Edit tour
Windows
Analysis Report
9uB9RDznXl.exe
Overview
General Information
| Sample name: | 9uB9RDznXl.exerenamed because original name is a hash value |
| Original sample name: | dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258.exe |
| Analysis ID: | 1640718 |
| MD5: | accdbd5044408c82c19c977829713e4f |
| SHA1: | 070a001ac12139cc1238017d795a2b43ac52770d |
| SHA256: | dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258 |
| Infos: |  |
 | |
Detection
LummaC Stealer
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Detected non-DNS traffic on DNS port
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Yara detected Credential Stealer
Classification
- System is w10x64
9uB9RDznXl.exe (PID: 6816 cmdline: "C:\Users\ user\Deskt op\9uB9RDz nXl.exe" MD5: ACCDBD5044408C82C19C977829713E4F)
- cleanup
{
"C2 url": [
"hardswarehub.today",
"gadgethgfub.icu",
"hardrwarehaven.run",
"techmindzs.live",
"codxefusion.top",
"quietswtreams.life",
"techspherxe.top"
],
"Build id": "6JVBTX--"
}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_2 | Yara detected LummaC Stealer | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_LummaCStealer_4 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer_3 | Yara detected LummaC Stealer | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_LummaCStealer | Yara detected LummaC Stealer | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.153843+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49722 | 149.154.167.99 | 443 | TCP |
| 2025-03-17T16:09:49.337598+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.938568+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:51.685393+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49725 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:52.749356+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49726 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:54.001942+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49727 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:56.096930+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:57.576373+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49733 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:59.496506+0100 | 2028371 | 3 | Unknown Traffic | 192.168.2.5 | 49736 | 172.67.212.102 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:49.474583+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:50.518726+0100 | 2054653 | 1 | A Network Trojan was detected | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:49.474583+0100 | 2049836 | 1 | A Network Trojan was detected | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:49.337598+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.938568+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:51.685393+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49725 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:52.749356+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49726 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:54.001942+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49727 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:56.096930+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:57.576373+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49733 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:59.496506+0100 | 2060531 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 49736 | 172.67.212.102 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.520822+0100 | 2060530 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 55483 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.477052+0100 | 2060538 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 50858 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.487397+0100 | 2060542 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 63369 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.465149+0100 | 2060545 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 60466 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.506277+0100 | 2060565 | 1 | Domain Observed Used for C2 Detected | 192.168.2.5 | 58730 | 1.1.1.1 | 53 | UDP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:56.636126+0100 | 2048094 | 1 | Malware Command and Control Activity Detected | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
- • Lowering of HIPS / PFW / Operating System Security Settings
- • Stealing of Sensitive Information
- • Remote Access Functionality
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | String decryptor: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | URLs: | ||
| Source: | TCP traffic: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | WMI Queries: | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | WMI Queries: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | Directory queried: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 12 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 21 Virtualization/Sandbox Evasion | 1 OS Credential Dumping | 221 Security Software Discovery | Remote Services | 31 Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 21 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | 3 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 4 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | 1 File and Directory Discovery | Distributed Component Object Model | Input Capture | 115 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | 22 System Information Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 77% | Virustotal | Browse | ||
| 83% | ReversingLabs | Win32.Spyware.Lummastealer | ||
| 100% | Avira | TR/AD.Nekark.sbdyl |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware | ||
| 100% | Avira URL Cloud | malware |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| codxefusion.top | 172.67.212.102 | true | false | high | |
| t.me | 149.154.167.99 | true | false | high | |
| hardswarehub.today | unknown | unknown | false | high | |
| socialsscesforum.icu | unknown | unknown | false | unknown | |
| techmindzs.live | unknown | unknown | true | unknown | |
| gadgethgfub.icu | unknown | unknown | false | high | |
| hardrwarehaven.run | unknown | unknown | true | unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| false | high | ||
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.67.212.102 | codxefusion.top | United States | 13335 | CLOUDFLARENETUS | false | |
| 149.154.167.99 | t.me | United Kingdom | 62041 | TELEGRAMRU | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1640718 |
| Start date and time: | 2025-03-17 16:08:46 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 4m 4s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 10 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | 9uB9RDznXl.exerenamed because original name is a hash value |
| Original Sample Name: | dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@1/0@7/2 |
| Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, d llhost.exe, BackgroundTransfer Host.exe, WMIADAP.exe, SIHClie nt.exe, backgroundTaskHost.exe , conhost.exe, svchost.exe - Excluded IPs from analysis (wh
itelisted): 23.60.203.209, 4.2 45.163.56, 20.103.156.88, 150. 171.28.10, 2.19.96.115 - Excluded domains from analysis
(whitelisted): www.bing.com, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0. 0.5.0.0.0.0.0.8.0.0.3.0.1.3.0. 6.2.ip6.arpa, fs.microsoft.com , slscr.update.microsoft.com, g.bing.com, prod.fs.microsoft. com.akadns.net, fs-wildcard.mi crosoft.com.edgekey.net, fs-wi ldcard.microsoft.com.edgekey.n et.globalredir.akadns.net, e16 604.dscf.akamaiedge.net, arc.m sn.com, fe3cr.delivery.mp.micr osoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenFile calls found . - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Some HTTPS proxied raw data pa
ckets have been limited to 10 per session. Please view the P CAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 11:09:48 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 172.67.212.102 | Get hash | malicious | Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar | Browse | ||
| Get hash | malicious | LummaC Stealer | Browse | |||
| Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse | |||
| 149.154.167.99 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Cinoshi Stealer | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| t.me | Get hash | malicious | LummaC Stealer | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, RHADAMANTHYS | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| codxefusion.top | Get hash | malicious | Amadey, LummaC Stealer, PureLog Stealer, Stealc, Vidar | Browse |
| |
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer, PureLog Stealer | Browse |
| ||
| Get hash | malicious | Amadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRAT | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | WhiteSnake Stealer | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Phisher | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| a0e9f5d64349fb13191bc781f81f42e1 | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GhostRat, Mimikatz, Nitol | Browse |
|
⊘No context
⊘No created / dropped files found
| File type: | |
| Entropy (8bit): | 4.852022474951185 |
| TrID: |
|
| File name: | 9uB9RDznXl.exe |
| File size: | 7'974'400 bytes |
| MD5: | accdbd5044408c82c19c977829713e4f |
| SHA1: | 070a001ac12139cc1238017d795a2b43ac52770d |
| SHA256: | dfa2ab0714c9f234b63fd1295ce468bd247465701a90b8a9ab9eb3d6d032d258 |
| SHA512: | 34fe4ec1307e7d45080b6e0fb093eb8f1d43fb71a3e3411e32a5798f9cacc69ea1b82d56fcf9e503dd22c51e9af92fde7c149ac5882af4daab5c3cb906cdeb85 |
| SSDEEP: | 98304:fYRhnYdlvIib45D+ZicbrZRutIvD0wi9Q1Tjr+RTO7EC5pqQ5eoQQMgX3Q6jEd8O:5H8QK2GcJL |
| TLSH: | 76866260D0179442E9D2387C9B403ADAF42A28F62E574970760E7E2CFC99918E7F9F17 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7...s...s...s...b...r...8...v...s...o.......r.....k.r.......r...Richs...................PE..L......g...............+..v........ |
 | |
| Icon Hash: | 0f2b397453112b0f |
| Entrypoint: | 0x4014c0 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x67C510AF [Mon Mar 3 02:15:11 2025 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 2b3730cda46affc8837a7df18591704a |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| sub esp, 00000418h |
| call 00007FD7B0F9E357h |
| movzx eax, al |
| test eax, eax |
| jne 00007FD7B0F9E30Bh |
| push 00000001h |
| call dword ptr [00B6F028h] |
| nop |
| call 00007FD7B0F9DFB2h |
| push 00000104h |
| lea ecx, dword ptr [ebp-0000020Ch] |
| push ecx |
| push 00000000h |
| call dword ptr [00B6F038h] |
| lea edx, dword ptr [ebp-00000418h] |
| push edx |
| push 00000104h |
| call dword ptr [00B6F008h] |
| call 00007FD7B0FB2127h |
| push 00000001h |
| call dword ptr [00B6F028h] |
| nop |
| mov esp, ebp |
| pop ebp |
| retn 0010h |
| int3 |
| int3 |
| int3 |
| push ebp |
| mov ebp, esp |
| sub esp, 2Ch |
| lea eax, dword ptr [ebp-2Ch] |
| push eax |
| call dword ptr [00B6F02Ch] |
| mov ecx, dword ptr [ebp-18h] |
| mov dword ptr [ebp-04h], ecx |
| cmp dword ptr [ebp-04h], 02h |
| jnc 00007FD7B0F9E306h |
| xor al, al |
| jmp 00007FD7B0F9E353h |
| push 00B6F078h |
| push 00B6F088h |
| call dword ptr [00B6F03Ch] |
| push eax |
| call dword ptr [00B6F040h] |
| test eax, eax |
| je 00007FD7B0F9E306h |
| xor al, al |
| jmp 00007FD7B0F9E334h |
| push 00B6F0A4h |
| call dword ptr [00B6F044h] |
| mov dword ptr [ebp-08h], eax |
| cmp dword ptr [ebp-08h], 00000000h |
| je 00007FD7B0F9E306h |
| xor al, al |
| jmp 00007FD7B0F9E31Ch |
| push 000007D0h |
| call 00007FD7B0F9E014h |
| add esp, 04h |
| movzx edx, al |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x76f214 | 0x3c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x771000 | 0x2b4b0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x79d000 | 0xcbc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x76f0b8 | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x76f000 | 0x78 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x76dd2b | 0x76de00 | f1cb89fa5c9e46045f02e8c15276e5e6 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x76f000 | 0x4d6 | 0x600 | feca90569e92c8e8352a08729f6e2a54 | False | 0.4537760416666667 | data | 4.3084225799617855 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x770000 | 0x50 | 0x200 | a6ce571490641746fab3ed64bebe94ea | False | 0.044921875 | data | 0.12227588125913882 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x771000 | 0x2b4b0 | 0x2b600 | f24ea25e3a9c418791d2c53d4feebfcd | False | 0.13140534942363113 | data | 4.41940658954128 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x79d000 | 0xcbc | 0xe00 | ea896715c57611e7b02ea0df87211b1c | False | 0.47293526785714285 | data | 3.89339994868857 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x772f20 | 0x13e0 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | 0.9901729559748428 | ||
| RT_ICON | 0x774300 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | 0.04153850703892109 | ||
| RT_ICON | 0x784b28 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | 0.07649253731343283 | ||
| RT_ICON | 0x78dfd0 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | 0.09658040665434381 | ||
| RT_ICON | 0x793458 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | 0.08904109589041095 | ||
| RT_ICON | 0x797680 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | 0.15435684647302905 | ||
| RT_ICON | 0x799c28 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | 0.1925422138836773 | ||
| RT_ICON | 0x79acd0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | 0.3094262295081967 | ||
| RT_ICON | 0x79b658 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | 0.4370567375886525 | ||
| RT_MENU | 0x771630 | 0x274 | data | 0.5509554140127388 | ||
| RT_MENU | 0x7718a8 | 0x368 | data | 0.551605504587156 | ||
| RT_MENU | 0x771c10 | 0x416 | data | 0.5296367112810707 | ||
| RT_MENU | 0x772028 | 0x288 | data | 0.5694444444444444 | ||
| RT_MENU | 0x7722b0 | 0x2c6 | Matlab v4 mat-file (little endian) Y, numeric, rows 5242896, columns 7340119, imaginary | 0.5535211267605634 | ||
| RT_MENU | 0x772578 | 0x300 | data | 0.5455729166666666 | ||
| RT_MENU | 0x772878 | 0x2f0 | data | 0.5558510638297872 | ||
| RT_MENU | 0x772b68 | 0x1d6 | data | 0.6063829787234043 | ||
| RT_DIALOG | 0x772d40 | 0x114 | data | 0.7282608695652174 | ||
| RT_STRING | 0x79bff0 | 0x92 | data | 0.7465753424657534 | ||
| RT_STRING | 0x79c088 | 0x17e | data | 0.6596858638743456 | ||
| RT_STRING | 0x79c208 | 0x1a2 | data | 0.6435406698564593 | ||
| RT_STRING | 0x79c3b0 | 0xfa | data | 0.676 | ||
| RT_ACCELERATOR | 0x772e58 | 0x30 | data | 0.8958333333333334 | ||
| RT_ACCELERATOR | 0x772e88 | 0x20 | data | 1.0625 | ||
| RT_ACCELERATOR | 0x772ea8 | 0x20 | data | 1.0625 | ||
| RT_ACCELERATOR | 0x772ec8 | 0x28 | data | 0.925 | ||
| RT_ACCELERATOR | 0x772ef0 | 0x30 | data | 0.8958333333333334 | ||
| RT_GROUP_ICON | 0x79bac0 | 0x84 | data | 0.7272727272727273 | ||
| RT_VERSION | 0x79bb48 | 0x4a4 | data | 0.4057239057239057 |
| DLL | Import |
|---|---|
| KERNEL32.dll | GetCommandLineA, GetEnvironmentStringsW, GetTempPathW, GetLastError, HeapAlloc, HeapFree, GetProcessHeap, SetCriticalSectionSpinCount, Sleep, GetCurrentProcess, ExitProcess, GetSystemInfo, GetVersion, GetTickCount, GetModuleFileNameW, GetModuleHandleW, GetProcAddress, LoadLibraryW, GlobalAlloc, GlobalFree, MultiByteToWideChar, ConvertDefaultLocale |
| USER32.dll | IsWindowVisible, GetWindowContextHelpId, MessageBoxA, GetWindowLongW, IsDialogMessageW, RegisterClassW |
| Description | Data |
|---|---|
| Comments | This program's analytics tools provide valuable insights into my performance |
| CompanyName | TechSphere Enterprises Technologies. |
| FileDescription | This program's analytics tools provide valuable insights into my performance |
| FileVersion | 9.1.22.897 |
| InternalName | TaskForgeApp |
| LegalCopyright | Copyright (C) 2022-2025 by TechSphere Enterprises Technologies. |
| OriginalFilename | CodeBridge.exe |
| ProductName | Task Manager DeLuxe |
| ProductVersion | 9.1.22.897 |
| Translation | 0x0409 0x04b0 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeDownload Network PCAP: filtered – full
| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-17T16:09:48.153843+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49722 | 149.154.167.99 | 443 | TCP |
| 2025-03-17T16:09:48.465149+0100 | 2060545 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hardswarehub .today) | 1 | 192.168.2.5 | 60466 | 1.1.1.1 | 53 | UDP |
| 2025-03-17T16:09:48.477052+0100 | 2060538 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gadgethgfub .icu) | 1 | 192.168.2.5 | 50858 | 1.1.1.1 | 53 | UDP |
| 2025-03-17T16:09:48.487397+0100 | 2060542 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (hardrwarehaven .run) | 1 | 192.168.2.5 | 63369 | 1.1.1.1 | 53 | UDP |
| 2025-03-17T16:09:48.506277+0100 | 2060565 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (techmindzs .live) | 1 | 192.168.2.5 | 58730 | 1.1.1.1 | 53 | UDP |
| 2025-03-17T16:09:48.520822+0100 | 2060530 | ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (codxefusion .top) | 1 | 192.168.2.5 | 55483 | 1.1.1.1 | 53 | UDP |
| 2025-03-17T16:09:49.337598+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.337598+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.474583+0100 | 2049836 | ET MALWARE Lumma Stealer Related Activity | 1 | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.474583+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.938568+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:49.938568+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:50.518726+0100 | 2054653 | ET MALWARE Lumma Stealer CnC Host Checkin | 1 | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:51.685393+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49725 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:51.685393+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49725 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:52.749356+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49726 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:52.749356+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49726 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:54.001942+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49727 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:54.001942+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49727 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:56.096930+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:56.096930+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:56.636126+0100 | 2048094 | ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration | 1 | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:57.576373+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49733 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:57.576373+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49733 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:59.496506+0100 | 2060531 | ET MALWARE Observed Win32/Lumma Stealer Related Domain (codxefusion .top in TLS SNI) | 1 | 192.168.2.5 | 49736 | 172.67.212.102 | 443 | TCP |
| 2025-03-17T16:09:59.496506+0100 | 2028371 | ET JA3 Hash - Possible Malware - Fake Firefox Font Update | 3 | 192.168.2.5 | 49736 | 172.67.212.102 | 443 | TCP |
- Total Packets: 118
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 17, 2025 16:09:47.543845892 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:47.543905020 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:47.543989897 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:47.545015097 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:47.545030117 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.153708935 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.153842926 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.163578987 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.163590908 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.163840055 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.207134008 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.248330116 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423469067 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423491001 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423497915 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423527002 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423573017 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.423590899 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.423650026 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.426372051 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.426393032 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.426403999 CET | 49722 | 443 | 192.168.2.5 | 149.154.167.99 |
| Mar 17, 2025 16:09:48.426409960 CET | 443 | 49722 | 149.154.167.99 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.867681026 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:48.867736101 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.867830992 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:48.868321896 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:48.868334055 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.337402105 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.337598085 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.339090109 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.339102030 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.339329004 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.340419054 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.340419054 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.340492964 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474590063 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474632025 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474663019 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474684954 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.474690914 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474700928 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474734068 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.474803925 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.474847078 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.478672981 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.478694916 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.478705883 CET | 49723 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.478710890 CET | 443 | 49723 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.480097055 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.480145931 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.480241060 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.480637074 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:49.480652094 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.938483953 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:49.938568115 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.014260054 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.014288902 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.014709949 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.016043901 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.016063929 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.016165018 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518678904 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518727064 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518750906 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518774986 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.518790007 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518800974 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518826008 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.518908024 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518969059 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.518985033 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.519000053 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.519042015 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.519048929 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.519432068 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.519470930 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.519478083 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.562195063 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.605281115 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605319023 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605446100 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605472088 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605484009 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.605509996 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605525017 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.605566978 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.605607033 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.741533041 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.741578102 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:50.741594076 CET | 49724 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:50.741600990 CET | 443 | 49724 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.099370003 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.099417925 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.099515915 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.099812031 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.099824905 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.685159922 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.685393095 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.686920881 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.686932087 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.687139988 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.688199997 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.688358068 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.688395977 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:51.688443899 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:51.688450098 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.175523043 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.175612926 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.175693035 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.175895929 CET | 49725 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.175913095 CET | 443 | 49725 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.283920050 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.283965111 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.284075022 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.284418106 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.284431934 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.749264002 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.749356031 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.757435083 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.757447004 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.757662058 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.759108067 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.759299040 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.759326935 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:52.759385109 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:52.759391069 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:53.273827076 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:53.273929119 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:53.274132013 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:53.274271011 CET | 49726 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:53.274287939 CET | 443 | 49726 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:53.545006990 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:53.545047045 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:53.545119047 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:53.545423985 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:53.545435905 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.001842022 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.001941919 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.003081083 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.003091097 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.003298044 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.004295111 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.004434109 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.004467010 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.004565001 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.004575968 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.577291012 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.577390909 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:54.577543974 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.577821970 CET | 49727 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:54.577840090 CET | 443 | 49727 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:55.606137037 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:55.606168032 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:55.606395006 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:55.606736898 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:55.606746912 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.096867085 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.096930027 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:56.098449945 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:56.098459959 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.098779917 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.099854946 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:56.099924088 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:56.099947929 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.636228085 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.636524916 CET | 443 | 49731 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:56.636559963 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:56.636596918 CET | 49731 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.108900070 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.108935118 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.109056950 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.109328985 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.109344006 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.576267958 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.576373100 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.577763081 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.577775955 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.578279018 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.579479933 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580282927 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580332994 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.580415964 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580463886 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.580549955 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580621958 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.580724001 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580764055 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.580872059 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.580899000 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.581024885 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.581047058 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.581056118 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.581141949 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.581176996 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590189934 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.590337038 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590373993 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590388060 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590487957 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.590789080 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590827942 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.590857029 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.591046095 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:57.591196060 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:57.595721960 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:59.342566013 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:59.342824936 CET | 443 | 49733 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:59.342911959 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:59.342991114 CET | 49733 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:59.363981009 CET | 49736 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:59.364015102 CET | 443 | 49736 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:59.364219904 CET | 49736 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:59.364461899 CET | 49736 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:09:59.364476919 CET | 443 | 49736 | 172.67.212.102 | 192.168.2.5 |
| Mar 17, 2025 16:09:59.496505976 CET | 49736 | 443 | 192.168.2.5 | 172.67.212.102 |
| Mar 17, 2025 16:10:20.753515005 CET | 54978 | 53 | 192.168.2.5 | 162.159.36.2 |
| Mar 17, 2025 16:10:20.758276939 CET | 53 | 54978 | 162.159.36.2 | 192.168.2.5 |
| Mar 17, 2025 16:10:20.758368015 CET | 54978 | 53 | 192.168.2.5 | 162.159.36.2 |
| Mar 17, 2025 16:10:20.763078928 CET | 53 | 54978 | 162.159.36.2 | 192.168.2.5 |
| Mar 17, 2025 16:10:21.211958885 CET | 54978 | 53 | 192.168.2.5 | 162.159.36.2 |
| Mar 17, 2025 16:10:21.216897011 CET | 53 | 54978 | 162.159.36.2 | 192.168.2.5 |
| Mar 17, 2025 16:10:21.217454910 CET | 54978 | 53 | 192.168.2.5 | 162.159.36.2 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 17, 2025 16:09:47.530329943 CET | 63713 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:47.538305998 CET | 53 | 63713 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.430882931 CET | 54960 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.460405111 CET | 53 | 54960 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.465148926 CET | 60466 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.474998951 CET | 53 | 60466 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.477051973 CET | 50858 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.486263990 CET | 53 | 50858 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.487396955 CET | 63369 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.496921062 CET | 53 | 63369 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.506277084 CET | 58730 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.518754959 CET | 53 | 58730 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:09:48.520822048 CET | 55483 | 53 | 192.168.2.5 | 1.1.1.1 |
| Mar 17, 2025 16:09:48.866296053 CET | 53 | 55483 | 1.1.1.1 | 192.168.2.5 |
| Mar 17, 2025 16:10:20.752909899 CET | 53 | 60967 | 162.159.36.2 | 192.168.2.5 |
| Mar 17, 2025 16:10:21.245206118 CET | 53 | 50356 | 1.1.1.1 | 192.168.2.5 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 17, 2025 16:09:47.530329943 CET | 192.168.2.5 | 1.1.1.1 | 0xad24 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.430882931 CET | 192.168.2.5 | 1.1.1.1 | 0x7443 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.465148926 CET | 192.168.2.5 | 1.1.1.1 | 0x9522 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.477051973 CET | 192.168.2.5 | 1.1.1.1 | 0xd1a6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.487396955 CET | 192.168.2.5 | 1.1.1.1 | 0x8ed0 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.506277084 CET | 192.168.2.5 | 1.1.1.1 | 0xa69d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.520822048 CET | 192.168.2.5 | 1.1.1.1 | 0x3e36 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 17, 2025 16:09:47.538305998 CET | 1.1.1.1 | 192.168.2.5 | 0xad24 | No error (0) | 149.154.167.99 | A (IP address) | IN (0x0001) | false | ||
| Mar 17, 2025 16:09:48.460405111 CET | 1.1.1.1 | 192.168.2.5 | 0x7443 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.474998951 CET | 1.1.1.1 | 192.168.2.5 | 0x9522 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.486263990 CET | 1.1.1.1 | 192.168.2.5 | 0xd1a6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.496921062 CET | 1.1.1.1 | 192.168.2.5 | 0x8ed0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.518754959 CET | 1.1.1.1 | 192.168.2.5 | 0xa69d | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
| Mar 17, 2025 16:09:48.866296053 CET | 1.1.1.1 | 192.168.2.5 | 0x3e36 | No error (0) | 172.67.212.102 | A (IP address) | IN (0x0001) | false | ||
| Mar 17, 2025 16:09:48.866296053 CET | 1.1.1.1 | 192.168.2.5 | 0x3e36 | No error (0) | 104.21.69.194 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.5 | 49722 | 149.154.167.99 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:48 UTC | 195 | OUT | |
| 2025-03-17 15:09:48 UTC | 511 | IN | |
| 2025-03-17 15:09:48 UTC | 12447 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.5 | 49723 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:49 UTC | 262 | OUT | |
| 2025-03-17 15:09:49 UTC | 8 | OUT | |
| 2025-03-17 15:09:49 UTC | 558 | IN | |
| 2025-03-17 15:09:49 UTC | 811 | IN | |
| 2025-03-17 15:09:49 UTC | 1369 | IN | |
| 2025-03-17 15:09:49 UTC | 1369 | IN | |
| 2025-03-17 15:09:49 UTC | 1007 | IN | |
| 2025-03-17 15:09:49 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.5 | 49724 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:50 UTC | 352 | OUT | |
| 2025-03-17 15:09:50 UTC | 43 | OUT | |
| 2025-03-17 15:09:50 UTC | 813 | IN | |
| 2025-03-17 15:09:50 UTC | 556 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 240 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN | |
| 2025-03-17 15:09:50 UTC | 1369 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.5 | 49725 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:51 UTC | 369 | OUT | |
| 2025-03-17 15:09:51 UTC | 14920 | OUT | |
| 2025-03-17 15:09:52 UTC | 815 | IN | |
| 2025-03-17 15:09:52 UTC | 20 | IN | |
| 2025-03-17 15:09:52 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.5 | 49726 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:52 UTC | 363 | OUT | |
| 2025-03-17 15:09:52 UTC | 15033 | OUT | |
| 2025-03-17 15:09:53 UTC | 815 | IN | |
| 2025-03-17 15:09:53 UTC | 20 | IN | |
| 2025-03-17 15:09:53 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.5 | 49727 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:54 UTC | 363 | OUT | |
| 2025-03-17 15:09:54 UTC | 15331 | OUT | |
| 2025-03-17 15:09:54 UTC | 5191 | OUT | |
| 2025-03-17 15:09:54 UTC | 814 | IN | |
| 2025-03-17 15:09:54 UTC | 20 | IN | |
| 2025-03-17 15:09:54 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.5 | 49731 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:56 UTC | 369 | OUT | |
| 2025-03-17 15:09:56 UTC | 2387 | OUT | |
| 2025-03-17 15:09:56 UTC | 805 | IN | |
| 2025-03-17 15:09:56 UTC | 20 | IN | |
| 2025-03-17 15:09:56 UTC | 5 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.5 | 49733 | 172.67.212.102 | 443 | 6816 | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-17 15:09:57 UTC | 362 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:57 UTC | 15331 | OUT | |
| 2025-03-17 15:09:59 UTC | 824 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 1 |
| Start time: | 11:09:43 |
| Start date: | 17/03/2025 |
| Path: | C:\Users\user\Desktop\9uB9RDznXl.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x7e0000 |
| File size: | 7'974'400 bytes |
| MD5 hash: | ACCDBD5044408C82C19C977829713E4F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
⊘No disassembly
