Edit tour

Windows Analysis Report
setup#U67e5#U8be2.exe

Overview

General Information

Sample name:	setup#U67e5#U8be2.exe renamed because original name is a hash value
Original sample name:	setup.exe
Analysis ID:	1485247
MD5:	481ddf452decfcc566d5047d89001f8c
SHA1:	301752c731d5f074b00bb699926e30962e563848
SHA256:	bbef75a7d62a07a19b5d24275f2b9c07757dd798f9203b45c7b472b7941d6bca
Tags:	exe
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

AI detected suspicious sample

JA3 SSL client fingerprint seen in connection with other malware

PE file contains sections with non-standard names

Uses a known web browser user agent for HTTP communication

Classification

Process Tree

System is w10x64

setup#U67e5#U8be2.exe (PID: 7136 cmdline: "C:\Users\user\Desktop\setup#U67e5#U8be2.exe" MD5: 481DDF452DECFCC566D5047D89001F8C)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: setup#U67e5#U8be2.exe

Virustotal: Detection: 12%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.7% probability

Source: unknown

HTTPS traffic detected: 82.156.94.45:443 -> 192.168.2.6:49714 version: TLS 1.2

Source: setup#U67e5#U8be2.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic

HTTP traffic detected: GET /93.txt HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.comConnection: Keep-Alive

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com

Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/
Source: setup#U67e5#U8be2.exe	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt
Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt9
Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtLMEM
Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtRRC:
Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290155C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtz

Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714

Source: unknown

HTTPS traffic detected: 82.156.94.45:443 -> 192.168.2.6:49714 version: TLS 1.2

Source: classification engine

Classification label: mal52.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\8HXJSKQQ\93[1].txt

Jump to behavior

Source: setup#U67e5#U8be2.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: setup#U67e5#U8be2.exe

Virustotal: Detection: 12%

Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\setup#U67e5#U8be2.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: setup#U67e5#U8be2.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: setup#U67e5#U8be2.exe

Static file information: File size 21120512 > 1048576

Source: setup#U67e5#U8be2.exe

Static PE information: Raw size of .ddt is bigger than: 0x100000 < 0x140c400

Source: setup#U67e5#U8be2.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: setup#U67e5#U8be2.exe

Static PE information: section name: .ddt

Source: setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290157C000.00000004.00000020.00020000.00000000.sdmp, setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp, setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.000002290151C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 DLL Side-Loading	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
setup#U67e5#U8be2.exe	0%	ReversingLabs
setup#U67e5#U8be2.exe	12%	Virustotal		Browse

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
bj.file.myqcloud.com	0%	Virustotal	Browse
fp2e7a.wpc.phicdn.net	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtRRC:	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtz	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt9	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtLMEM	0%	Avira URL Cloud	safe
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/	0%	Virustotal		Browse
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtLMEM	0%	Virustotal		Browse
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.210.172	true	false	0%, Virustotal, Browse	unknown
bj.file.myqcloud.com	82.156.94.45	true	false	0%, Virustotal, Browse	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	0%, Virustotal, Browse	unknown
wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtRRC:	setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtz	setup#U67e5#U8be2.exe, 00000000.00000003.2258148701.000002290155C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txt9	setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/	setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com/93.txtLMEM	setup#U67e5#U8be2.exe, 00000000.00000003.2258189363.0000022901531000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
82.156.94.45	bj.file.myqcloud.com	China		12513	ECLIPSEGB	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1485247
Start date and time:	2024-07-31 11:12:21 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	3
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	setup#U67e5#U8be2.exe renamed because original name is a hash value
Original Sample Name:	setup.exe
Detection:	MAL
Classification:	mal52.winEXE@1/0@1/1
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Connection to analysis system has been lost, crash info: Normal
Exclude process from analysis (whitelisted): dllhost.exe
Excluded IPs from analysis (whitelisted): 40.127.169.103, 20.3.187.198, 184.28.90.27, 13.85.23.206
Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, e16604.g.akamaiedge.net, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
82.156.94.45	LisectAVT_2403002B_185.exe	Get hash	malicious	Unknown	Browse
	LisectAVT_2403002A_276.exe	Get hash	malicious	Unknown	Browse
	4a9OE5cKJo.exe	Get hash	malicious	Unknown	Browse
	1q3HnZAcnJ.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
bj.file.myqcloud.com	LisectAVT_2403002B_185.exe	Get hash	malicious	Unknown	Browse	82.156.94.48
	LisectAVT_2403002B_185.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	LisectAVT_2403002A_276.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim	Get hash	malicious	HTMLPhisher	Browse	82.156.94.13
	setup#U67e5#U8be2_pf2024.exe	Get hash	malicious	GhostRat, Nitol	Browse	82.156.94.17
	https://appservies02342-1321331581.cos.ap-beijing.myqcloud.com/cummon/update-agreements/claim	Get hash	malicious	HTMLPhisher	Browse	82.156.94.13
	New_Text_Document_mod.exse.exe	Get hash	malicious	AgentTesla, Amadey, Creal Stealer, Djvu, FormBook, Glupteba, GuLoader	Browse	82.156.94.48
	4a9OE5cKJo.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	4a9OE5cKJo.exe	Get hash	malicious	Unknown	Browse	82.156.94.47
	1q3HnZAcnJ.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
bg.microsoft.map.fastly.net	y3qo4F34X6.img	Get hash	malicious	PureLog Stealer	Browse	199.232.210.172
	Inquiry.vbs	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	199.232.214.172
	New _Order_0567___Pdf.exe	Get hash	malicious	Unknown	Browse	199.232.214.172
	0fF8TYGPKc.exe	Get hash	malicious	AsyncRAT	Browse	199.232.210.172
	https://www.delgado360.es	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://plonoer.com.ru/QUYmT/	Get hash	malicious	HTMLPhisher	Browse	199.232.214.172
	3a#U573a.exe	Get hash	malicious	CobaltStrike, Metasploit, ReflectiveLoader	Browse	199.232.210.172
	UW-GIUGNO24 - Ordine finale.exe	Get hash	malicious	PureLog Stealer	Browse	199.232.214.172
	5W69EF4IxU.lnk	Get hash	malicious	XWorm	Browse	199.232.210.172
	http://soft-download123file.xyz	Get hash	malicious	Unknown	Browse	199.232.214.172
fp2e7a.wpc.phicdn.net	https://dfghbv.fujtisu.com/3EPrz1?8b6488=MJWeddings@jumeirah.com	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	https://www.delgado360.es	Get hash	malicious	Unknown	Browse	192.229.221.95
	http://plonoer.com.ru/QUYmT/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	5Odo3ejY38.exe	Get hash	malicious	RedLine	Browse	192.229.221.95
	Sign02110.exe	Get hash	malicious	PureLog Stealer	Browse	192.229.221.95
	UW-GIUGNO24 - Ordine finale.exe	Get hash	malicious	PureLog Stealer	Browse	192.229.221.95
	5W69EF4IxU.lnk	Get hash	malicious	XWorm	Browse	192.229.221.95
	http://soft-download123file.xyz	Get hash	malicious	Unknown	Browse	192.229.221.95
	https://www.mundodomarketing.com.br/	Get hash	malicious	HTMLPhisher	Browse	192.229.221.95
	http://bandamazonas.com.br/	Get hash	malicious	Unknown	Browse	192.229.221.95

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ECLIPSEGB	KZ5zPoWLWj.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	109.176.30.246
	RSx1ArtQPf.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	109.176.30.246
	KZ5zPoWLWj.exe	Get hash	malicious	Unknown	Browse	109.176.30.246
	RSx1ArtQPf.exe	Get hash	malicious	PureLog Stealer, zgRAT	Browse	109.176.30.246
	LisectAVT_2403002B_185.exe	Get hash	malicious	Unknown	Browse	82.156.94.47
	LisectAVT_2403002B_185.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	LisectAVT_2403002A_276.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	0GJSC4Ua2K.elf	Get hash	malicious	Unknown	Browse	91.84.192.7
	KBNCt45Gpk.elf	Get hash	malicious	Mirai	Browse	212.108.82.87
	PO-9412-23007-EPCM_CONSUMABLE_PT.exe	Get hash	malicious	FormBook	Browse	109.176.207.133

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	0242_FV1_241356.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	82.156.94.45
	zrpPKBbxN0.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	New _Order_0567___Pdf.exe	Get hash	malicious	Unknown	Browse	82.156.94.45
	F_7576419.LnK.lnk	Get hash	malicious	MalLnk	Browse	82.156.94.45
	PO4541 , PO4537.pdf.exe	Get hash	malicious	DarkCloud, PureLog Stealer	Browse	82.156.94.45
	1604202412475.exe	Get hash	malicious	GuLoader	Browse	82.156.94.45
	Pagos-Confirming_PDF.exe	Get hash	malicious	Remcos, GuLoader	Browse	82.156.94.45
	Frsteudgaves.exe	Get hash	malicious	FormBook, GuLoader	Browse	82.156.94.45
	FACTURA.PDF.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	82.156.94.45
	FACTURA0876.exe	Get hash	malicious	GuLoader, Snake Keylogger	Browse	82.156.94.45

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	0.05576441653839872
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	setup#U67e5#U8be2.exe
File size:	21'120'512 bytes
MD5:	481ddf452decfcc566d5047d89001f8c
SHA1:	301752c731d5f074b00bb699926e30962e563848
SHA256:	bbef75a7d62a07a19b5d24275f2b9c07757dd798f9203b45c7b472b7941d6bca
SHA512:	8b9737dc1e70fa8744af93a7bd757f9f99e492aab9a26401ca6820a88faf8bd8c16de8a781cdcd69fe6bae8205fd2dc897c209e702e01c7e50b685f7ec44d482
SSDEEP:	1536:Z9UlR/ScXt4IzTFcGHThVmvtG60APGQ5KGkMsxfby7HB8uDysW4dljVsu:ZmSG3FcGHTuvtG60gR54xejDNljVs
TLSH:	27276B8B33E430FDD4A3E675C9A14905D3B6B83606719F5E47A4025A9F336D29E38B32
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3...3...3...u.^.....u._.G...u.`.:....Tt.8...3..._.....Z.1.....a.2...Rich3...........................PE..d...\..f.........."

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x140002ac8
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66A7B25C [Mon Jul 29 15:16:44 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d7ff34ec78c19547db8f284e04d0252a

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FC96889F960h
dec eax
add esp, 28h
jmp 00007FC96889A637h
int3
int3
dec eax
mov dword ptr [esp+10h], ebx
dec eax
mov dword ptr [esp+18h], esi
push edi
dec eax
sub esp, 30h
call 00007FC96889AD65h
movzx esi, ax
mov ecx, 00000002h
call 00007FC96889F8ECh
mov eax, 00005A4Dh
dec eax
lea edi, dword ptr [FFFFD4F7h]
cmp word ptr [FFFFD4F0h], ax
je 00007FC96889A636h
xor ebx, ebx
jmp 00007FC96889A663h
dec eax
arpl word ptr [FFFFD51Fh], ax
dec eax
add eax, edi
cmp dword ptr [eax], 00004550h
jne 00007FC96889A61Ch
mov ecx, 0000020Bh
cmp word ptr [eax+18h], cx
jne 00007FC96889A611h
xor ebx, ebx
cmp dword ptr [eax+00000084h], 0Eh
jbe 00007FC96889A63Bh
cmp dword ptr [eax+000000F8h], ebx
setne bl
mov dword ptr [esp+40h], ebx
call 00007FC96889E091h
test eax, eax
jne 00007FC96889A654h
cmp dword ptr [000167FDh], 01h
jne 00007FC96889A637h
call 00007FC96889B1E3h
mov ecx, 0000001Ch
call 00007FC96889B24Dh
mov ecx, 000000FFh
call 00007FC96889954Fh
call 00007FC96889E8E6h
test eax, eax
jne 00007FC96889A654h
cmp dword ptr [000167D2h], 01h
jne 00007FC96889A637h
call 00007FC96889B1B8h
mov ecx, 00000010h

Rich Headers

Programming Language:

[LNK] VS2013 UPD2 build 30501

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x161a4	0x78	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x1b000	0xb40	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1429000	0x530	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x15540	0x70	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x10000	0x320	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xe569	0xe600	f7a0b817d1cb6dd1043aa7634b3b2083	False	0.5873131793478261	data	6.461963446088274	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x10000	0x6c40	0x6e00	0c84417c0386ef88fc395cf5dc082ba5	False	0.32649147727272726	data	4.06379976672545	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x17000	0x3ab0	0x1800	d13b667342bdf23291e06fef50fd0abe	False	0.236328125	data	2.810497132530405	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x1b000	0xb40	0xc00	d4b281f388b91a91ade3949c320aa68a	False	0.4739583333333333	data	4.643560878389695	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.ddt	0x1c000	0x140c300	0x140c400	dcc430f40cba3cb053b41aa5c56b0c4f	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1429000	0x530	0x600	957be0c41aaf269f33ecd8cfcec2a0a8	False	0.6171875	data	5.087892886311919	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	GetFileAttributesA, VirtualAlloc, GetModuleHandleA, WriteConsoleW, CreateFileW, GetConsoleCP, FlushFileBuffers, SetStdHandle, GetStringTypeW, FreeLibrary, LCMapStringW, HeapReAlloc, HeapSize, OutputDebugStringW, FreeEnvironmentStringsW, GetEnvironmentStringsW, LoadLibraryA, GetProcAddress, GetLastError, GetModuleFileNameA, Sleep, GetCurrentProcessId, QueryPerformanceCounter, GetSystemTimeAsFileTime, EncodePointer, DecodePointer, ExitProcess, GetModuleHandleExW, AreFileApisANSI, MultiByteToWideChar, WideCharToMultiByte, ReadFile, HeapAlloc, HeapFree, GetCommandLineA, IsDebuggerPresent, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetStdHandle, WriteFile, GetModuleFileNameW, LoadLibraryExW, RtlUnwindEx, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetFilePointerEx, GetConsoleMode, ReadConsoleW, GetFileType, GetProcessHeap, CloseHandle, GetCurrentThreadId, SetEndOfFile
USER32.dll	DispatchMessageA, TranslateMessage, GetMessageA, UpdateWindow, ShowWindow, RegisterClassExA, LoadCursorA, LoadIconA, PostQuitMessage, DestroyWindow, PostMessageA, SetWindowTextA, InvalidateRect, SetClassLongPtrA, MessageBoxA, GetWindowTextA, CreateWindowExA, DefWindowProcA
GDI32.dll	CreateSolidBrush
ADVAPI32.dll	CheckTokenMembership, AllocateAndInitializeSid, FreeSid
SHELL32.dll	ShellExecuteExA

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 31, 2024 11:13:30.578597069 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:30.578654051 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:30.578747988 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:30.588371038 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:30.588388920 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:31.871822119 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:31.872066975 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:31.872956991 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:31.873024940 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:31.927350044 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:31.927371979 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:31.927846909 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:31.927907944 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:31.930027008 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:31.972503901 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329482079 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329556942 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329572916 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.329606056 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329624891 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.329629898 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329657078 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.329665899 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329727888 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.329727888 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.329749107 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.329797029 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.587311029 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.587346077 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.587472916 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.587503910 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.587553978 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.588324070 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.588398933 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.588408947 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.588454962 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.589786053 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.589852095 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.589859962 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.589899063 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.590769053 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.590842962 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.590850115 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.590888977 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.854727983 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.854744911 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.854768991 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.854890108 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.854923010 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.854944944 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.854967117 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.855703115 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.855772018 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.855781078 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.855822086 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.857713938 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.857737064 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.857814074 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.857824087 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.857865095 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.858675957 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.858743906 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.858752012 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.858810902 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.860594988 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.860658884 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.860667944 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.860712051 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.861556053 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.861622095 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.861633062 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.861675024 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.941466093 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.941534042 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.941572905 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.941592932 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:32.941612005 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:32.941636086 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.119009018 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.119072914 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.119112015 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.119132996 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.119175911 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.119200945 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.121279001 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.121323109 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.121366978 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.121375084 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.121422052 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.121453047 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.123379946 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.123457909 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.123470068 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.123496056 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.123543978 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.123564959 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.123569965 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.123620033 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.125413895 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.125458956 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.125489950 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.125497103 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.125530005 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.125552893 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.127095938 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.127178907 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.127186060 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.127232075 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.128195047 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.128262043 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.128277063 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.128377914 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.128902912 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.128982067 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.128988981 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.129041910 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.129801989 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.129873991 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.129880905 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.129920959 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.130738974 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.130814075 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.130820990 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.130877018 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.131757975 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.131844044 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.131850958 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.131892920 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.132719994 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.132793903 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.132801056 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.132855892 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.133615971 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.133686066 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.133692980 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.133733034 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.134465933 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.134542942 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.134550095 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.134587049 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.381597042 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.381609917 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.381671906 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.381711006 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.381726980 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.381771088 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.382950068 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.383014917 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.383022070 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.383063078 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.383796930 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.383837938 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.383877993 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.383883953 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.383933067 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.385699034 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.385716915 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.385776997 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.385786057 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.385829926 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.387130022 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.387145042 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.387224913 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.387233019 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.387274027 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.388819933 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.388849020 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.388880014 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.388889074 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.388933897 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.388945103 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.390614986 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.390645027 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.390671968 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.390678883 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.390706062 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.390717983 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.391774893 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.391830921 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.391838074 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.391885996 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.392699003 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.392752886 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.392760038 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.392806053 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.394323111 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.394340038 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.394399881 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.394407988 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.394454002 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.481715918 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.481738091 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.481816053 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.481827021 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.481859922 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.481882095 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.653074026 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.653129101 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.653188944 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.653201103 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.653237104 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.653255939 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.654721022 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.654797077 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.654804945 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.654861927 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.654867887 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.654915094 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.655613899 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.655687094 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.655694008 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.655731916 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.656591892 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.656663895 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.656671047 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.656711102 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.657535076 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.657579899 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.657608986 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.657615900 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.657639027 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.657656908 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.659553051 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.659591913 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.659636021 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.659643888 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.659693003 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.659703016 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.661263943 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.661303043 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.661338091 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.661345005 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.661369085 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.661387920 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.662177086 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.662251949 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.662259102 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.662314892 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.662321091 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.662360907 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.663054943 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.663382053 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.663389921 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.663445950 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.663933992 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.664005995 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.664014101 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.664052010 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.739880085 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.739907026 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.740009069 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.740020037 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.740063906 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.915920019 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.915982962 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.916076899 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.916106939 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.916126013 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.916148901 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.917099953 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.917143106 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.917177916 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.917186975 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.917211056 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.917228937 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.918267012 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.918337107 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.918344975 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.918354034 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.918396950 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.918406010 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.918442965 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.919132948 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.919207096 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.919214010 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.919251919 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.920077085 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.920145988 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.920155048 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.920196056 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.921286106 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.921339035 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.921499968 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.921499968 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.921509981 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.921555996 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.922925949 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.922980070 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.923016071 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.923022985 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.923038960 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.923063993 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.923862934 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.923907042 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.923933029 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.923939943 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.923969030 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.923979998 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.924913883 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.924989939 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.924998999 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.925051928 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:33.925057888 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:33.925096989 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.001842976 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.001997948 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.002015114 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.002062082 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.002247095 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.002321005 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.002327919 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.002367020 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.179375887 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.179400921 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.179490089 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.179507971 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.179563046 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.180711985 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.180728912 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.180792093 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.180799961 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.180841923 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.181544065 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.181587934 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.181617975 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.181626081 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.181663036 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.181685925 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.183468103 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.183543921 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.183552980 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.183583975 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.183610916 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.183619022 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.183634996 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.183656931 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.184400082 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.184493065 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.184499979 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.184551954 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.185281992 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.185353994 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.185359955 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.185414076 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.186333895 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.186376095 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.186408997 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.186415911 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.186450958 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.186460972 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.187150955 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.187194109 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.187212944 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.187222004 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.187246084 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.187269926 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.188240051 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.188282967 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.188313007 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.188319921 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.188344002 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.188365936 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.266992092 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.267046928 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.267091036 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.267116070 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.267138958 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.267162085 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.267493010 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.267555952 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.267563105 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.267611027 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268105030 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.268157005 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.268168926 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268176079 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.268202066 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268219948 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268227100 CEST	443	49714	82.156.94.45	192.168.2.6
Jul 31, 2024 11:13:34.268271923 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268446922 CEST	49714	443	192.168.2.6	82.156.94.45
Jul 31, 2024 11:13:34.268461943 CEST	443	49714	82.156.94.45	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 31, 2024 11:13:30.147600889 CEST	62764	53	192.168.2.6	1.1.1.1
Jul 31, 2024 11:13:30.570422888 CEST	53	62764	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 31, 2024 11:13:30.147600889 CEST	192.168.2.6	1.1.1.1	0x8c5a	Standard query (0)	wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com	bj.file.myqcloud.com		CNAME (Canonical name)	IN (0x0001)	false
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	bj.file.myqcloud.com		82.156.94.45	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	bj.file.myqcloud.com		82.156.94.47	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	bj.file.myqcloud.com		82.156.94.48	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	bj.file.myqcloud.com		82.156.94.13	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:13:30.570422888 CEST	1.1.1.1	192.168.2.6	0x8c5a	No error (0)	bj.file.myqcloud.com		82.156.94.17	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:13:50.793006897 CEST	1.1.1.1	192.168.2.6	0x7295	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jul 31, 2024 11:13:50.793006897 CEST	1.1.1.1	192.168.2.6	0x7295	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:14:16.018668890 CEST	1.1.1.1	192.168.2.6	0xfab	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 31, 2024 11:14:16.018668890 CEST	1.1.1.1	192.168.2.6	0xfab	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49714	82.156.94.45	443	7136	C:\Users\user\Desktop\setup#U67e5#U8be2.exe

Timestamp	Bytes transferred	Direction	Data
2024-07-31 09:13:31 UTC	344	OUT	GET /93.txt HTTP/1.1 Accept: / UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729) Host: wwwasdqwefqaqsffqe93-1328290234.cos.ap-beijing.myqcloud.com Connection: Keep-Alive
2024-07-31 09:13:32 UTC	458	IN	HTTP/1.1 200 OK Content-Type: text/plain Content-Length: 878080 Connection: close Accept-Ranges: bytes Content-Disposition: attachment Date: Wed, 31 Jul 2024 09:13:32 GMT ETag: "6024648c6353dca982adda4ff005e7c7" Last-Modified: Mon, 29 Jul 2024 15:00:55 GMT Server: tencent-cos x-cos-force-download: true x-cos-hash-crc64ecma: 3460450133526625675 x-cos-request-id: NjZhYTAwM2NfODRiMDViNjRfZGQwNl8xNjcwOWE5 x-cos-server-side-encryption: AES256
2024-07-31 09:13:32 UTC	15926	IN	Data Raw: 15 1e 06 0b d9 58 44 58 44 1a 11 b2 b1 4d 10 cf 82 11 34 58 24 55 44 bc 89 f2 58 44 58 44 43 59 31 58 44 58 44 43 59 31 58 44 58 44 43 59 31 58 44 58 44 43 59 31 58 44 58 44 43 59 31 59 44 58 4a 5c e3 3f 58 f0 51 89 62 e1 30 14 89 79 10 2b 30 42 78 34 2a 2b 24 2b 50 35 64 3b 25 2d 37 5e 2c 64 3a 21 63 2b 44 36 64 31 2a 63 1d 7e 0b 64 35 2b 27 3c 1f 55 49 52 60 43 59 31 58 44 58 44 14 56 27 72 57 36 3c 3a 4a 5f 20 3d 4b 2a 3b 20 79 5e 3f 20 51 2d 21 48 10 42 25 3c c4 37 49 21 94 b5 3f 3b 43 5f 20 3d 88 a9 3f 21 2d 36 3c 21 94 ae 24 49 55 2a 20 3d 0b 5f 4d 20 5b 36 3c 3a 11 37 26 3c 4a 2a 3b 20 79 5e 3d 20 46 2d 21 48 4b 2a 21 3d 2b 37 49 21 43 b2 35 3b 48 5f 20 3d 5f ae 3b 21 23 36 3c 21 43 a9 23 49 4a 2a 20 3d 11 30 52 30 57 36 3c 3a 59 31 58 44 58 44 43 Data Ascii: XDXDM4X$UDXDXDCY1XDXDCY1XDXDCY1XDXDCY1XDXDCY1YDXJ\?XQb0y+0Bx4+$+P5d;%-7^,d:!c+D6d1c~d5+'<UIR`CY1XDXDV'rW6<:J_ =K; y^? Q-!HB%<7I!?;C_ =?!-6<!$IU =_M [6<:7&<J; y^= F-!HK!=+7I!C5;H_ =_;!#6<!C#IJ* =0R0W6<:Y1XDXDC
2024-07-31 09:13:32 UTC	4	IN	Data Raw: 01 b3 11 b8 Data Ascii:
2024-07-31 09:13:32 UTC	8184	IN	Data Raw: 1c 60 10 bb 56 14 02 59 44 10 c9 0f 7d 71 a7 51 62 77 42 59 b4 98 31 55 c7 b8 58 45 50 c9 10 47 ab 98 cf a7 bb 10 cf df 7d e1 5d 44 58 0c c2 9d f1 5d 44 58 19 80 11 b8 04 60 50 13 0b da dd 78 0c d5 59 cc 9b 30 58 0c d5 79 cb 9b 30 58 af 4a 0c c8 5a 79 dd 84 2c 42 bc 4c 89 6c 45 58 0c c0 9a 39 10 7f 87 36 aa 11 ba 04 60 68 0c c0 9d 11 07 87 10 cd 1f 7d 39 0f 0c db a8 63 11 bc 45 27 9a 45 43 11 bc 65 18 9a 45 43 b2 23 10 cf 5b 0c c6 99 45 5e bb 4d 38 77 58 31 10 c7 9b 4c 0b 62 ee 2a ad 10 cf 1f 7d 01 10 c7 9c 64 1c 9a f3 58 44 94 0c ca 05 15 48 0c d1 30 67 41 64 0f 05 0e 0c c8 b5 79 db a8 48 77 83 6a f8 57 e6 1c cf 82 1d ba 8a 05 d9 b6 2a 37 54 11 05 d9 b4 2d 2d 54 34 00 d3 8f 07 d2 c1 6b 8d e0 45 43 59 31 57 e6 1d 4f 93 d0 74 a8 05 d9 b5 04 3c 5f 2d cd 05 Data Ascii: `VYD}qQbwBY1UXEPG}]DX]DX`PxY0Xy0XJZy,BLlEX96`h}9cE'ECeEC#[E^M8wX1Lb}dXDH0gAdyHwjW7T--T4kECY1WOt<_-
2024-07-31 09:13:32 UTC	8184	IN	Data Raw: 05 d2 ac 07 d4 4b 5c c7 a1 41 3c 3c 45 40 c1 91 30 0f da d8 59 30 0b c7 aa 58 45 1f c7 b1 45 37 64 b2 a1 45 2d 18 0a d2 ce 10 cf 9f 0c c0 b1 30 57 c0 fa 44 43 59 79 db ac 59 30 3e 11 b2 b0 46 2c 1e 0b 62 f3 2c 7b b0 fe 69 59 31 9f 44 4e 44 43 59 d9 d7 6d 58 44 71 99 d8 70 45 58 44 0b d2 cb b3 82 e7 46 43 59 31 b3 fb e7 45 43 59 31 b3 fc db ad 45 2d 81 db ad 59 30 e8 da d8 5a 30 fe af d9 6a ce b3 e7 d3 07 73 15 30 23 64 99 ac 47 f1 30 10 cf 1b 64 0b d2 41 a0 af 01 cf 00 69 7d 59 3f 78 85 ab 5d 99 59 0c d3 07 63 2d 37 10 27 28 bc a8 18 ba 28 bc b3 78 c8 1a 01 14 45 23 64 82 b1 35 f0 45 10 cf 00 79 45 5f 0c 57 fb 33 a1 da 7b 4b ef 34 bb b2 2c d3 07 68 08 42 22 11 99 ac 5c ec 42 11 ba 1b 64 2c 43 0b 56 8f 28 bc b3 40 4c ef 41 a0 cf 13 74 c8 98 f0 b0 40 f0 45 Data Ascii: K\A<<E@0Y0XEE7dE-0WDCYyY0>F,b,{iY1DNDCYmXDqpEXDFCY1ECY1E-Y0Z0js0#dG0dAi}Y?x]Yc-7'((xE#d5EyE_W3{K4,hB"\Bd,CV(@LAt@E
2024-07-31 09:13:32 UTC	8184	IN	Data Raw: db 80 63 06 f2 94 0c d1 18 67 51 79 d1 28 7c 54 0b d0 45 7c 5c 0f 05 15 18 66 10 c7 b4 64 0b d2 30 10 cf a9 0c c8 41 79 dd 9f 2d 4c c0 91 ce b1 8b 58 44 43 15 ba 5d df f9 45 43 18 ba 90 0d d3 bc 0b 6a 0a db a5 67 0c c8 02 39 10 97 97 0d 70 81 79 8b 8f 10 c9 04 a6 79 db bc a5 4b c4 c6 31 58 44 19 cf 8b 14 ba a8 c7 b9 7b 0f d2 ce 10 cf b3 0c c0 b2 39 10 7f 87 36 16 11 ba 5b 0d 63 82 37 b6 78 6b 84 14 cd 70 11 e2 90 bb 4d d1 b7 59 31 14 cf 5d 7a e2 58 31 10 cf 5e 05 c8 91 b2 b9 7b 10 cf 53 15 ba 52 0c d3 06 4b 14 02 90 0d 6b 84 0a 8a f8 10 97 90 09 78 96 44 5d 0c 63 81 37 e9 7c d3 bd 11 cf ba 11 ba b0 0c d3 9c a8 fb 79 db bb a7 30 4c 11 ba 97 ac 09 4e 43 59 7d d3 41 aa e4 42 59 79 d3 42 10 cf 4b 15 b8 59 0c d3 42 0b d2 39 14 cd 19 4c 0b d2 37 10 cf 50 08 ca Data Ascii: cgQy(\|TE\|\fd0Ay-LXDC]ECjg9pyyK1XD{96[c7xkpMY1]zX1^{SRKkxD]c7\|y0LNCY}ABYyBKYB9L7P
2024-07-31 09:13:32 UTC	8184	IN	Data Raw: 0c c8 94 d9 ee fc 58 44 0b d2 75 7c 6c 10 cf cb a1 31 58 44 10 cf 42 d3 39 d0 4f 19 cf 05 5d b4 98 3d 66 b3 9b d9 4d 7c 34 58 31 47 62 f7 25 46 d3 b4 c6 af 45 43 0c a7 83 c3 65 1e 58 31 af 0c 20 97 7d d5 03 59 0c 40 94 79 d3 91 b0 29 fb 59 31 14 27 9e fe 73 59 31 58 0c d3 89 ab c4 85 58 44 d8 38 67 61 31 2c 48 10 cf 07 7d 11 db e4 f0 47 43 59 cc 10 cf 04 60 13 6a f1 10 cf 34 60 1b 11 ba 2c 60 38 0c c8 25 15 30 0c db 80 03 18 6f 9b 88 14 cf 9f 10 b8 03 4c 11 cd 28 49 78 d1 3f 40 05 15 11 b2 b4 14 10 cf 4a 6a f1 11 cd 1b ac 0a d2 d9 11 cd 1b b4 0e d4 72 b0 0c d3 c0 67 d9 31 58 44 10 cf b9 d2 a5 7c cc 58 44 43 10 b8 1b 8c b0 90 12 59 31 1c cf 2c 60 07 15 bc 14 60 18 00 c8 dd 15 d0 44 58 44 70 90 b2 24 60 18 69 0b d2 e4 57 d0 99 05 bc 97 79 73 95 10 c7 be a6 Data Ascii: XDu\|l1XDB9O]=fM\|4X1Gb%FECeX1 }Y@y)Y1'sY1XXD8ga1,H}GCY`j4`,`8%0oL(Ix?@Jjrg1XD\|XDCY1,``DXDp$`iWys
2024-07-31 09:13:32 UTC	16368	IN	Data Raw: 43 da d0 67 0c d3 86 0b 98 c9 5e 0c d5 48 8a 10 ba 5c 84 ae 00 8b 61 30 2c 69 10 c9 07 7d 71 d1 10 7c 14 ca 0d 15 00 08 d5 08 67 09 79 d5 10 7c 1c 0b d0 75 7c 64 14 c9 07 7d 11 10 c9 14 60 0b b1 3c a7 bb a7 af 58 b1 83 92 bb a7 c7 63 59 d9 92 8e a7 bb 84 59 38 58 44 58 ac dc 90 ce a7 c7 90 bb 0b da f5 60 87 94 88 8f 11 b8 04 60 50 13 0b da dd 78 0c 3b bd c8 96 d9 40 0b 58 44 0b da c9 a7 31 5c 77 98 b2 6b 10 cf 5d 13 19 55 31 e1 46 58 44 43 da ce 59 31 51 04 c7 e1 f9 58 44 58 31 4e 62 c8 2d 64 ae c4 c3 59 31 58 45 2c 53 ab bb 7f 58 44 e1 45 43 59 31 10 cf 80 ac 96 17 31 58 0c 63 87 37 e7 ba 97 ac 91 0a 43 59 79 d3 8c a7 51 d3 e8 31 58 c1 98 31 e9 a6 24 b6 f6 58 44 c8 81 ba 97 ac a9 09 43 59 79 d3 93 14 c9 46 aa 68 54 44 db a6 7c 11 ba 97 0c 99 bd 45 11 bc Data Ascii: Cg^H\a0,i}q\|gy\|u\|d}`<XcYY8XDX``Px;@XD1\wk]U1FXDCY1QXDX1Nb-dY1XE,SXDECY11Xc7CYyQ1X1$XDCYyFhTD\|E
2024-07-31 09:13:32 UTC	8184	IN	Data Raw: ba be 0c d5 c9 67 5a 31 58 0c 57 07 89 15 bc dd 60 5b 44 43 1c 3e 1a a6 10 cd 0f 7d 41 57 d6 98 0c ce 0c b5 11 4b 1b 94 c7 99 79 d1 10 7c 0c 06 56 74 8e 01 6b b2 06 6a f8 1c cd ed b4 47 59 31 1d c1 bc 4b c7 4c 30 58 44 1a cf 77 d0 70 d3 85 dd b2 36 78 74 63 8a 57 c1 b6 59 31 58 06 79 f0 ce ad 35 58 44 1d c9 32 58 75 d1 f1 a8 40 43 59 d8 85 44 58 44 06 6a ea 1d cf 99 01 c6 8b 3e dc fe 58 44 43 18 ba 81 b3 83 05 c0 a1 42 2c 19 19 cf bb 1c 0a 9e 31 4a c7 e7 e4 c5 5c 44 58 44 02 d4 71 59 cd dd b4 47 59 31 1a c9 5c 47 02 a6 f1 d3 50 da cf c7 e4 c5 5c 44 58 0c 4c f6 e7 10 47 88 05 c8 9a 79 5b 94 1a c9 47 5a 7d d3 9e d1 d0 fe ad 35 58 44 1c cf f6 a9 35 58 44 11 85 a8 79 70 63 86 2c 43 0b d2 65 7c 0c b3 d9 06 dc ea 2c 09 19 c7 bb 2a 3e dc 27 59 44 43 18 ba 88 01 Data Ascii: gZ1XW`[DC>}AWKy\|VtkjGY1KL0XDwp6xtcWY1Xy5XD2Xu@CYDXDj>XDCB,1J\DXDqYGY1\GP\DXLGy[GZ}5XD5XDypc,Ce\|,*>'YDC
2024-07-31 09:13:32 UTC	16384	IN	Data Raw: 7c 00 57 d0 83 a6 f1 1c cf 98 00 c8 a1 d9 34 83 a7 bb 0b da c9 a7 4b dc 90 41 59 31 19 c9 1d bb 0f d2 5c ef 0c 3b bc 0b 5a cf b1 96 58 44 43 56 87 5e 0d d3 91 0b 72 e7 12 4b e6 f8 7b 29 12 5a 44 d5 0b 42 11 52 99 0c 63 86 4c d6 24 5a 44 58 c7 ba 5d 7d d1 11 8f 05 c8 9b 79 d1 31 87 4b d7 99 7d d5 09 8f bb 83 11 bc 0d 9b 1c cf 83 11 bc 14 60 1c cf 9b b1 35 9f bb a7 0c c0 a1 ce 57 c0 34 46 43 59 79 5b ba 1c cf b8 b2 44 10 c9 5d 2f a2 a7 ce 12 cf cc a4 43 40 3c 58 06 d2 08 b1 64 c7 99 40 2c 65 01 d3 75 aa 7a d8 a5 b8 d1 74 57 05 e0 46 43 59 31 d2 42 1a cc 0f ab 0c 10 c9 0d 4b cb 1c 21 b3 6c b0 53 ca a6 ce 57 f2 56 77 91 3f 08 4c 0c 25 56 0b a6 f6 11 7f a5 4b c0 8d 30 58 44 1c c9 01 5b da 5b 09 d3 83 0b d2 e7 10 c9 14 60 07 b1 9b 34 bb a7 c7 bb a6 3e dc ab 59 Data Ascii: \|W4KAY1\;ZXDCV^rK{)ZDBRcL$ZDX]}y1K}`5W4FCYy[D]/C@<Xd@,euztWFCY1BK!lSWVw?L%VK0XD[[`4>Y
2024-07-31 09:13:32 UTC	8168	IN	Data Raw: 0e 69 b1 25 1c 58 30 2f 11 ba 1d 74 10 cf 4b 11 b8 15 6c 10 cf 06 71 b0 60 27 2b 29 a3 2c 64 10 cf 1d 6c c0 21 29 5c 31 13 0c c8 1c 19 d9 3c 78 64 46 ca 28 2c 5e 10 cf 06 71 b0 20 64 79 41 d0 40 45 55 0c d3 01 6b d8 49 78 66 5d d7 5a 2c 15 b0 89 b2 ba bc 11 ba 15 6c 10 cd 0b 79 79 d3 01 68 0c c8 01 39 b0 fc b2 ba bc 11 b8 00 6c b0 a3 61 a6 ce c8 83 1d 64 43 59 31 58 cf 1d 64 0b da f5 70 19 03 87 8f 19 64 10 c7 b4 64 0b d2 db 10 c7 25 64 43 2c 3b 10 cf 15 04 ab 8a 7b a7 bb c8 0c c8 14 71 b0 b5 1d bb bc c9 79 db 80 78 19 80 95 71 0d 0c db a8 63 11 ba b2 0c d3 09 73 11 b2 9c 64 05 ad 91 1c ce a7 88 18 11 0b da dd 68 0c d3 ae 0b d2 7c 38 0c db 80 73 04 d8 e2 01 a7 bb 8f 19 64 10 c7 b4 64 0b d2 db 10 cf 1d 0c c8 51 79 db 80 78 19 aa f5 59 a7 bb 94 04 16 11 b2 Data Ascii: i%X0/tKlq`'+),dl!)\1<xdF(,^q dyA@EUkIxf]Z,lyyh9ladCY1Xdpdd%dC,;{qyxqcsdh\|8sddQyxY

Target ID:	0
Start time:	05:13:27
Start date:	31/07/2024
Path:	C:\Users\user\Desktop\setup#U67e5#U8be2.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\setup#U67e5#U8be2.exe"
Imagebase:	0x7ff60b620000
File size:	21'120'512 bytes
MD5 hash:	481DDF452DECFCC566D5047D89001F8C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report setup#U67e5#U8be2.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Data Obfuscation

Malware Analysis System Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

System Behavior

Analysis Process: setup#U67e5#U8be2.exePID: 7136, Parent PID: 4004

General

Chronological Activities

Disassembly

Windows Analysis Report
setup#U67e5#U8be2.exe