Edit tour
Windows
Analysis Report
setup_patched.exe
Overview
General Information
| Sample name: | setup_patched.exe |
| Analysis ID: | 1664110 |
| MD5: | 793e23c2663f78fe14e253cd2abe1753 |
| SHA1: | 5bccf1485595a3a2b028feeaf4d7b3ed52a1a9cc |
| SHA256: | 75ec6dfa7af5fad2a4c0180a4b9e754f42bb69bfa68fc51f4c18e63f37c13303 |
| Tags: | de-pumpedexeLummaStealeruser-aachum |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
- System is w10x64
setup_patched.exe (PID: 7448 cmdline: "C:\Users\ user\Deskt op\setup_p atched.exe " MD5: 793E23C2663F78FE14E253CD2ABE1753)
- cleanup
{"C2 url": ["bxattlepath.digital/ogda", "jawdedmirror.run/ewqd", "changeaie.top/geps", "lonfgshadow.live/xawi", "liftally.top/xasj", "nighetwhisper.top/lekd", "salaccgfa.top/gsooz", "zestmodp.top/zeda", "owlflright.digital/qopy"], "Build id": "637b55279021aab33278188cfa638397"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-13T17:10:06.778863+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49703 | 89.169.54.153 | 443 | TCP |
| 2025-04-13T17:10:30.132125+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49693 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:31.727826+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49696 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:33.341119+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49697 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:34.443812+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49698 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:37.528047+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49699 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:38.484166+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49700 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:39.621084+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49701 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:41.723058+0200 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49702 | 104.21.42.51 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Code function: | 0_3_0211BB24 | |
| Source: | Code function: | 0_3_0211C0A0 | |
| Source: | Code function: | 0_3_0211AC9E | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_004415D0 | |
| Source: | Code function: | 0_2_004495B6 | |
| Source: | Code function: | 0_3_02150380 | |
| Source: | Code function: | 0_3_0210F3BB | |
| Source: | Code function: | 0_3_0210DBA0 | |
| Source: | Code function: | 0_3_0214FBD0 | |
| Source: | Code function: | 0_3_02144860 | |
| Source: | Code function: | 0_3_02144860 | |
| Source: | Code function: | 0_3_021486F0 | |
| Source: | Code function: | 0_3_021486F0 | |
| Source: | Code function: | 0_3_0210B6E0 | |
| Source: | Code function: | 0_3_0214EFD0 | |
| Source: | Code function: | 0_3_02112CF1 | |
| Source: | Code function: | 0_3_0210B200 | |
| Source: | Code function: | 0_3_02131A09 | |
| Source: | Code function: | 0_3_02113246 | |
| Source: | Code function: | 0_3_02129260 | |
| Source: | Code function: | 0_3_02146260 | |
| Source: | Code function: | 0_3_02123A91 | |
| Source: | Code function: | 0_3_02113294 | |
| Source: | Code function: | 0_3_02113294 | |
| Source: | Code function: | 0_3_02112285 | |
| Source: | Code function: | 0_3_02112285 | |
| Source: | Code function: | 0_3_02112285 | |
| Source: | Code function: | 0_3_0212EA87 | |
| Source: | Code function: | 0_3_0210C340 | |
| Source: | Code function: | 0_3_02131B78 | |
| Source: | Code function: | 0_3_0211E7B7 | |
| Source: | Code function: | 0_3_02132389 | |
| Source: | Code function: | 0_3_021233E0 | |
| Source: | Code function: | 0_3_021233E0 | |
| Source: | Code function: | 0_3_0211F810 | |
| Source: | Code function: | 0_3_02127810 | |
| Source: | Code function: | 0_3_02111015 | |
| Source: | Code function: | 0_3_0210E89F | |
| Source: | Code function: | 0_3_0214F880 | |
| Source: | Code function: | 0_3_021128BD | |
| Source: | Code function: | 0_3_02134100 | |
| Source: | Code function: | 0_3_02119930 | |
| Source: | Code function: | 0_3_02145940 | |
| Source: | Code function: | 0_3_0214EE40 | |
| Source: | Code function: | 0_3_02101E70 | |
| Source: | Code function: | 0_3_02124680 | |
| Source: | Code function: | 0_3_0211E689 | |
| Source: | Code function: | 0_3_021086A0 | |
| Source: | Code function: | 0_3_021206A7 | |
| Source: | Code function: | 0_3_02109F10 | |
| Source: | Code function: | 0_3_02109F10 | |
| Source: | Code function: | 0_3_0214CF00 | |
| Source: | Code function: | 0_3_0212EF30 | |
| Source: | Code function: | 0_3_02124F80 | |
| Source: | Code function: | 0_3_0211E7B7 | |
| Source: | Code function: | 0_3_0210EFD7 | |
| Source: | Code function: | 0_3_0212EC04 | |
| Source: | Code function: | 0_3_0211DC6A | |
| Source: | Code function: | 0_3_0211DC6A | |
| Source: | Code function: | 0_3_0213353B | |
| Source: | Code function: | 0_3_0211F55C | |
| Source: | Code function: | 0_3_02148540 | |
| Source: | Code function: | 0_3_0210FD70 | |
| Source: | Code function: | 0_3_0210FD70 | |
| Source: | Code function: | 0_3_0214F570 | |
| Source: | Code function: | 0_3_02111574 | |
| Source: | Code function: | 0_3_0210D5B0 | |
Networking | |
|---|
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | IP Address: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_3_0213F0E0 | |
| Source: | Code function: | 0_3_0213F0E0 | |
| Source: | Code function: | 0_2_0040E150 | |
| Source: | Code function: | 0_2_004362E7 | |
| Source: | Code function: | 0_2_0042C885 | |
| Source: | Code function: | 0_2_00446DA3 | |
| Source: | Code function: | 0_2_00426E61 | |
| Source: | Code function: | 0_2_0044F2E0 | |
| Source: | Code function: | 0_3_008410E8 | |
| Source: | Code function: | 0_3_00840B72 | |
| Source: | Code function: | 0_3_00840CD8 | |
| Source: | Code function: | 0_3_0084066E | |
| Source: | Code function: | 0_3_02116AC0 | |
| Source: | Code function: | 0_3_0210DBA0 | |
| Source: | Code function: | 0_3_0214FBD0 | |
| Source: | Code function: | 0_3_02128870 | |
| Source: | Code function: | 0_3_02144860 | |
| Source: | Code function: | 0_3_0214F0E0 | |
| Source: | Code function: | 0_3_02121620 | |
| Source: | Code function: | 0_3_0210B6E0 | |
| Source: | Code function: | 0_3_021157F8 | |
| Source: | Code function: | 0_3_02144460 | |
| Source: | Code function: | 0_3_0212FD10 | |
| Source: | Code function: | 0_3_02143A30 | |
| Source: | Code function: | 0_3_0212AA38 | |
| Source: | Code function: | 0_3_02129260 | |
| Source: | Code function: | 0_3_02146260 | |
| Source: | Code function: | 0_3_02124A64 | |
| Source: | Code function: | 0_3_02125A80 | |
| Source: | Code function: | 0_3_021142A1 | |
| Source: | Code function: | 0_3_0212F2CB | |
| Source: | Code function: | 0_3_02103AF0 | |
| Source: | Code function: | 0_3_02114AF3 | |
| Source: | Code function: | 0_3_0211CAEF | |
| Source: | Code function: | 0_3_0214EB00 | |
| Source: | Code function: | 0_3_02110B58 | |
| Source: | Code function: | 0_3_0210C340 | |
| Source: | Code function: | 0_3_0211E7B7 | |
| Source: | Code function: | 0_3_02102390 | |
| Source: | Code function: | 0_3_02108BB0 | |
| Source: | Code function: | 0_3_0211F810 | |
| Source: | Code function: | 0_3_02127810 | |
| Source: | Code function: | 0_3_02113870 | |
| Source: | Code function: | 0_3_02138870 | |
| Source: | Code function: | 0_3_0212086B | |
| Source: | Code function: | 0_3_02129890 | |
| Source: | Code function: | 0_3_0214F880 | |
| Source: | Code function: | 0_3_021160BE | |
| Source: | Code function: | 0_3_0213F0E0 | |
| Source: | Code function: | 0_3_0210A910 | |
| Source: | Code function: | 0_3_02111110 | |
| Source: | Code function: | 0_3_02109130 | |
| Source: | Code function: | 0_3_02119930 | |
| Source: | Code function: | 0_3_02103150 | |
| Source: | Code function: | 0_3_0211F95A | |
| Source: | Code function: | 0_3_02145940 | |
| Source: | Code function: | 0_3_0213E970 | |
| Source: | Code function: | 0_3_02120180 | |
| Source: | Code function: | 0_3_021079C0 | |
| Source: | Code function: | 0_3_021086A0 | |
| Source: | Code function: | 0_3_02109F10 | |
| Source: | Code function: | 0_3_0214CF00 | |
| Source: | Code function: | 0_3_02124F80 | |
| Source: | Code function: | 0_3_0211E7B7 | |
| Source: | Code function: | 0_3_02145FF0 | |
| Source: | Code function: | 0_3_0212EC04 | |
| Source: | Code function: | 0_3_0212140D | |
| Source: | Code function: | 0_3_0211DC6A | |
| Source: | Code function: | 0_3_02143C90 | |
| Source: | Code function: | 0_3_02127506 | |
| Source: | Code function: | 0_3_0213353B | |
| Source: | Code function: | 0_3_0210FD70 | |
| Source: | Code function: | 0_3_0214F570 | |
| Source: | Code function: | 0_3_0211C56A | |
| Source: | Code function: | 0_3_0210D5B0 | |
| Source: | Code function: | 0_3_021165F2 | |
| Source: | Code function: | 0_2_004524E1 | |
| Source: | Code function: | 0_2_0045204B | |
| Source: | Code function: | 0_2_004641BB | |
| Source: | Code function: | 0_2_0046C2F8 | |
| Source: | Code function: | 0_2_0041E310 | |
| Source: | Code function: | 0_2_00476413 | |
| Source: | Code function: | 0_2_004564B4 | |
| Source: | Code function: | 0_2_004525FE | |
| Source: | Code function: | 0_2_004526DE | |
| Source: | Code function: | 0_2_0042E687 | |
| Source: | Code function: | 0_2_004527C2 | |
| Source: | Code function: | 0_2_0047A7E6 | |
| Source: | Code function: | 0_2_00456888 | |
| Source: | Code function: | 0_2_00476955 | |
| Source: | Code function: | 0_2_00462932 | |
| Source: | Code function: | 0_2_00474933 | |
| Source: | Code function: | 0_2_00466A57 | |
| Source: | Code function: | 0_2_0041EA00 | |
| Source: | Code function: | 0_2_00456C94 | |
| Source: | Code function: | 0_2_0041ED70 | |
| Source: | Code function: | 0_2_00476FB4 | |
| Source: | Code function: | 0_2_004570B4 | |
| Source: | Code function: | 0_2_0047126A | |
| Source: | Code function: | 0_2_00477228 | |
| Source: | Code function: | 0_2_0046344A | |
| Source: | Code function: | 0_2_00477531 | |
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_3_02144860 | |
| Source: | Code function: | 0_2_0044C0D9 | |
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 0_2_0040E260 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_3_0212B5DD | |
| Source: | Code function: | 0_2_00454214 | |
| Source: | Code function: | 0_2_004402AB | |
| Source: | Code function: | 0_2_00446E65 | |
| Source: | Code function: | 0_2_00429582 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | API coverage: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Code function: | 0_2_004415D0 | |
| Source: | Code function: | 0_2_004495B6 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 0_3_0214B2D0 | |
| Source: | Code function: | 0_2_00452D96 | |
| Source: | Code function: | 0_2_0040E260 | |
| Source: | Code function: | 0_2_0045EABA | |
| Source: | Code function: | 0_2_0045858A | |
| Source: | Code function: | 0_2_00452D96 | |
| Source: | Code function: | 0_2_00464F49 | |
| Source: | Code function: | 0_2_00451199 | |
| Source: | Code function: | 0_2_0046E51E | |
| Source: | Code function: | 0_2_00472154 | |
| Source: | Code function: | 0_2_00472215 | |
| Source: | Code function: | 0_2_0047223F | |
| Source: | Code function: | 0_2_004722E0 | |
| Source: | Code function: | 0_2_0047029E | |
| Source: | Code function: | 0_2_004722A4 | |
| Source: | Code function: | 0_2_00470522 | |
| Source: | Code function: | 0_2_0045E53D | |
| Source: | Code function: | 0_2_004707E6 | |
| Source: | Code function: | 0_2_0046EB95 | |
| Source: | Code function: | 0_2_0046ECD0 | |
| Source: | Code function: | 0_2_0046ED0B | |
| Source: | Code function: | 0_2_0046EE48 | |
| Source: | Code function: | 0_2_0040CFC0 | |
| Source: | Code function: | 0_2_0047D202 | |
| Source: | Code function: | 0_2_004795D8 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00420C40 | |
| Source: | Code function: | 0_2_00450ABA | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_00423086 | |
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | 2 OS Credential Dumping | 1 System Time Discovery | Remote Services | 21 Input Capture | 21 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Deobfuscate/Decode Files or Information | 21 Input Capture | 241 Security Software Discovery | Remote Desktop Protocol | 1 Archive Collected Data | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 3 Obfuscated Files or Information | Security Account Manager | 21 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 31 Data from Local System | 113 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | 2 Clipboard Data | Protocol Impersonation | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | Steganography | Cached Domain Credentials | 11 File and Directory Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | Compile After Delivery | DCSync | 44 System Information Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 7% | Virustotal | Browse | ||
| 17% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 100% | Avira URL Cloud | malware | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bxattlepath.digital | 104.21.42.51 | true | true | unknown | |
| bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high | |
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | 217.20.48.37 | true | false | high | |
| h1.mockupeastcoast.shop | 89.169.54.153 | true | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false |
| unknown | |
| false | high | ||
| true |
| unknown | |
| false | high | ||
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 89.169.54.153 | h1.mockupeastcoast.shop | Russian Federation | 31514 | INF-NET-ASRU | false | |
| 104.21.42.51 | bxattlepath.digital | United States | 13335 | CLOUDFLARENETUS | true |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1664110 |
| Start date and time: | 2025-04-13 17:09:16 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 22s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 4 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | setup_patched.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/0@2/2 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
- Excluded IPs from analysis (whitelisted): 23.76.34.6, 20.12.23.50, 2.23.227.208, 150.171.27.254
- Excluded domains from analysis (whitelisted): www.bing.com, c2a9c95e369881c67228a6591cac2686.clo.footprintdns.com, ax-ring.msedge.net, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, c.pki.goog, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 11:10:30 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 89.169.54.153 | Get hash | malicious | LummaC Stealer | Browse | ||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com | Get hash | malicious | Koadic | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| bg.microsoft.map.fastly.net | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Quasar, StormKitty | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool, XWorm | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | DCRat | Browse |
| ||
| Get hash | malicious | GhostRat | Browse |
| ||
| Get hash | malicious | DcRat | Browse |
| ||
| Get hash | malicious | ScreenConnect Tool | Browse |
| ||
| h1.mockupeastcoast.shop | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| bxattlepath.digital | Get hash | malicious | LummaC Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| INF-NET-ASRU | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Mirai | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Cobalt Strike, MSIL Logger, MassLogger RAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | GO Backdoor, LummaC Stealer | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 6.991985498241126 |
| TrID: |
|
| File name: | setup_patched.exe |
| File size: | 1'085'440 bytes |
| MD5: | 793e23c2663f78fe14e253cd2abe1753 |
| SHA1: | 5bccf1485595a3a2b028feeaf4d7b3ed52a1a9cc |
| SHA256: | 75ec6dfa7af5fad2a4c0180a4b9e754f42bb69bfa68fc51f4c18e63f37c13303 |
| SHA512: | e7f129fd7e71cfc71e1f1b4c0fa1dc49ab55f77dad64563112bc5d4d6829f0017ca005e673203a4e3229292f559fafb175e4944c85c9e20b475fdb99bae29498 |
| SSDEEP: | 24576:qRkVCc31aG7eoQ2Ap4Ap4Ap8zoqjzP3UXqnv35fxnFL+976:cBc31NC4Ap4Ap4Ap8zoczkXuTF |
| TLSH: | A935AE21B3C18076E5B3023349E986B966B5FC215BB409C733C97BBE2E396D14B3535A |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Jo.......................v.......v..............).......).......).......).......).......Rich............................PE..L.. |
 | |
| Icon Hash: | 0e23911f0ee7acb4 |
| Entrypoint: | 0x450c99 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | |
| Time Stamp: | 0x4F2AB546 [Thu Feb 2 16:09:42 2012 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | cb21450a308d7ec50a220da90ad48c3d |
| Instruction |
|---|
| call 00007F387C8F06A1h |
| jmp 00007F387C8E787Ch |
| push esi |
| xor esi, esi |
| cmp dword ptr [esp+08h], esi |
| jne 00007F387C8E7A86h |
| call 00007F387C8EB319h |
| mov dword ptr [eax], esi |
| call 00007F387C8EB2FFh |
| push esi |
| push esi |
| push esi |
| push esi |
| push esi |
| mov dword ptr [eax], 00000016h |
| call 00007F387C8E9C67h |
| add esp, 14h |
| push 00000016h |
| pop eax |
| pop esi |
| ret |
| test dword ptr [esp+0Ch], FFFFFFF9h |
| jne 00007F387C8E7A34h |
| push dword ptr [esp+08h] |
| call dword ptr [004831C8h] |
| cmp eax, FFFFFFFFh |
| jne 00007F387C8E7A78h |
| call dword ptr [004833F4h] |
| push eax |
| call 00007F387C8EB2E8h |
| pop ecx |
| call 00007F387C8EB2BCh |
| mov eax, dword ptr [eax] |
| pop esi |
| ret |
| test al, 10h |
| jne 00007F387C8E7A85h |
| test al, 01h |
| je 00007F387C8E7A81h |
| test byte ptr [esp+0Ch], 00000002h |
| je 00007F387C8E7A7Ah |
| call 00007F387C8EB2B7h |
| mov dword ptr [eax], 00000005h |
| call 00007F387C8EB299h |
| mov dword ptr [eax], 0000000Dh |
| jmp 00007F387C8E7A32h |
| xor eax, eax |
| pop esi |
| ret |
| push dword ptr [esp+08h] |
| push dword ptr [esp+08h] |
| call 00007F387C8E79D1h |
| pop ecx |
| neg eax |
| pop ecx |
| sbb eax, eax |
| ret |
| push ebp |
| mov ebp, esp |
| push ecx |
| push ebx |
| mov eax, dword ptr [ebp+0Ch] |
| add eax, 0Ch |
| mov dword ptr [ebp-04h], eax |
| mov ebx, dword ptr fs:[00000000h] |
| mov eax, dword ptr [ebx] |
| mov dword ptr fs:[00000000h], eax |
| mov eax, dword ptr [ebp+08h] |
| mov ebx, dword ptr [ebp+0Ch] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x9ae54 | 0xf0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xa5000 | 0x62000 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x83940 | 0x1c | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x91fc0 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x83000 | 0x880 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x9ada4 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x81281 | 0x82000 | 9f0420a71425f6d8384e8773a1e03e53 | False | 0.5044565054086538 | data | 6.555565038681675 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x83000 | 0x1a994 | 0x1b000 | bab9634b75b40f8da8e4d749d4fb62a7 | False | 0.3189380787037037 | OpenPGP Secret Key | 5.109872734060431 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9e000 | 0x69f8 | 0x3000 | 4c3bc0d2d682f535c015ff44f501a911 | False | 0.2682291666666667 | data | 3.9035875057992815 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0xa5000 | 0x62000 | 0x62000 | 7b1d1f59ee927271d842d55356df4c82 | False | 0.7415298150510204 | data | 7.459559564056852 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_CURSOR | 0xa62a4 | 0x134 | Targa image data - RGB 64 x 65536 x 1 +32 "\001" | English | United States | 0.4805194805194805 |
| RT_CURSOR | 0xa63d8 | 0xb4 | Targa image data - Map 32 x 65536 x 1 +16 "\001" | English | United States | 0.7 |
| RT_CURSOR | 0xa648c | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.36363636363636365 |
| RT_CURSOR | 0xa65c0 | 0x134 | Targa image data - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.35714285714285715 |
| RT_CURSOR | 0xa66f4 | 0x134 | data | English | United States | 0.37337662337662336 |
| RT_CURSOR | 0xa6828 | 0x134 | data | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0xa695c | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0xa6a90 | 0x134 | Targa image data 64 x 65536 x 1 +32 "\001" | English | United States | 0.37662337662337664 |
| RT_CURSOR | 0xa6bc4 | 0x134 | Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.36688311688311687 |
| RT_CURSOR | 0xa6cf8 | 0x134 | Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001" | English | United States | 0.38636363636363635 |
| RT_CURSOR | 0xa6e2c | 0x134 | data | English | United States | 0.44155844155844154 |
| RT_CURSOR | 0xa6f60 | 0x134 | data | English | United States | 0.4155844155844156 |
| RT_CURSOR | 0xa7094 | 0x134 | AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rd | English | United States | 0.5422077922077922 |
| RT_CURSOR | 0xa71c8 | 0x134 | data | English | United States | 0.2662337662337662 |
| RT_CURSOR | 0xa72fc | 0x134 | data | English | United States | 0.2824675324675325 |
| RT_CURSOR | 0xa7430 | 0x134 | data | English | United States | 0.3246753246753247 |
| RT_BITMAP | 0xa7564 | 0x728 | Device independent bitmap graphic, 48 x 16 x 8, image size 768 | German | Germany | 0.3558951965065502 |
| RT_BITMAP | 0xa7c8c | 0x728 | Device independent bitmap graphic, 48 x 16 x 8, image size 768 | English | United States | 0.3558951965065502 |
| RT_BITMAP | 0xa83b4 | 0x728 | Device independent bitmap graphic, 48 x 16 x 8, image size 768 | French | France | 0.3558951965065502 |
| RT_BITMAP | 0xa8adc | 0xb8 | Device independent bitmap graphic, 12 x 10 x 4, image size 80 | English | United States | 0.44565217391304346 |
| RT_BITMAP | 0xa8b94 | 0x144 | Device independent bitmap graphic, 33 x 11 x 4, image size 220 | English | United States | 0.37962962962962965 |
| RT_ICON | 0xa8cd8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | English | United States | 0.5932080924855492 |
| RT_ICON | 0xa9240 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.6223404255319149 |
| RT_ICON | 0xa96a8 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 672 | English | United States | 0.7932027649769585 |
| RT_ICON | 0xa9d70 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.5766393442622951 |
| RT_ICON | 0xaa6f8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | English | United States | 0.7436823104693141 |
| RT_ICON | 0xaafa0 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.5408067542213884 |
| RT_ICON | 0xac048 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | English | United States | 0.597547974413646 |
| RT_ICON | 0xacef0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.43143153526970957 |
| RT_ICON | 0xaf498 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | German | Germany | 0.5932080924855492 |
| RT_ICON | 0xafa00 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | German | Germany | 0.6223404255319149 |
| RT_ICON | 0xafe68 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 672 | German | Germany | 0.7932027649769585 |
| RT_ICON | 0xb0530 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | German | Germany | 0.5766393442622951 |
| RT_ICON | 0xb0eb8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | German | Germany | 0.7436823104693141 |
| RT_ICON | 0xb1760 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | German | Germany | 0.5408067542213884 |
| RT_ICON | 0xb2808 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | German | Germany | 0.597547974413646 |
| RT_ICON | 0xb36b0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | German | Germany | 0.43143153526970957 |
| RT_ICON | 0xb5c58 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 320 | French | France | 0.5932080924855492 |
| RT_ICON | 0xb61c0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | French | France | 0.6223404255319149 |
| RT_ICON | 0xb6628 | 0x6c8 | Device independent bitmap graphic, 24 x 48 x 8, image size 672 | French | France | 0.7932027649769585 |
| RT_ICON | 0xb6cf0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | French | France | 0.5766393442622951 |
| RT_ICON | 0xb7678 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1152 | French | France | 0.7436823104693141 |
| RT_ICON | 0xb7f20 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | French | France | 0.5408067542213884 |
| RT_ICON | 0xb8fc8 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2688 | French | France | 0.597547974413646 |
| RT_ICON | 0xb9e70 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | French | France | 0.43143153526970957 |
| RT_DIALOG | 0xbc418 | 0x184 | data | German | Germany | 0.5412371134020618 |
| RT_DIALOG | 0xbc59c | 0x184 | data | English | United States | 0.5412371134020618 |
| RT_DIALOG | 0xbc720 | 0x190 | data | French | France | 0.555 |
| RT_DIALOG | 0xbc8b0 | 0x716 | data | German | Germany | 0.3869900771775083 |
| RT_DIALOG | 0xbcfc8 | 0x6ce | data | English | United States | 0.37370838117106775 |
| RT_DIALOG | 0xbd698 | 0x758 | data | French | France | 0.3638297872340426 |
| RT_DIALOG | 0xbddf0 | 0x256 | data | German | Germany | 0.5301003344481605 |
| RT_DIALOG | 0xbe048 | 0x232 | data | English | United States | 0.5231316725978647 |
| RT_DIALOG | 0xbe27c | 0x260 | data | French | France | 0.5115131578947368 |
| RT_DIALOG | 0xbe4dc | 0xe8 | data | English | United States | 0.6336206896551724 |
| RT_DIALOG | 0xbe5c4 | 0x34 | data | English | United States | 0.9038461538461539 |
| RT_STRING | 0xbe5f8 | 0x1f2 | data | German | Germany | 0.5120481927710844 |
| RT_STRING | 0xbe7ec | 0x1e8 | data | English | United States | 0.5307377049180327 |
| RT_STRING | 0xbe9d4 | 0x248 | data | French | France | 0.5068493150684932 |
| RT_STRING | 0xbec1c | 0x4e | data | German | Germany | 0.6282051282051282 |
| RT_STRING | 0xbec6c | 0x4c | data | English | United States | 0.6710526315789473 |
| RT_STRING | 0xbecb8 | 0x54 | data | French | France | 0.6428571428571429 |
| RT_STRING | 0xbed0c | 0x7e | data | German | Germany | 0.6507936507936508 |
| RT_STRING | 0xbed8c | 0x6c | data | English | United States | 0.6666666666666666 |
| RT_STRING | 0xbedf8 | 0x7c | data | French | France | 0.6129032258064516 |
| RT_STRING | 0xbee74 | 0x266 | data | German | Germany | 0.4185667752442997 |
| RT_STRING | 0xbf0dc | 0x1f8 | data | English | United States | 0.42063492063492064 |
| RT_STRING | 0xbf2d4 | 0x2f0 | data | French | France | 0.3670212765957447 |
| RT_STRING | 0xbf5c4 | 0x82 | StarOffice Gallery theme p, 536899072 objects, 1st n | English | United States | 0.7153846153846154 |
| RT_STRING | 0xbf648 | 0x2a | data | English | United States | 0.5476190476190477 |
| RT_STRING | 0xbf674 | 0x192 | data | English | United States | 0.48009950248756217 |
| RT_STRING | 0xbf808 | 0x4e2 | data | English | United States | 0.376 |
| RT_STRING | 0xbfcec | 0x31a | data | English | United States | 0.2682619647355164 |
| RT_STRING | 0xc0008 | 0x2dc | data | English | United States | 0.36885245901639346 |
| RT_STRING | 0xc02e4 | 0x8a | data | English | United States | 0.6594202898550725 |
| RT_STRING | 0xc0370 | 0xac | data | English | United States | 0.45348837209302323 |
| RT_STRING | 0xc041c | 0xde | data | English | United States | 0.536036036036036 |
| RT_STRING | 0xc04fc | 0x4c4 | data | English | United States | 0.3221311475409836 |
| RT_STRING | 0xc09c0 | 0x264 | data | English | United States | 0.3741830065359477 |
| RT_STRING | 0xc0c24 | 0x2c | data | English | United States | 0.5227272727272727 |
| RT_STRING | 0xc0c50 | 0x42 | data | English | United States | 0.6060606060606061 |
| RT_GROUP_CURSOR | 0xc0c94 | 0x22 | Lotus unknown worksheet or configuration, revision 0x2 | English | United States | 1.0294117647058822 |
| RT_GROUP_CURSOR | 0xc0cb8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0ccc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0ce0 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0cf4 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d08 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d1c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d30 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d44 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d58 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d6c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d80 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0d94 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0da8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_CURSOR | 0xc0dbc | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States | 1.3 |
| RT_GROUP_ICON | 0xc0dd0 | 0x76 | data | German | Germany | 0.6779661016949152 |
| RT_GROUP_ICON | 0xc0e48 | 0x76 | data | English | United States | 0.652542372881356 |
| RT_GROUP_ICON | 0xc0ec0 | 0x76 | data | French | France | 0.6779661016949152 |
| RT_VERSION | 0xc0f38 | 0x24c | data | English | United States | 0.5204081632653061 |
| RT_MANIFEST | 0xc1184 | 0x299 | XML 1.0 document, ASCII text, with CRLF line terminators | German | Germany | 0.47368421052631576 |
| RT_MANIFEST | 0xc1420 | 0x299 | XML 1.0 document, ASCII text, with CRLF line terminators | English | United States | 0.47368421052631576 |
| RT_MANIFEST | 0xc16bc | 0x299 | XML 1.0 document, ASCII text, with CRLF line terminators | French | France | 0.47368421052631576 |
| RT_MANIFEST | 0xc1958 | 0x56 | ASCII text, with CRLF line terminators | English | United States | 1.0232558139534884 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetErrorMode, GetVersionExW, FileTimeToLocalFileTime, LocalFileTimeToFileTime, SetFileTime, SetFileAttributesW, GetFileAttributesW, GetFileTime, HeapFree, HeapAlloc, GetProcessHeap, GetStartupInfoW, RtlUnwind, ExitProcess, RaiseException, DebugBreak, IsDebuggerPresent, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, HeapReAlloc, ExitThread, CreateThread, HeapSize, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCommandLineW, SetHandleCount, GetStartupInfoA, GetShortPathNameW, HeapCreate, VirtualFree, QueryPerformanceCounter, GetTickCount, GetSystemTimeAsFileTime, FatalAppExitA, SetConsoleCtrlHandler, Sleep, VirtualQuery, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetTimeZoneInformation, VirtualAlloc, GetConsoleCP, GetConsoleMode, GetLocaleInfoA, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEnvironmentVariableA, GetFullPathNameW, GetVolumeInformationW, FindFirstFileW, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, lstrcmpiW, GetStringTypeExW, MoveFileW, GlobalFlags, GetCurrentDirectoryW, WritePrivateProfileStringW, GetPrivateProfileIntW, GetThreadLocale, lstrlenA, GetAtomNameW, GlobalGetAtomNameW, InterlockedIncrement, TlsFree, DeleteCriticalSection, LocalReAlloc, TlsSetValue, TlsAlloc, InitializeCriticalSection, GlobalHandle, GlobalReAlloc, EnterCriticalSection, TlsGetValue, LeaveCriticalSection, LocalAlloc, InterlockedDecrement, GetModuleHandleA, GlobalFindAtomW, CompareStringW, GetVersionExA, FreeResource, GetCurrentProcessId, GlobalAddAtomW, CreateEventW, SuspendThread, SetEvent, WaitForSingleObject, ResumeThread, SetThreadPriority, GlobalDeleteAtom, GetCurrentThread, GetCurrentThreadId, ConvertDefaultLocale, GetVersion, EnumResourceLanguagesW, lstrcmpA, LoadLibraryExW, CompareStringA, InterlockedExchange, lstrcmpW, GlobalFree, GlobalSize, GlobalAlloc, GlobalLock, GlobalUnlock, FormatMessageW, LocalFree, GetLocalTime, SystemTimeToFileTime, UnmapViewOfFile, GetCurrentProcess, DuplicateHandle, CreateFileMappingW, MapViewOfFile, GetFileType, GetFileInformationByHandle, SetFilePointer, FileTimeToDosDateTime, FileTimeToSystemTime, WinExec, GetLastError, SetLastError, WriteFile, WideCharToMultiByte, LoadLibraryA, lstrlenW, lstrcpynW, lstrcpyW, GetLocaleInfoW, GetNumberFormatW, MulDiv, MultiByteToWideChar, GetWindowsDirectoryW, DeleteFileW, GetPrivateProfileStringW, GetModuleHandleW, LoadLibraryW, GetProcAddress, GetTempPathW, FreeLibrary, CreateFileW, GetFileSize, ReadFile, CloseHandle, GetModuleFileNameW, LoadResource, LockResource, SizeofResource, FindResourceW, HeapDestroy, CopyFileW |
| USER32.dll | SetRectEmpty, CreatePopupMenu, InsertMenuItemW, LoadAcceleratorsW, LoadMenuW, ReuseDDElParam, UnpackDDElParam, IsRectEmpty, GetSystemMenu, SetParent, UnionRect, SetRect, GetDCEx, EndPaint, BeginPaint, GetWindowDC, ClientToScreen, ScrollWindowEx, ShowWindow, MoveWindow, SetWindowTextW, IsDialogMessageW, IsDlgButtonChecked, SetDlgItemTextW, SetDlgItemInt, GetDlgItemTextW, GetDlgItemInt, CheckRadioButton, CheckDlgButton, SendDlgItemMessageW, SendDlgItemMessageA, WinHelpW, IsChild, GetCapture, GetClassLongW, GetClassNameW, SetPropW, GetPropW, RemovePropW, GetWindowTextLengthW, GetWindowTextW, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, MapWindowPoints, ScrollWindow, TrackPopupMenuEx, TrackPopupMenu, SetScrollRange, GetScrollRange, SetScrollPos, GetScrollPos, SetForegroundWindow, ShowScrollBar, GetMenu, CreateWindowExW, GetClassInfoExW, GetClassInfoW, BringWindowToTop, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetScrollInfo, SetScrollInfo, CopyRect, SetWindowPlacement, GetDlgCtrlID, DefWindowProcW, CallWindowProcW, SetWindowPos, OffsetRect, IntersectRect, SystemParametersInfoA, IsIconic, GetWindowPlacement, GetDesktopWindow, CreateDialogIndirectParamW, DestroyWindow, GetDlgItem, GetNextDlgTabItem, EndDialog, GetWindowThreadProcessId, GetWindowLongW, GetLastActivePopup, IsWindowEnabled, MessageBoxW, ShowOwnedPopups, SetWindowsHookExW, CallNextHookEx, GetMessageW, TranslateMessage, DispatchMessageW, GetActiveWindow, IsWindowVisible, GetKeyState, PeekMessageW, GetCursorPos, ValidateRect, SetMenuItemBitmaps, GetMenuCheckMarkDimensions, LoadBitmapW, ModifyMenuW, EnableMenuItem, CheckMenuItem, PostMessageW, PostQuitMessage, GetMenuState, GetMenuStringW, AppendMenuW, GetMenuItemID, InsertMenuW, GetMenuItemCount, GetSubMenu, RemoveMenu, UpdateWindow, DrawEdge, GetFocus, RegisterWindowMessageW, GetParent, KillTimer, ReleaseDC, GetDC, SetMenu, TranslateAcceleratorW, UnregisterClassW, SystemParametersInfoW, DestroyMenu, GetMenuItemInfoW, GetDialogBaseUnits, CharUpperW, DestroyIcon, WaitMessage, DeleteMenu, GetSysColorBrush, WindowFromPoint, MapVirtualKeyW, RegisterClassW, GetKeyNameTextW, IsWindow, MessageBeep, SetWindowLongW, InvalidateRect, GrayStringW, DrawTextExW, DrawTextW, TabbedTextOutW, InflateRect, RedrawWindow, GetClientRect, DrawIcon, FillRect, GetSystemMetrics, GetSysColor, SetCapture, SetFocus, ReleaseCapture, SetActiveWindow, GetAsyncKeyState, wsprintfW, LoadIconW, SetTimer, ScreenToClient, PtInRect, LoadCursorW, CopyIcon, GetMessagePos, SetCursor, DestroyCursor, EnableWindow, LockWindowUpdate, GetWindowRect, SendMessageW, GetWindow, UnregisterClassA |
| GDI32.dll | ScaleViewportExtEx, SetWindowOrgEx, OffsetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, GetCurrentPositionEx, ArcTo, MoveToEx, PolyDraw, PolylineTo, PolyBezierTo, ExtSelectClipRgn, CreateDIBPatternBrushPt, CreatePatternBrush, SelectPalette, PlayMetaFileRecord, SetViewportExtEx, EnumMetaFile, SetViewportOrgEx, CreatePen, ExtCreatePen, CreateHatchBrush, CreateRectRgnIndirect, PatBlt, SetRectRgn, CombineRgn, GetMapMode, DPtoLP, GetTextMetricsW, GetCharWidthW, CreateFontW, StretchDIBits, GetObjectType, OffsetViewportOrgEx, LineTo, OffsetClipRgn, IntersectClipRect, ExcludeClipRect, SelectObject, StartDocW, GetPixel, GetWindowExtEx, GetViewportExtEx, SelectClipPath, GetClipRgn, SelectClipRgn, DeleteObject, SetColorAdjustment, SetArcDirection, SetMapperFlags, SetTextCharacterExtra, SetTextJustification, PlayMetaFile, CreateFontIndirectW, SetMapMode, ModifyWorldTransform, SetWorldTransform, SetGraphicsMode, SetStretchBltMode, SetROP2, SetPolyFillMode, SetBkMode, RestoreDC, SaveDC, SetBkColor, SetTextColor, GetClipBox, GetDCOrgEx, CreateBitmap, CopyMetaFileW, CreateRectRgn, CreateSolidBrush, GetCurrentObject, Escape, GetTextExtentPoint32W, ExtTextOutW, TextOutW, BitBlt, RectVisible, PtVisible, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, GetStockObject, CreateDCW, GetDeviceCaps, DeleteDC, GetObjectW, SetTextAlign |
| COMDLG32.dll | GetFileTitleW |
| WINSPOOL.DRV | ClosePrinter, OpenPrinterW, DocumentPropertiesW |
| ADVAPI32.dll | RegDeleteValueW, RegSetValueExW, RegCreateKeyExW, RegEnumKeyW, RegDeleteKeyW, RegOpenKeyW, RegSetValueW, RegQueryValueW, RegQueryInfoKeyW, RegEnumValueW, RegEnumKeyExW, RegOpenKeyExW, RegQueryValueExW, RegCloseKey, RegCreateKeyW |
| SHELL32.dll | ExtractIconW, ShellExecuteExW, SHGetFileInfoW, DragFinish, DragQueryFileW, ShellExecuteW |
| SHLWAPI.dll | PathCombineW, PathFindFileNameW, PathFindExtensionW, PathRemoveExtensionW, PathStripToRootW, PathFileExistsW, PathRemoveFileSpecW, PathIsUNCW |
| ole32.dll | ReleaseStgMedium, CreateBindCtx, ReadClassStg, ReadFmtUserTypeStg, CoTaskMemAlloc, WriteClassStg, WriteFmtUserTypeStg, SetConvertStg, CoTaskMemFree, StringFromCLSID, CoTreatAsClass, CoDisconnectObject, OleDuplicateData, CoCreateInstance, StringFromGUID2, CLSIDFromString, OleRegGetUserType |
| OLEAUT32.dll | VarBstrFromDate, VarDecFromStr, VarBstrFromDec, VarBstrFromCy, VarCyFromStr, SysReAllocStringLen, VarDateFromStr, SystemTimeToVariantTime, VariantTimeToSystemTime, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayDestroy, SafeArrayUnlock, SafeArrayLock, SafeArrayPutElement, SafeArrayPtrOfIndex, SafeArrayGetElement, SafeArrayCopy, SafeArrayAllocDescriptor, SafeArrayAllocData, VariantCopy, SysFreeString, SysAllocString, SysStringLen, SysAllocStringByteLen, SysStringByteLen, VariantClear, VariantChangeType, VariantInit, SysAllocStringLen, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayGetElemsize, SafeArrayGetDim, SafeArrayCreate, SafeArrayRedim |
| VERSION.dll | GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW |
| Description | Data |
|---|---|
| FileDescription | BugReport.exe |
| FileVersion | 2.3.12.202 |
| LegalCopyright | Software Support Center. All rights reserved. |
| ProductName | BugReport |
| ProductVersion | 2.3.12.202 |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| German | Germany |  |
| French | France |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-04-13T17:10:06.778863+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49703 | 89.169.54.153 | 443 | TCP |
| 2025-04-13T17:10:30.132125+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49693 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:31.727826+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49696 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:33.341119+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49697 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:34.443812+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49698 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:37.528047+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49699 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:38.484166+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49700 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:39.621084+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49701 | 104.21.42.51 | 443 | TCP |
| 2025-04-13T17:10:41.723058+0200 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49702 | 104.21.42.51 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 13, 2025 17:10:29.896811008 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:29.896900892 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:29.897010088 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:29.898703098 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:29.898740053 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.132031918 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.132124901 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.133474112 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.133491039 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.133829117 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.181993008 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.193336010 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.193353891 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.193492889 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694338083 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694489956 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694557905 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.694572926 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694602966 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694653988 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.694689035 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694885015 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.694931030 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.694948912 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695029974 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695075989 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.695085049 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695163012 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695219994 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.695228100 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695300102 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.695344925 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.695353985 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.744446993 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.824595928 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.824702024 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.824733973 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.824758053 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.824790001 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.824835062 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.825061083 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825122118 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825162888 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825164080 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.825177908 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825220108 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.825609922 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825676918 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825714111 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825714111 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.825726032 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.825764894 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.825778008 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826632023 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826672077 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826674938 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.826685905 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826725960 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.826734066 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826785088 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826834917 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.826844931 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826860905 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.826919079 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.829828978 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.829848051 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:30.829862118 CEST | 49693 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:30.829871893 CEST | 443 | 49693 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.488152981 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.488276005 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.488387108 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.488656044 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.488687038 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.727616072 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.727826118 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.728775978 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.728806973 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.729234934 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.730393887 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.730582952 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.730633020 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:31.730699062 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:31.772281885 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:32.691368103 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:32.691490889 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:32.692092896 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:32.692513943 CEST | 49696 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:32.692539930 CEST | 443 | 49696 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.116817951 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.116857052 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.116970062 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.117317915 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.117333889 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.341046095 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.341119051 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.343055964 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.343065023 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.343364000 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.344696045 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.344815016 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.344861031 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.344921112 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.392263889 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.913597107 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.913682938 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:33.913913012 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:33.913913012 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.208972931 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.209060907 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.209156036 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.209520102 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.209554911 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.213255882 CEST | 49697 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.213279963 CEST | 443 | 49697 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.443742990 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.443811893 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.445342064 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.445357084 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.445596933 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.447031975 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.447324991 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.447362900 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:34.447505951 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:34.447521925 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:35.129451036 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:35.129590034 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:35.129722118 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:35.130047083 CEST | 49698 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:35.130072117 CEST | 443 | 49698 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.293178082 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.293229103 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.293332100 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.293679953 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.293699980 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.527987003 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.528047085 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.532265902 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.532279015 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.532507896 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.533623934 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.533744097 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.533763885 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.976239920 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.976530075 CEST | 443 | 49699 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:37.976578951 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:37.976651907 CEST | 49699 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.243278980 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.243339062 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.243423939 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.243743896 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.243762016 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.483922005 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.484165907 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.485322952 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.485338926 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.486185074 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.487668991 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.487987995 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.488039970 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.918556929 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.918735027 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:38.918824911 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.918905973 CEST | 49700 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:38.918936014 CEST | 443 | 49700 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.398077011 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.398173094 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.398386002 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.398614883 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.398653030 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.620930910 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.621083975 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.622416019 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.622454882 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.622807980 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.635884047 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.636688948 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.636738062 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.636858940 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.636900902 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.637018919 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.637264967 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.637412071 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.637434006 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.637593985 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.637624025 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.637789011 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.637814999 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.637825966 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.637842894 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.638000011 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.638022900 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.638055086 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.638065100 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.638199091 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.638241053 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.638267994 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.680298090 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:39.680507898 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.680574894 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.680597067 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:39.724282026 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.399919033 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.400300980 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.400393009 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.402407885 CEST | 49701 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.402450085 CEST | 443 | 49701 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.479032993 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.479072094 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.479152918 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.481132030 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.481153965 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.722979069 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.723057985 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.724379063 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.724387884 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.725312948 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:41.726660967 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.726680040 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:41.726821899 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.214982033 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.215167046 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.215303898 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:42.215358019 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:42.215373993 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.215388060 CEST | 49702 | 443 | 192.168.2.5 | 104.21.42.51 |
| Apr 13, 2025 17:10:42.215393066 CEST | 443 | 49702 | 104.21.42.51 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.411818981 CEST | 49703 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.411886930 CEST | 443 | 49703 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.411989927 CEST | 49703 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.412426949 CEST | 49703 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.412446976 CEST | 443 | 49703 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.633776903 CEST | 443 | 49703 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.634418964 CEST | 49704 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.634531975 CEST | 443 | 49704 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.634633064 CEST | 49704 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.634975910 CEST | 49704 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.635011911 CEST | 443 | 49704 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.848845005 CEST | 443 | 49704 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.849647999 CEST | 49705 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.849695921 CEST | 443 | 49705 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.849785089 CEST | 49705 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.850881100 CEST | 49705 | 443 | 192.168.2.5 | 89.169.54.153 |
| Apr 13, 2025 17:10:42.850918055 CEST | 443 | 49705 | 89.169.54.153 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.851001978 CEST | 49705 | 443 | 192.168.2.5 | 89.169.54.153 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 13, 2025 17:10:29.774400949 CEST | 56954 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 13, 2025 17:10:29.886405945 CEST | 53 | 56954 | 1.1.1.1 | 192.168.2.5 |
| Apr 13, 2025 17:10:42.219000101 CEST | 51789 | 53 | 192.168.2.5 | 1.1.1.1 |
| Apr 13, 2025 17:10:42.410509109 CEST | 53 | 51789 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Apr 13, 2025 17:10:29.774400949 CEST | 192.168.2.5 | 1.1.1.1 | 0xf689 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Apr 13, 2025 17:10:42.219000101 CEST | 192.168.2.5 | 1.1.1.1 | 0xceea | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Apr 13, 2025 17:10:10.897001982 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc5 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:10.897001982 CEST | 1.1.1.1 | 192.168.2.5 | 0xdc5 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.48.37 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.55.38 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.48.40 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.48.23 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.48.18 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.55.34 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.48.20 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:11.347388029 CEST | 1.1.1.1 | 192.168.2.5 | 0xcebe | No error (0) | 217.20.55.18 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:29.886405945 CEST | 1.1.1.1 | 192.168.2.5 | 0xf689 | No error (0) | 104.21.42.51 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:29.886405945 CEST | 1.1.1.1 | 192.168.2.5 | 0xf689 | No error (0) | 172.67.157.7 | A (IP address) | IN (0x0001) | false | ||
| Apr 13, 2025 17:10:42.410509109 CEST | 1.1.1.1 | 192.168.2.5 | 0xceea | No error (0) | 89.169.54.153 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49693 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:30 UTC | 268 | OUT | |
| 2025-04-13 15:10:30 UTC | 87 | OUT | |
| 2025-04-13 15:10:30 UTC | 792 | IN | |
| 2025-04-13 15:10:30 UTC | 577 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 1369 | IN | |
| 2025-04-13 15:10:30 UTC | 759 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49696 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:31 UTC | 280 | OUT | |
| 2025-04-13 15:10:31 UTC | 14897 | OUT | |
| 2025-04-13 15:10:32 UTC | 818 | IN | |
| 2025-04-13 15:10:32 UTC | 76 | IN | |
| 2025-04-13 15:10:32 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49697 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:33 UTC | 281 | OUT | |
| 2025-04-13 15:10:33 UTC | 15051 | OUT | |
| 2025-04-13 15:10:33 UTC | 811 | IN | |
| 2025-04-13 15:10:33 UTC | 76 | IN | |
| 2025-04-13 15:10:33 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49698 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:34 UTC | 281 | OUT | |
| 2025-04-13 15:10:34 UTC | 15331 | OUT | |
| 2025-04-13 15:10:34 UTC | 5209 | OUT | |
| 2025-04-13 15:10:35 UTC | 812 | IN | |
| 2025-04-13 15:10:35 UTC | 76 | IN | |
| 2025-04-13 15:10:35 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49699 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:37 UTC | 280 | OUT | |
| 2025-04-13 15:10:37 UTC | 5447 | OUT | |
| 2025-04-13 15:10:37 UTC | 810 | IN | |
| 2025-04-13 15:10:37 UTC | 76 | IN | |
| 2025-04-13 15:10:37 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49700 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:38 UTC | 284 | OUT | |
| 2025-04-13 15:10:38 UTC | 2397 | OUT | |
| 2025-04-13 15:10:38 UTC | 812 | IN | |
| 2025-04-13 15:10:38 UTC | 76 | IN | |
| 2025-04-13 15:10:38 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49701 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:39 UTC | 288 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:39 UTC | 15331 | OUT | |
| 2025-04-13 15:10:41 UTC | 822 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49702 | 104.21.42.51 | 443 | 7448 | C:\Users\user\Desktop\setup_patched.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-04-13 15:10:41 UTC | 269 | OUT | |
| 2025-04-13 15:10:41 UTC | 125 | OUT | |
| 2025-04-13 15:10:42 UTC | 785 | IN | |
| 2025-04-13 15:10:42 UTC | 108 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 11:10:12 |
| Start date: | 13/04/2025 |
| Path: | C:\Users\user\Desktop\setup_patched.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1'085'440 bytes |
| MD5 hash: | 793E23C2663F78FE14E253CD2ABE1753 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |