037 CEST | 60477 | 53 | 192.168.2.4 | 1.1.1.1 |
| Apr 13, 2025 17:03:45.675865889 CEST | 53 | 60477 | 1.1.1.1 | 192.168.2.4 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 13, 2025 17:03:30.162303925 CEST | 192.168.2.4 | 1.1.1.1 | 0xd7ff | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 13, 2025 17:03:45.499922037 CEST | 192.168.2.4 | 1.1.1.1 | 0xbe26 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 13, 2025 17:03:30.323297024 CEST | 1.1.1.1 | 192.168.2.4 | 0xd7ff | No error (0) | 172.67.157.7 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:03:30.323297024 CEST | 1.1.1.1 | 192.168.2.4 | 0xd7ff | No error (0) | 104.21.42.51 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:03:45.675865889 CEST | 1.1.1.1 | 192.168.2.4 | 0xbe26 | No error (0) | 89.169.54.153 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.4 | 49721 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:30 UTC | 268 | OUT | |
| 2025-04-13 15:03:30 UTC | 79 | OUT | |
| 2025-04-13 15:03:31 UTC | 798 | IN | |
| 2025-04-13 15:03:31 UTC | 571 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 1369 | IN | |
| 2025-04-13 15:03:31 UTC | 765 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.4 | 49723 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:33 UTC | 284 | OUT | |
| 2025-04-13 15:03:33 UTC | 15331 | OUT | |
| 2025-04-13 15:03:33 UTC | 4276 | OUT | |
| 2025-04-13 15:03:33 UTC | 814 | IN | |
| 2025-04-13 15:03:33 UTC | 76 | IN | |
| 2025-04-13 15:03:33 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.4 | 49724 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:34 UTC | 284 | OUT | |
| 2025-04-13 15:03:34 UTC | 8769 | OUT | |
| 2025-04-13 15:03:35 UTC | 814 | IN | |
| 2025-04-13 15:03:35 UTC | 76 | IN | |
| 2025-04-13 15:03:35 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.4 | 49725 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:35 UTC | 279 | OUT | |
| 2025-04-13 15:03:35 UTC | 15331 | OUT | |
| 2025-04-13 15:03:35 UTC | 5061 | OUT | |
| 2025-04-13 15:03:36 UTC | 820 | IN | |
| 2025-04-13 15:03:36 UTC | 76 | IN | |
| 2025-04-13 15:03:36 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.4 | 49726 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:40 UTC | 275 | OUT | |
| 2025-04-13 15:03:40 UTC | 5412 | OUT | |
| 2025-04-13 15:03:41 UTC | 814 | IN | |
| 2025-04-13 15:03:41 UTC | 76 | IN | |
| 2025-04-13 15:03:41 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.4 | 49727 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:41 UTC | 286 | OUT | |
| 2025-04-13 15:03:41 UTC | 2390 | OUT | |
| 2025-04-13 15:03:42 UTC | 812 | IN | |
| 2025-04-13 15:03:42 UTC | 76 | IN | |
| 2025-04-13 15:03:42 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.4 | 49728 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:42 UTC | 278 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:42 UTC | 15331 | OUT | |
| 2025-04-13 15:03:44 UTC | 814 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.4 | 49729 | 172.67.157.7 | 443 | 6168 | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:03:44 UTC | 269 | OUT | |
| 2025-04-13 15:03:44 UTC | 117 | OUT | |
| 2025-04-13 15:03:45 UTC | 793 | IN | |
| 2025-04-13 15:03:45 UTC | 108 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 11:03:12 |
| Start date: | 13/04/2025 |
| Path: | C:\Users\user\Desktop\#Ud835#Udc12#Ud835#Udc04#Ud835#Udc13#Ud835#Udc14#Ud835#Udc0f_patched.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x840000 |
| File size: | 866'816 bytes |
| MD5 hash: | CB0642AC717F55A8AAC26B51FA96151D |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |