Windows Analysis Report
7rtK9LWbTc.exe

Overview

General Information

Sample name: 7rtK9LWbTc.exe
renamed because original name is a hash value
Original sample name: 1530387224130061e6087f1c57655891a251895e.exe
Analysis ID: 1546801
MD5: d0930dc6939b931c258795a16b59c2cf
SHA1: 1530387224130061e6087f1c57655891a251895e
SHA256: 5cc4012aaf7b2da15f12a47279c9b5c634e8d2daf6e93dff0492cdbc73ba9e7d
Tags: exeReversingLabsuser-NDA0E
Infos:

Detection

Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
AI detected suspicious sample
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Self deletion via cmd or bat file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Found decision node followed by non-executed suspicious APIs
Found evasive API chain (may stop execution after checking a module file name)
Internet Provider seen in connection with other malware
PE file contains an invalid checksum
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: 7rtK9LWbTc.exe Avira: detected
Antivirus detection for dropped file
Source: C:\ProgramData\Graphics\guifx.exe Avira: detection malicious, Label: TR/Agent.fjnu
Multi AV Scanner detection for submitted file
Source: 7rtK9LWbTc.exe ReversingLabs: Detection: 97%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 98.9% probability
Machine Learning detection for dropped file
Source: C:\ProgramData\Graphics\guifx.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: 7rtK9LWbTc.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: 7rtK9LWbTc.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: 7rtK9LWbTc.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdb source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdbA source: 7rtK9LWbTc.exe, guifx.exe.0.dr

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49746 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49713 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49734 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49737 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49717 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49721 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49748 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49742 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49718 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:49732 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56628 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56631 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56607 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56637 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56344 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56131 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56614 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56421 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56300 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:56597 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62621 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61379 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61429 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62636 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62650 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61480 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61519 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62291 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:62622 -> 165.194.123.67:443
Source: Network traffic Suricata IDS: 2824976 - Severity 1 - ETPRO MALWARE Lazarus Rifle/Agent.RTC Checkin : 192.168.2.3:61619 -> 165.194.123.67:443
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CAUNET-AS-KRChung-AngUniversityKR CAUNET-AS-KRChung-AngUniversityKR
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.3:52231
Source: Network traffic Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 4.175.87.197:443 -> 192.168.2.3:56234
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: unknown TCP traffic detected without corresponding DNS query: 165.194.123.67
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC27E0 WSAStartup,Sleep,Sleep,recv,closesocket,Sleep, 0_2_00BC27E0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://ocsp.thawte.com0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://sf.symcb.com/sf.crl0f
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://sf.symcb.com/sf.crt0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://sf.symcd.com0&
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: http://www.initech.com0
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: https://d.symcb.com/cps0%
Source: 7rtK9LWbTc.exe, guifx.exe.0.dr String found in binary or memory: https://d.symcb.com/rpa0
Source: unknown Network traffic detected: HTTP traffic on port 57084 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59265 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62435 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61580 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52633 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61109 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50440 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60266 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52645 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50464 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51319 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50439 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63303 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61122 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61592 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60278 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62411 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52608 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62447 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51320 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59290 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62460 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61134 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60229 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63315 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51753 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60230 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59289 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62459 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57047 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63327 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61543 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59277 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60291 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60217 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51307 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57035 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60687 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52621 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56180 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61146 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53848
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53847
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53846
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53845
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53844
Source: unknown Network traffic detected: HTTP traffic on port 50873 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53537 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53843
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53842
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53841
Source: unknown Network traffic detected: HTTP traffic on port 62496 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53851
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53850
Source: unknown Network traffic detected: HTTP traffic on port 60675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61158 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53855
Source: unknown Network traffic detected: HTTP traffic on port 62868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53852
Source: unknown Network traffic detected: HTTP traffic on port 53910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50885 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51207
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51208
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53869
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51205
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53868
Source: unknown Network traffic detected: HTTP traffic on port 57011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53867
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51209
Source: unknown Network traffic detected: HTTP traffic on port 58348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53862
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51200
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53861
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51203
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53866
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51204
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53865
Source: unknown Network traffic detected: HTTP traffic on port 54851 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56192 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53864
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51201
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51202
Source: unknown Network traffic detected: HTTP traffic on port 59228 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62472 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53525 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62484 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51218
Source: unknown Network traffic detected: HTTP traffic on port 53922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51219
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53879
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51217
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53878
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51210
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53873
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51211
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53871
Source: unknown Network traffic detected: HTTP traffic on port 58336 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53870
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53877
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51215
Source: unknown Network traffic detected: HTTP traffic on port 50897 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53876
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51212
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53875
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53874
Source: unknown Network traffic detected: HTTP traffic on port 52212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51213
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53880
Source: unknown Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60663 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61555 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53805
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60651 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53800
Source: unknown Network traffic detected: HTTP traffic on port 54838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55299 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61183 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58324 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53809
Source: unknown Network traffic detected: HTTP traffic on port 62893 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53812
Source: unknown Network traffic detected: HTTP traffic on port 61976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53818
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53817
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53816
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53811
Source: unknown Network traffic detected: HTTP traffic on port 61567 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62881 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53810
Source: unknown Network traffic detected: HTTP traffic on port 53501 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50476 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53824
Source: unknown Network traffic detected: HTTP traffic on port 59649 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53823
Source: unknown Network traffic detected: HTTP traffic on port 51790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53829
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53827
Source: unknown Network traffic detected: HTTP traffic on port 55287 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53820
Source: unknown Network traffic detected: HTTP traffic on port 58312 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61171 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61579 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53837
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53836
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53835
Source: unknown Network traffic detected: HTTP traffic on port 54430 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53834
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53833
Source: unknown Network traffic detected: HTTP traffic on port 53513 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53832
Source: unknown Network traffic detected: HTTP traffic on port 50488 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53831
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53830
Source: unknown Network traffic detected: HTTP traffic on port 59241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63131
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63130
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51144
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51145
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51142
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51143
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51148
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51149
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51146
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51147
Source: unknown Network traffic detected: HTTP traffic on port 56623 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63129
Source: unknown Network traffic detected: HTTP traffic on port 59637 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51151
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51152
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51150
Source: unknown Network traffic detected: HTTP traffic on port 53598 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63122
Source: unknown Network traffic detected: HTTP traffic on port 60626 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63121
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63126
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63125
Source: unknown Network traffic detected: HTTP traffic on port 53116 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63140
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63142
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63141
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51155
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51156
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51153
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51159
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51157
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51158
Source: unknown Network traffic detected: HTTP traffic on port 54442 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51162
Source: unknown Network traffic detected: HTTP traffic on port 57456 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51163
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51160
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51161
Source: unknown Network traffic detected: HTTP traffic on port 50812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63133
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63132
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63135
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63134
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63137
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63136
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63139
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63138
Source: unknown Network traffic detected: HTTP traffic on port 56635 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63151
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63150
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63153
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63152
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51166
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51167
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51164
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51165
Source: unknown Network traffic detected: HTTP traffic on port 60638 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51168
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51169
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51170
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51171
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51172
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63144
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63143
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63146
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63145
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63148
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63147
Source: unknown Network traffic detected: HTTP traffic on port 59625 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63149
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63160
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63162
Source: unknown Network traffic detected: HTTP traffic on port 50824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63161
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63164
Source: unknown Network traffic detected: HTTP traffic on port 57444 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63163
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51177
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51178
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51175
Source: unknown Network traffic detected: HTTP traffic on port 53104 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51176
Source: unknown Network traffic detected: HTTP traffic on port 61195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51179
Source: unknown Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51180
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51181
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51184
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51185
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51182
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51183
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63155
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63154
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63157
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63156
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63159
Source: unknown Network traffic detected: HTTP traffic on port 53562 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63158
Source: unknown Network traffic detected: HTTP traffic on port 54454 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51108
Source: unknown Network traffic detected: HTTP traffic on port 56576 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51109
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53769
Source: unknown Network traffic detected: HTTP traffic on port 59601 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51107
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53768
Source: unknown Network traffic detected: HTTP traffic on port 54395 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51100
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53762
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53761
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53760
Source: unknown Network traffic detected: HTTP traffic on port 57420 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51104
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51105
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51102
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51103
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53764
Source: unknown Network traffic detected: HTTP traffic on port 61988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53770
Source: unknown Network traffic detected: HTTP traffic on port 63376 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57503 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51119
Source: unknown Network traffic detected: HTTP traffic on port 56659 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51118
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51112
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51116
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51113
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53776
Source: unknown Network traffic detected: HTTP traffic on port 54466 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59613 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51114
Source: unknown Network traffic detected: HTTP traffic on port 53550 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53775
Source: unknown Network traffic detected: HTTP traffic on port 56564 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56588 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53780
Source: unknown Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 60602 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51128
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51129
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51122
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51123
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51120
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51121
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53782
Source: unknown Network traffic detected: HTTP traffic on port 57493 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51126
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51127
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51124
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53787
Source: unknown Network traffic detected: HTTP traffic on port 63388 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51125
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53786
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63108
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63107
Source: unknown Network traffic detected: HTTP traffic on port 50836 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63109
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51130
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53791
Source: unknown Network traffic detected: HTTP traffic on port 57432 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53790
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63102
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63101
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63104
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63103
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63106
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63105
Source: unknown Network traffic detected: HTTP traffic on port 54478 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51139
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63120
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51133
Source: unknown Network traffic detected: HTTP traffic on port 52694 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53796
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51134
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51131
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51132
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51137
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51138
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51135
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51136
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 53797
Source: unknown Network traffic detected: HTTP traffic on port 60614 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56647 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63119
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63118
Source: unknown Network traffic detected: HTTP traffic on port 53549 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51140
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51141
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63111
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63110
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63113
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63112
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63115
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63114
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63117
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63116
Source: unknown Network traffic detected: HTTP traffic on port 52682 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56540 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61531 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 54491 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58361 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57527 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 58373 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57515 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 55706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 61518 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56527 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 56552 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 51716 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 57481 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 53491 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 52670 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 63339 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63171
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63170
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63173
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63172
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63175
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 63174
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51188
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51189
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51186
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51187
Source: unknown Network traffic detected: HTTP traffic on port 63293 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51191
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51192
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51190
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51195
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51196
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51193
Source: unknown Network traffic detected: HTTP traffic on port 58385 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 51194
Detected potential crypto function
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC12A0 0_2_00BC12A0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC10C0 0_2_00BC10C0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC1020 0_2_00BC1020
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F712A0 1_2_00F712A0
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F710C0 1_2_00F710C0
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F71020 1_2_00F71020
Sample file is different than original file name gathered from version info
Source: 7rtK9LWbTc.exe, 00000000.00000000.1405883459.0000000000BD4000.00000002.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exe, 00000000.00000002.1714258287.0000000002480000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exe, 00000000.00000002.1713818622.0000000000A24000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameCmY vs 7rtK9LWbTc.exe
Source: 7rtK9LWbTc.exe Binary or memory string: OriginalFilenameInitech Client> vs 7rtK9LWbTc.exe
Uses 32bit PE files
Source: 7rtK9LWbTc.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: classification engine Classification label: mal92.evad.winEXE@8/2@0/1
Source: C:\ProgramData\Graphics\guifx.exe Mutant created: \Sessions\1\BaseNamedObjects\MUTEX394039_4830023
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1796:120:WilError_03
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Command line argument: /run 0_2_00BC2C50
Source: C:\ProgramData\Graphics\guifx.exe Command line argument: /run 1_2_00F72C50
Source: 7rtK9LWbTc.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe File read: C:\Users\user\Desktop\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: 7rtK9LWbTc.exe ReversingLabs: Detection: 97%
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe File read: C:\Users\user\Desktop\7rtK9LWbTc.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\7rtK9LWbTc.exe "C:\Users\user\Desktop\7rtK9LWbTc.exe"
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: unknown Process created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: unknown Process created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: C:\ProgramData\Graphics\guifx.exe "C:\ProgramData\Graphics\guifx.exe" /run Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: virtdisk.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: fltlib.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: netutils.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: wininet.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\ProgramData\Graphics\guifx.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32 Jump to behavior
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: 7rtK9LWbTc.exe Static PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: 7rtK9LWbTc.exe Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdb source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: Binary string: E:\Data\My Projects\Troy Source Code\tcp1st\rifle\Release\rifle.pdbA source: 7rtK9LWbTc.exe, guifx.exe.0.dr
Source: 7rtK9LWbTc.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: 7rtK9LWbTc.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: 7rtK9LWbTc.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: 7rtK9LWbTc.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: 7rtK9LWbTc.exe Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC8E5C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_00BC8E5C
PE file contains an invalid checksum
Source: guifx.exe.0.dr Static PE information: real checksum: 0x14886 should be: 0x2294b
Source: 7rtK9LWbTc.exe Static PE information: real checksum: 0x14886 should be: 0x1da2f
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC76E5 push ecx; ret 0_2_00BC76F8
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F776E5 push ecx; ret 1_2_00F776F8
Drops PE files
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe File created: C:\ProgramData\Graphics\guifx.exe Jump to dropped file
Drops PE files to the application program directory (C:\ProgramData)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe File created: C:\ProgramData\Graphics\guifx.exe Jump to dropped file
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graphics Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Graphics Jump to behavior

Hooking and other Techniques for Hiding and Protection
barindex
Self deletion via cmd or bat file
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Source: C:\ProgramData\Graphics\guifx.exe Evasive API call chain: CreateMutex,DecisionNodes,Sleep
Contains functionality to query network adapater information
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: _malloc,_free,GetAdaptersInfo,HeapReAlloc,GetLastError,GetLastError, 0_2_00BC306D
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: GetComputerNameA,_malloc,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,_sprintf,_sprintf,_free, 0_2_00BC17E0
Source: C:\ProgramData\Graphics\guifx.exe Code function: GetComputerNameA,_malloc,GetAdaptersInfo,GetAdaptersInfo,GetAdaptersInfo,_sprintf,_sprintf,_free, 1_2_00F717E0
Source: C:\ProgramData\Graphics\guifx.exe Code function: _malloc,_free,GetAdaptersInfo,HeapReAlloc,GetLastError,GetLastError, 1_2_00F7306D
Found decision node followed by non-executed suspicious APIs
Source: C:\ProgramData\Graphics\guifx.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Found evasive API chain (may stop execution after checking a module file name)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Source: C:\ProgramData\Graphics\guifx.exe Evasive API call chain: GetModuleFileName,DecisionNodes,Sleep
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: 7rtK9LWbTc.exe, 00000000.00000002.1713818622.0000000000A24000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: guifx.exe, 00000001.00000002.2667057368.00000000008D9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\ProgramData\Graphics\guifx.exe API call chain: ExitProcess graph end node
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC2D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00BC2D39
Contains functionality to dynamically determine API calls
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC8E5C LoadLibraryW,GetProcAddress,GetProcAddress,EncodePointer,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 0_2_00BC8E5C
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC1B60 recv,WSAGetLastError,Sleep,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree, 0_2_00BC1B60
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC6E85 SetUnhandledExceptionFilter, 0_2_00BC6E85
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC2D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 0_2_00BC2D39
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC4555 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 0_2_00BC4555
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F76E85 SetUnhandledExceptionFilter, 1_2_00F76E85
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F74555 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, 1_2_00F74555
Source: C:\ProgramData\Graphics\guifx.exe Code function: 1_2_00F72D39 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, 1_2_00F72D39
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Process created: C:\Windows\SysWOW64\cmd.exe "C:\windows\system32\cmd.exe" /c del /q "C:\Users\user\Desktop\7rtK9LWbTc.exe" >> NUL Jump to behavior
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC788F GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter, 0_2_00BC788F
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC19A0 GetUserNameA,_sprintf,lstrlenA,WSAStartup,gethostname,gethostbyname,WSACleanup, 0_2_00BC19A0
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC5E9B __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte, 0_2_00BC5E9B
Source: C:\Users\user\Desktop\7rtK9LWbTc.exe Code function: 0_2_00BC1720 _memset,GetVersionExA,GetVersionExA,GetVersionExA,wsprintfA, 0_2_00BC1720
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1546801 Sample: 7rtK9LWbTc.exe Startdate: 01/11/2024 Architecture: WINDOWS Score: 92 33 Suricata IDS alerts for network traffic 2->33 35 Antivirus / Scanner detection for submitted sample 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 2 other signatures 2->39 7 7rtK9LWbTc.exe 1 3 2->7         started        11 guifx.exe 2->11         started        13 guifx.exe 2->13         started        process3 file4 23 C:\ProgramDatabehaviorgraphraphics\guifx.exe, PE32 7->23 dropped 41 Found evasive API chain (may stop execution after checking mutex) 7->41 43 Self deletion via cmd or bat file 7->43 15 guifx.exe 7->15         started        19 cmd.exe 1 7->19         started        signatures5 process6 dnsIp7 25 165.194.123.67, 443, 49709, 49710 CAUNET-AS-KRChung-AngUniversityKR Korea Republic of 15->25 27 Antivirus detection for dropped file 15->27 29 Found evasive API chain (may stop execution after checking mutex) 15->29 31 Machine Learning detection for dropped file 15->31 21 conhost.exe 19->21         started        signatures8 process9
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
165.194.123.67
 unknown Korea Republic of
17575 CAUNET-AS-KRChung-AngUniversityKR true