Windows
Analysis Report
lumber.exe
Overview
General Information
Detection
Score: | 92 |
Range: | 0 - 100 |
Confidence: | 100% |
Signatures
Classification
- System is w10x64
lumber.exe (PID: 6080 cmdline:
"C:\Users\ user\Deskt op\lumber. exe" MD5: 8C12EF792BB6E0BF3C7FD1A3CD46642A)
- cleanup
{
"Type": "Shell Reverse Http",
"URL": "http://54.158.34.216:8080/7Hsk2YaixMw38DbxUNIOiAZX-9aPyK-zT_U2iSasJx9jV9QpI3bF4FGfb_6gogRwb_I5htpqkHcOXW2GC3IVnOreL1LJ36bDtSCPFtK_2_byVOZkZqWrsqvyFf837ZYjEmyn6ni2BWxst55Y5nmdfA8mMvlYE98sHjuB8cPmCC"
}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MetasploitPayload | Yara detected Metasploit Payload | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_MetasploitPayload_3 | Yara detected Metasploit Payload | Joe Security | ||
Windows_Trojan_Metasploit_24338919 | Identifies metasploit wininet reverse shellcode. Also used by other tools (like beacon). | unknown |
|
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems): |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T21:39:43.793309+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49681 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:39:50.180004+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49683 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:39:55.402329+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49684 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:00.881414+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49687 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:06.175633+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49691 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:11.700788+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49692 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:16.918243+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49696 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:22.860811+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49699 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:28.078443+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49700 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:33.525928+0200 | 2028765 | 3 | Unknown Traffic | 192.168.2.7 | 49701 | 54.158.34.216 | 8080 | TCP |
- • AV Detection
- • Compliance
- • Networking
- • System Summary
- • Data Obfuscation
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Language, Device and Operating System Detection
- • Remote Access Functionality
Click to jump to signature section
AV Detection |
---|
Source: | Avira: |
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Binary string: |
Networking |
---|
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary |
---|
Source: | Matched rule: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 2 Software Packing | OS Credential Dumping | 1 Query Registry | Remote Services | Data from Local System | 1 Non-Standard Port | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | LSASS Memory | 1 Security Software Discovery | Remote Desktop Protocol | Data from Removable Media | 1 Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 1 Obfuscated Files or Information | Security Account Manager | 2 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
86% | Virustotal | Browse | ||
83% | ReversingLabs | Win32.Trojan.CryptZMarte | ||
100% | Avira | TR/Patched.Gen2 |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
bg.microsoft.map.fastly.net | 199.232.210.172 | true | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.158.34.216 | unknown | United States | 14618 | AMAZON-AESUS | true |
Joe Sandbox version: | 42.0.0 Malachite |
Analysis ID: | 1655016 |
Start date and time: | 2025-04-02 21:38:45 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | lumber.exe |
Detection: | MAL |
Classification: | mal92.troj.winEXE@1/2@0/1 |
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, s ppsvc.exe, SIHClient.exe, Sgrm Broker.exe, conhost.exe, svcho st.exe - Excluded IPs from analysis (wh
itelisted): 199.232.210.172, 4 .245.163.56, 184.31.69.3 - Excluded domains from analysis
(whitelisted): fs.microsoft.c om, slscr.update.microsoft.com , ctldl.windowsupdate.com.deli very.microsoft.com, ctldl.wind owsupdate.com, c.pki.goog, wu- b-net.trafficmanager.net, fe3c r.delivery.mp.microsoft.com - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtOpenKeyEx calls foun d. - Report size getting too big, t
oo many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
bg.microsoft.map.fastly.net | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
AMAZON-AESUS | Get hash | malicious | Prometei | Browse |
| |
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
| ||
Get hash | malicious | Prometei | Browse |
|
Process: | C:\Users\user\Desktop\lumber.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73305 |
Entropy (8bit): | 7.996028107841645 |
Encrypted: | true |
SSDEEP: | 1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/ |
MD5: | 83142242E97B8953C386F988AA694E4A |
SHA1: | 833ED12FC15B356136DCDD27C61A50F59C5C7D50 |
SHA-256: | D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755 |
SHA-512: | BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\lumber.exe |
File Type: | |
Category: | modified |
Size (bytes): | 330 |
Entropy (8bit): | 3.2717236675215347 |
Encrypted: | false |
SSDEEP: | 6:kK3emcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:2mfZkPlE99SNxAhUeq8S |
MD5: | BC694E94452E397534984606BCA4F326 |
SHA1: | 9967EA9614B36143649D883763D395FB9F4B9093 |
SHA-256: | E5AA190B6FE14CB23488C568FDF5529529D72BB778510F397A48E861753968B7 |
SHA-512: | AF2CBAC47E3A2FB47835661BDA7D1427DEFCCC006616F017E8B510C29BBCBD0E28DB13623F211402722B22C185189E223CF7194BDC205BEB373E8B6D182A6651 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 6.342676669183681 |
TrID: |
|
File name: | lumber.exe |
File size: | 73'802 bytes |
MD5: | 8c12ef792bb6e0bf3c7fd1a3cd46642a |
SHA1: | c0967e182486840452ba2b1b291af68d28596f4b |
SHA256: | 823c771434d6b1e8dd4092094c1ea44bda8cccf7f864214fa8a89dffa71f25cb |
SHA512: | dc0c37e843f58d447189f179d46f16198d4aa39785ea99aadcb379421ffd85fd6d2b16e54b7ae092eaa92a1a455abbe3334e51e554ab7ef6e0ac2d5173cbf286 |
SSDEEP: | 768:Ij//2bgdYTpCBQVCayn9KDJpi9ALXwdYZAQ/SJaejzPCHSckzCScx4qXfb+KRBau:Ib/OtC0yMGEwdNJaKMb+KR0Nc8QsJq39 |
TLSH: | 3073CF42E9C41435C1A212BD33B53ABAAD75F1B53611C19A3A8CCDE9EBD18F092793C6 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........8...Y...Y...Y...E...Y..TE...Y...F...Y...F...Y...Y...Y..TQ...Y...z...Y..._...Y..Rich.Y..................PE..L...K..I........... |
Icon Hash: | 90cececece8e8eb0 |
Entrypoint: | 0x401049 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | |
Time Stamp: | 0x49E4C14B [Tue Apr 14 17:00:59 2009 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 481f47bbb2c9c21e108d65f52b04c448 |
Instruction |
---|
aas |
xchg eax, edx |
inc ecx |
clc |
aaa |
wait |
inc edx |
daa |
std |
cmc |
cwde |
daa |
stc |
dec eax |
cwde |
dec edx |
cld |
das |
das |
inc eax |
cdq |
nop |
stc |
lahf |
cwde |
dec eax |
inc ebx |
std |
inc ebx |
dec eax |
clc |
wait |
nop |
std |
xchg eax, ebx |
wait |
inc ecx |
nop |
std |
stc |
inc edx |
cwde |
std |
nop |
daa |
inc ebx |
das |
inc ebx |
aaa |
inc ebx |
dec ebx |
cmc |
das |
daa |
clc |
dec ebx |
cdq |
wait |
inc ebx |
dec ebx |
wait |
cmc |
aaa |
std |
xchg eax, ebx |
salc |
inc eax |
nop |
inc ebx |
cld |
wait |
cld |
inc ecx |
cdq |
inc ebx |
dec ecx |
inc edx |
inc eax |
inc edx |
stc |
salc |
lahf |
clc |
dec eax |
dec eax |
cdq |
dec edx |
inc ebx |
clc |
aas |
cdq |
xchg eax, ecx |
das |
dec ebx |
std |
xchg eax, ecx |
cwde |
das |
cmc |
daa |
cwde |
inc ebx |
stc |
dec eax |
salc |
inc ecx |
cwde |
inc ebx |
cld |
stc |
inc ecx |
inc edx |
das |
lahf |
salc |
das |
xchg eax, ebx |
inc ecx |
cld |
cld |
xchg eax, edx |
inc ebx |
lahf |
dec ebx |
aaa |
dec edx |
inc ecx |
std |
inc edx |
inc ecx |
salc |
aas |
dec ecx |
wait |
inc edx |
aaa |
inc edx |
clc |
lahf |
salc |
salc |
xchg eax, ecx |
lahf |
inc edx |
lahf |
aas |
dec edx |
dec ecx |
dec ebx |
stc |
daa |
stc |
xchg eax, edx |
xchg eax, ebx |
cdq |
xchg eax, ecx |
dec ebx |
inc ecx |
lahf |
cmc |
salc |
xchg eax, ebx |
cmc |
xchg eax, ebx |
nop |
nop |
das |
dec ecx |
das |
xchg eax, ebx |
cmc |
cdq |
aas |
inc edx |
xchg eax, ecx |
stc |
stc |
inc eax |
dec ebx |
lahf |
cdq |
daa |
clc |
salc |
lahf |
das |
cmc |
das |
dec eax |
cdq |
xchg eax, ecx |
clc |
xchg eax, ebx |
dec edx |
clc |
aaa |
salc |
cwde |
inc eax |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xc76c | 0x78 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x7c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xc1e0 | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xc000 | 0x1e0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xa966 | 0xb000 | 7c4058d6be6263651462bec56380567a | False | 0.8211558948863636 | data | 7.044762434727162 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0xc000 | 0xfe6 | 0x1000 | 25d7ceee3aa85bb3e8c5174736f6f830 | False | 0.46142578125 | DOS executable (COM, 0x8C-variant) | 5.318390353744998 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xd000 | 0x705c | 0x4000 | 283b5f792323d57b9db4d2bcc46580f8 | False | 0.25634765625 | Matlab v4 mat-file (little endian) d, numeric, rows 0, columns 0 | 4.407841023203495 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x15000 | 0x7c8 | 0x1000 | c13a9413aea7291b6fc85d75bfcde381 | False | 0.197998046875 | data | 1.958296025171192 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x15060 | 0x768 | data | English | United States | 0.40189873417721517 |
DLL | Import |
---|---|
MSVCRT.dll | _iob, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, __p___initenv, _XcptFilter, _exit, _onexit, __dllonexit, strrchr, wcsncmp, _close, wcslen, wcscpy, strerror, modf, strspn, realloc, __p__environ, __p__wenviron, _errno, free, strncmp, strstr, strncpy, _ftol, qsort, fopen, perror, fclose, fflush, calloc, malloc, signal, printf, _isctype, atoi, exit, __mb_cur_max, _pctype, strchr, fprintf, _controlfp, _strdup, _strnicmp |
KERNEL32.dll | PeekNamedPipe, ReadFile, WriteFile, LoadLibraryA, GetProcAddress, GetVersionExA, GetExitCodeProcess, TerminateProcess, LeaveCriticalSection, SetEvent, ReleaseMutex, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, CreateMutexA, GetFileType, SetLastError, FreeEnvironmentStringsW, GetEnvironmentStringsW, GlobalFree, GetCommandLineW, TlsAlloc, TlsFree, DuplicateHandle, GetCurrentProcess, SetHandleInformation, CloseHandle, GetSystemTimeAsFileTime, FileTimeToSystemTime, GetTimeZoneInformation, FileTimeToLocalFileTime, SystemTimeToFileTime, SystemTimeToTzSpecificLocalTime, Sleep, FormatMessageA, GetLastError, WaitForSingleObject, CreateEventA, SetStdHandle, SetFilePointer, CreateFileA, CreateFileW, GetOverlappedResult, DeviceIoControl, GetFileInformationByHandle, LocalFree |
ADVAPI32.dll | FreeSid, AllocateAndInitializeSid |
WSOCK32.dll | getsockopt, connect, htons, gethostbyname, ntohl, inet_ntoa, setsockopt, socket, closesocket, select, ioctlsocket, __WSAFDIsSet, WSAStartup, WSACleanup, WSAGetLastError |
WS2_32.dll | WSARecv, WSASend |
Description | Data |
---|---|
Comments | Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License athttp://www.apache.org/licenses/LICENSE-2.0Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. |
CompanyName | Apache Software Foundation |
FileDescription | ApacheBench command line utility |
FileVersion | 2.2.14 |
InternalName | ab.exe |
LegalCopyright | Copyright 2009 The Apache Software Foundation. |
OriginalFilename | ab.exe |
ProductName | Apache HTTP Server |
ProductVersion | 2.2.14 |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Download Network PCAP: filtered – full
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2025-04-02T21:39:43.793309+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49681 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:39:50.180004+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49683 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:39:55.402329+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49684 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:00.881414+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49687 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:06.175633+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49691 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:11.700788+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49692 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:16.918243+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49696 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:22.860811+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49699 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:28.078443+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49700 | 54.158.34.216 | 8080 | TCP |
2025-04-02T21:40:33.525928+0200 | 2028765 | ET JA3 Hash - [Abuse.ch] Possible Dridex | 3 | 192.168.2.7 | 49701 | 54.158.34.216 | 8080 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 2, 2025 21:39:43.566637039 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:43.668281078 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:43.668406010 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:43.688610077 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:43.792187929 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:43.793186903 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:43.793211937 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:43.793308973 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:43.793492079 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.552838087 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.656918049 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:44.657295942 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.661500931 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.803436995 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:44.832655907 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:44.832765102 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.833082914 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:44.833142996 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.858633995 CEST | 49681 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:44.957412958 CEST | 8080 | 49681 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:49.979975939 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.078746080 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.078928947 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.079237938 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.179336071 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.179928064 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.180003881 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.180484056 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.181730032 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.321347952 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.439879894 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.439907074 CEST | 8080 | 49683 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:50.440099955 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:50.440099955 CEST | 49683 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.198278904 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.299441099 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.299599886 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.300049067 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.402189970 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.402273893 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.402328968 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.402751923 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.403887033 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.554202080 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.653177977 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.653291941 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.653359890 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:39:55.653460026 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.653516054 CEST | 49684 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:39:55.756753922 CEST | 8080 | 49684 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:00.673671007 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:00.777513027 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:00.777614117 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:00.778048038 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:00.880672932 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:00.881114960 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:00.881413937 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:00.881695986 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:00.944691896 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:01.033560038 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:01.064107895 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:01.064124107 CEST | 8080 | 49687 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:01.064218044 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:01.064218044 CEST | 49687 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:05.964898109 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.068643093 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.072462082 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.072819948 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.175081968 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.175182104 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.175632954 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.175632954 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.181740999 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.321985960 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.476851940 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.476874113 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:06.477056980 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.479820967 CEST | 49691 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:06.585298061 CEST | 8080 | 49691 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.495292902 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.597223043 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.597310066 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.597620964 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.700642109 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.700723886 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.700788021 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.701160908 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.702286005 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.854276896 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.886255980 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.886303902 CEST | 8080 | 49692 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:11.886318922 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:11.886352062 CEST | 49692 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.714274883 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.815717936 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:16.815912962 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.816629887 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.917682886 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:16.918176889 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:16.918242931 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.918704033 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:16.920557022 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:17.064388037 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:17.316081047 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:17.316183090 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:17.639075994 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:17.639221907 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:17.640063047 CEST | 49696 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:17.742832899 CEST | 8080 | 49696 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:22.651530027 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:22.755593061 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:22.756669044 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:22.757035017 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:22.860635042 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:22.860738993 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:22.860810995 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:22.861290932 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:22.862540007 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:23.002326965 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:23.103511095 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:23.103667974 CEST | 8080 | 49699 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:23.103705883 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:23.103763103 CEST | 49699 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:27.870213032 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:27.973982096 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:27.974077940 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:27.974440098 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.077821970 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:28.078376055 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:28.078443050 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.078968048 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.080245972 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.221559048 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:28.313633919 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:28.313673973 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:28.313729048 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.313769102 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.313966036 CEST | 49700 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:28.416023016 CEST | 8080 | 49700 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.323522091 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.422422886 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.422518969 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.422949076 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.525815010 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.525861025 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.525928020 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.529690981 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.531250954 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.671627998 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.723664045 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.723689079 CEST | 8080 | 49701 | 54.158.34.216 | 192.168.2.7 |
Apr 2, 2025 21:40:33.723790884 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Apr 2, 2025 21:40:33.723820925 CEST | 49701 | 8080 | 192.168.2.7 | 54.158.34.216 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 2, 2025 21:39:44.011322021 CEST | 1.1.1.1 | 192.168.2.7 | 0x7582 | No error (0) | 199.232.210.172 | A (IP address) | IN (0x0001) | false | ||
Apr 2, 2025 21:39:44.011322021 CEST | 1.1.1.1 | 192.168.2.7 | 0x7582 | No error (0) | 199.232.214.172 | A (IP address) | IN (0x0001) | false |
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 15:39:42 |
Start date: | 02/04/2025 |
Path: | C:\Users\user\Desktop\lumber.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 73'802 bytes |
MD5 hash: | 8C12EF792BB6E0BF3C7FD1A3CD46642A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Has exited: | true |