Edit tour
Windows
Analysis Report
DHL AWB Document_pdf.exe
Overview
General Information
| Sample name: | DHL AWB Document_pdf.exe |
| Analysis ID: | 1617726 |
| MD5: | 0aeea57a56be2f86535e0809c6cd55d5 |
| SHA1: | 3f7e6a4ed823c699c6a18793ed8b18c97c620973 |
| SHA256: | 14b6341a024dfec538f97f5a3b11efbbc056863ea18eefe58822cd81e81ea09d |
| Tags: | DHLexeuser-abuse_ch |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
Initial sample is a PE file and has a suspicious name
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Classification
- System is w10x64
DHL AWB Document_pdf.exe (PID: 6132 cmdline: "C:\Users\ user\Deskt op\DHL AWB Document_ pdf.exe" MD5: 0AEEA57A56BE2F86535E0809C6CD55D5) - DHL AWB Document_pdf.exe (PID: 7596 cmdline:
"C:\Users\ user\Deskt op\DHL AWB Document_ pdf.exe" MD5: 0AEEA57A56BE2F86535E0809C6CD55D5)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "8001354238:AAGn34Kjnx6tMx7mYU1z9kHME3Ora_fTuPc", "Chat_id": "5100996224", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-18T08:12:46.049174+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 63529 | 104.21.32.1 | 443 | TCP |
| 2025-02-18T08:12:49.373281+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 63533 | 104.21.32.1 | 443 | TCP |
| 2025-02-18T08:12:59.712061+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 63543 | 104.21.32.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-18T08:12:44.056523+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 63527 | 193.122.130.0 | 80 | TCP |
| 2025-02-18T08:12:45.462784+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 63527 | 193.122.130.0 | 80 | TCP |
| 2025-02-18T08:12:46.603529+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 63530 | 193.122.130.0 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-18T08:12:38.250010+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.7 | 63509 | 142.250.181.238 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-18T08:13:00.761974+0100 | 1810007 | 1 | Potentially Bad Traffic | 192.168.2.7 | 63544 | 149.154.167.220 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Code function: | 10_2_36AF0C70 | |
| Source: | Code function: | 10_2_36AF13BB | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_00405FFD | |
| Source: | Code function: | 2_2_0040559B | |
| Source: | Code function: | 2_2_00402688 | |
| Source: | Code function: | 10_2_00405FFD | |
| Source: | Code function: | 10_2_00402688 | |
| Source: | Code function: | 10_2_0040559B | |
| Source: | Code function: | 10_2_0307F2C0 | |
| Source: | Code function: | 10_2_0307F4AC | |
| Source: | Code function: | 10_2_0307F961 | |
| Source: | Code function: | 10_2_36902A90 | |
| Source: | Code function: | 10_2_36902EF0 | |
| Source: | Code function: | 10_2_3690E0B0 | |
| Source: | Code function: | 10_2_3690F288 | |
| Source: | Code function: | 10_2_3690D2E0 | |
| Source: | Code function: | 10_2_3690F6E0 | |
| Source: | Code function: | 10_2_36902EEA | |
| Source: | Code function: | 10_2_3690EE30 | |
| Source: | Code function: | 10_2_36903236 | |
| Source: | Code function: | 10_2_36900673 | |
| Source: | Code function: | 10_2_3690D7D8 | |
| Source: | Code function: | 10_2_36900B30 | |
| Source: | Code function: | 10_2_36900B30 | |
| Source: | Code function: | 10_2_3690DC30 | |
| Source: | Code function: | 10_2_36900853 | |
| Source: | Code function: | 10_2_36900040 | |
| Source: | Code function: | 10_2_3690E9B0 | |
| Source: | Code function: | 10_2_3690CDE8 | |
| Source: | Code function: | 10_2_3690E558 | |
| Source: | Code function: | 10_2_36AF1478 | |
| Source: | Code function: | 10_2_36AF0040 | |
| Source: | Code function: | 10_2_36AFE850 | |
| Source: | Code function: | 10_2_36AFE1B0 | |
| Source: | Code function: | 10_2_36AFA528 | |
| Source: | Code function: | 10_2_36AFF2A8 | |
| Source: | Code function: | 10_2_36AF6EA0 | |
| Source: | Code function: | 10_2_36AF4EB0 | |
| Source: | Code function: | 10_2_36AF8E90 | |
| Source: | Code function: | 10_2_36AFB2D8 | |
| Source: | Code function: | 10_2_36AF4A20 | |
| Source: | Code function: | 10_2_36AF8A00 | |
| Source: | Code function: | 10_2_36AF6A10 | |
| Source: | Code function: | 10_2_36AFAE48 | |
| Source: | Code function: | 10_2_36AF97B0 | |
| Source: | Code function: | 10_2_36AF37E0 | |
| Source: | Code function: | 10_2_36AFBBF8 | |
| Source: | Code function: | 10_2_36AF77C0 | |
| Source: | Code function: | 10_2_36AF57D0 | |
| Source: | Code function: | 10_2_36AF9320 | |
| Source: | Code function: | 10_2_36AF7330 | |
| Source: | Code function: | 10_2_36AFB768 | |
| Source: | Code function: | 10_2_36AFCF70 | |
| Source: | Code function: | 10_2_36AF5340 | |
| Source: | Code function: | 10_2_36AFC088 | |
| Source: | Code function: | 10_2_36AFA098 | |
| Source: | Code function: | 10_2_36AFD890 | |
| Source: | Code function: | 10_2_36AF80E0 | |
| Source: | Code function: | 10_2_36AF60F0 | |
| Source: | Code function: | 10_2_36AFD400 | |
| Source: | Code function: | 10_2_36AFF810 | |
| Source: | Code function: | 10_2_36AF5C60 | |
| Source: | Code function: | 10_2_36AF3C70 | |
| Source: | Code function: | 10_2_36AF9C40 | |
| Source: | Code function: | 10_2_36AF7C50 | |
| Source: | Code function: | 10_2_36AFC9A8 | |
| Source: | Code function: | 10_2_36AFA9B8 | |
| Source: | Code function: | 10_2_36AF6580 | |
| Source: | Code function: | 10_2_36AF4590 | |
| Source: | Code function: | 10_2_36AFDD20 | |
| Source: | Code function: | 10_2_36AF4100 | |
| Source: | Code function: | 10_2_36AFC518 | |
| Source: | Code function: | 10_2_36AF8570 | |
| Source: | Code function: | 10_2_36AF3548 | |
| Source: | Code function: | 10_2_36AFED40 | |
| Source: | Code function: | 10_2_36B72928 | |
| Source: | Code function: | 10_2_36B718C8 | |
| Source: | Code function: | 10_2_36B71400 | |
| Source: | Code function: | 10_2_36B70040 | |
| Source: | Code function: | 10_2_36B70A48 | |
| Source: | Code function: | 10_2_36B71D90 | |
| Source: | Code function: | 10_2_36B72398 | |
| Source: | Code function: | 10_2_36B70530 | |
| Source: | Code function: | 10_2_36B70F10 | |
| Source: | Code function: | 10_2_36B894D8 | |
| Source: | Code function: | 10_2_36B894CA | |
| Source: | Code function: | 10_2_36B89840 | |
Networking | |
|---|
| Source: | Suricata IDS: | ||
| Source: | DNS query: | ||
| Source: | TCP traffic: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 2_2_00405050 | |
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Code function: | 2_2_004030D9 | |
| Source: | Code function: | 10_2_004030D9 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 2_2_00406344 | |
| Source: | Code function: | 2_2_0040488F | |
| Source: | Code function: | 10_2_00406344 | |
| Source: | Code function: | 10_2_0040488F | |
| Source: | Code function: | 10_2_03075370 | |
| Source: | Code function: | 10_2_0307D278 | |
| Source: | Code function: | 10_2_0307C147 | |
| Source: | Code function: | 10_2_0307A088 | |
| Source: | Code function: | 10_2_0307C738 | |
| Source: | Code function: | 10_2_030776F1 | |
| Source: | Code function: | 10_2_0307D548 | |
| Source: | Code function: | 10_2_0307C468 | |
| Source: | Code function: | 10_2_03076498 | |
| Source: | Code function: | 10_2_0307CA08 | |
| Source: | Code function: | 10_2_0307E988 | |
| Source: | Code function: | 10_2_0307CFAA | |
| Source: | Code function: | 10_2_03076FC8 | |
| Source: | Code function: | 10_2_03073E09 | |
| Source: | Code function: | 10_2_0307CCD8 | |
| Source: | Code function: | 10_2_0307B0B8 | |
| Source: | Code function: | 10_2_0307F961 | |
| Source: | Code function: | 10_2_0307E97A | |
| Source: | Code function: | 10_2_030729E0 | |
| Source: | Code function: | 10_2_36902A90 | |
| Source: | Code function: | 10_2_36909668 | |
| Source: | Code function: | 10_2_36901FA8 | |
| Source: | Code function: | 10_2_3690E0B0 | |
| Source: | Code function: | 10_2_36901850 | |
| Source: | Code function: | 10_2_36905148 | |
| Source: | Code function: | 10_2_3690F288 | |
| Source: | Code function: | 10_2_3690D2D0 | |
| Source: | Code function: | 10_2_3690F6D9 | |
| Source: | Code function: | 10_2_3690D2DF | |
| Source: | Code function: | 10_2_3690D2E0 | |
| Source: | Code function: | 10_2_3690F6E0 | |
| Source: | Code function: | 10_2_3690EE30 | |
| Source: | Code function: | 10_2_3690EE2B | |
| Source: | Code function: | 10_2_3690965B | |
| Source: | Code function: | 10_2_3690F278 | |
| Source: | Code function: | 10_2_36901FA2 | |
| Source: | Code function: | 10_2_3690D7D3 | |
| Source: | Code function: | 10_2_3690D7D8 | |
| Source: | Code function: | 10_2_36900B30 | |
| Source: | Code function: | 10_2_36900B20 | |
| Source: | Code function: | 10_2_36908CB1 | |
| Source: | Code function: | 10_2_3690E0A5 | |
| Source: | Code function: | 10_2_36908CC0 | |
| Source: | Code function: | 10_2_36900012 | |
| Source: | Code function: | 10_2_3690DC30 | |
| Source: | Code function: | 10_2_3690003F | |
| Source: | Code function: | 10_2_3690DC23 | |
| Source: | Code function: | 10_2_36900040 | |
| Source: | Code function: | 10_2_36901841 | |
| Source: | Code function: | 10_2_36909D90 | |
| Source: | Code function: | 10_2_36909D83 | |
| Source: | Code function: | 10_2_3690E9B0 | |
| Source: | Code function: | 10_2_3690E9A1 | |
| Source: | Code function: | 10_2_3690CDE8 | |
| Source: | Code function: | 10_2_36905138 | |
| Source: | Code function: | 10_2_3690E558 | |
| Source: | Code function: | 10_2_3690E548 | |
| Source: | Code function: | 10_2_36AF0698 | |
| Source: | Code function: | 10_2_36AF1478 | |
| Source: | Code function: | 10_2_36AF0040 | |
| Source: | Code function: | 10_2_36AFE850 | |
| Source: | Code function: | 10_2_36AFE1B0 | |
| Source: | Code function: | 10_2_36AFA528 | |
| Source: | Code function: | 10_2_36AF4EAD | |
| Source: | Code function: | 10_2_36AFF2A8 | |
| Source: | Code function: | 10_2_36AF6EA0 | |
| Source: | Code function: | 10_2_36AF4EB0 | |
| Source: | Code function: | 10_2_36AF6E9B | |
| Source: | Code function: | 10_2_36AFF298 | |
| Source: | Code function: | 10_2_36AF0693 | |
| Source: | Code function: | 10_2_36AF8E90 | |
| Source: | Code function: | 10_2_36AFB2C7 | |
| Source: | Code function: | 10_2_36AFB2D8 | |
| Source: | Code function: | 10_2_36AF4A20 | |
| Source: | Code function: | 10_2_36AFAE38 | |
| Source: | Code function: | 10_2_36AF6A09 | |
| Source: | Code function: | 10_2_36AF8A00 | |
| Source: | Code function: | 10_2_36AF2E00 | |
| Source: | Code function: | 10_2_36AF4A1B | |
| Source: | Code function: | 10_2_36AF6A10 | |
| Source: | Code function: | 10_2_36AF8E7F | |
| Source: | Code function: | 10_2_36AFF271 | |
| Source: | Code function: | 10_2_36AFAE48 | |
| Source: | Code function: | 10_2_36AF97A0 | |
| Source: | Code function: | 10_2_36AF77BB | |
| Source: | Code function: | 10_2_36AF97B0 | |
| Source: | Code function: | 10_2_36AFD3EF | |
| Source: | Code function: | 10_2_36AFBBE9 | |
| Source: | Code function: | 10_2_36AF37E0 | |
| Source: | Code function: | 10_2_36AFBBF8 | |
| Source: | Code function: | 10_2_36AF57C3 | |
| Source: | Code function: | 10_2_36AF77C0 | |
| Source: | Code function: | 10_2_36AF37D3 | |
| Source: | Code function: | 10_2_36AF57D0 | |
| Source: | Code function: | 10_2_36AF732B | |
| Source: | Code function: | 10_2_36AF9320 | |
| Source: | Code function: | 10_2_36AF5333 | |
| Source: | Code function: | 10_2_36AF7330 | |
| Source: | Code function: | 10_2_36AF9310 | |
| Source: | Code function: | 10_2_36AFB768 | |
| Source: | Code function: | 10_2_36AFCF61 | |
| Source: | Code function: | 10_2_36AFCF70 | |
| Source: | Code function: | 10_2_36AF5340 | |
| Source: | Code function: | 10_2_36AFB759 | |
| Source: | Code function: | 10_2_36AFA089 | |
| Source: | Code function: | 10_2_36AFC088 | |
| Source: | Code function: | 10_2_36AFD881 | |
| Source: | Code function: | 10_2_36AFA098 | |
| Source: | Code function: | 10_2_36AFD890 | |
| Source: | Code function: | 10_2_36AF60E7 | |
| Source: | Code function: | 10_2_36AF80E0 | |
| Source: | Code function: | 10_2_36AF40FB | |
| Source: | Code function: | 10_2_36AF60F0 | |
| Source: | Code function: | 10_2_36AF80DB | |
| Source: | Code function: | 10_2_36AFE829 | |
| Source: | Code function: | 10_2_36AF003F | |
| Source: | Code function: | 10_2_36AF003B | |
| Source: | Code function: | 10_2_36AF9C31 | |
| Source: | Code function: | 10_2_36AFD400 | |
| Source: | Code function: | 10_2_36AFF800 | |
| Source: | Code function: | 10_2_36AFF810 | |
| Source: | Code function: | 10_2_36AF3C63 | |
| Source: | Code function: | 10_2_36AF5C60 | |
| Source: | Code function: | 10_2_36AFC077 | |
| Source: | Code function: | 10_2_36AF1473 | |
| Source: | Code function: | 10_2_36AF3C70 | |
| Source: | Code function: | 10_2_36AF7C40 | |
| Source: | Code function: | 10_2_36AF9C40 | |
| Source: | Code function: | 10_2_36AF5C50 | |
| Source: | Code function: | 10_2_36AF7C50 | |
| Source: | Code function: | 10_2_36AFA9A8 | |
| Source: | Code function: | 10_2_36AFC9A8 | |
| Source: | Code function: | 10_2_36AFE1A0 | |
| Source: | Code function: | 10_2_36AFA9B8 | |
| Source: | Code function: | 10_2_36AF458B | |
| Source: | Code function: | 10_2_36AF6580 | |
| Source: | Code function: | 10_2_36AFC998 | |
| Source: | Code function: | 10_2_36AF4590 | |
| Source: | Code function: | 10_2_36AF2DEF | |
| Source: | Code function: | 10_2_36AF89F9 | |
| Source: | Code function: | 10_2_36AFDD20 | |
| Source: | Code function: | 10_2_36AFED31 | |
| Source: | Code function: | 10_2_36AFC509 | |
| Source: | Code function: | 10_2_36AF2904 | |
| Source: | Code function: | 10_2_36AF4100 | |
| Source: | Code function: | 10_2_36AFA519 | |
| Source: | Code function: | 10_2_36AFC518 | |
| Source: | Code function: | 10_2_36AFDD10 | |
| Source: | Code function: | 10_2_36AF856B | |
| Source: | Code function: | 10_2_36AF2964 | |
| Source: | Code function: | 10_2_36AF6579 | |
| Source: | Code function: | 10_2_36AF8570 | |
| Source: | Code function: | 10_2_36AFED40 | |
| Source: | Code function: | 10_2_36B752E8 | |
| Source: | Code function: | 10_2_36B77C78 | |
| Source: | Code function: | 10_2_36B7F658 | |
| Source: | Code function: | 10_2_36B77F98 | |
| Source: | Code function: | 10_2_36B72928 | |
| Source: | Code function: | 10_2_36B718B7 | |
| Source: | Code function: | 10_2_36B7B4B8 | |
| Source: | Code function: | 10_2_36B782B8 | |
| Source: | Code function: | 10_2_36B7E6B8 | |
| Source: | Code function: | 10_2_36B782A7 | |
| Source: | Code function: | 10_2_36B76AA8 | |
| Source: | Code function: | 10_2_36B7B4A8 | |
| Source: | Code function: | 10_2_36B77890 | |
| Source: | Code function: | 10_2_36B79898 | |
| Source: | Code function: | 10_2_36B7CA98 | |
| Source: | Code function: | 10_2_36B70EFF | |
| Source: | Code function: | 10_2_36B788F8 | |
| Source: | Code function: | 10_2_36B7BAF8 | |
| Source: | Code function: | 10_2_36B7ECF8 | |
| Source: | Code function: | 10_2_36B760D0 | |
| Source: | Code function: | 10_2_36B79ED8 | |
| Source: | Code function: | 10_2_36B7D0D8 | |
| Source: | Code function: | 10_2_36B760C0 | |
| Source: | Code function: | 10_2_36B718C8 | |
| Source: | Code function: | 10_2_36B75630 | |
| Source: | Code function: | 10_2_36B77430 | |
| Source: | Code function: | 10_2_36B70A39 | |
| Source: | Code function: | 10_2_36B7A838 | |
| Source: | Code function: | 10_2_36B7DA38 | |
| Source: | Code function: | 10_2_36B7DA28 | |
| Source: | Code function: | 10_2_36B76418 | |
| Source: | Code function: | 10_2_36B78C18 | |
| Source: | Code function: | 10_2_36B7BE18 | |
| Source: | Code function: | 10_2_36B7F018 | |
| Source: | Code function: | 10_2_36B70006 | |
| Source: | Code function: | 10_2_36B71400 | |
| Source: | Code function: | 10_2_36B7F008 | |
| Source: | Code function: | 10_2_36B7E078 | |
| Source: | Code function: | 10_2_36B7AE78 | |
| Source: | Code function: | 10_2_36B7C458 | |
| Source: | Code function: | 10_2_36B79258 | |
| Source: | Code function: | 10_2_36B70040 | |
| Source: | Code function: | 10_2_36B70A48 | |
| Source: | Code function: | 10_2_36B75DB0 | |
| Source: | Code function: | 10_2_36B7CDB8 | |
| Source: | Code function: | 10_2_36B79BB8 | |
| Source: | Code function: | 10_2_36B71D90 | |
| Source: | Code function: | 10_2_36B72398 | |
| Source: | Code function: | 10_2_36B7B198 | |
| Source: | Code function: | 10_2_36B7E398 | |
| Source: | Code function: | 10_2_36B76788 | |
| Source: | Code function: | 10_2_36B72388 | |
| Source: | Code function: | 10_2_36B713F1 | |
| Source: | Code function: | 10_2_36B76DF0 | |
| Source: | Code function: | 10_2_36B759F0 | |
| Source: | Code function: | 10_2_36B7A1F8 | |
| Source: | Code function: | 10_2_36B7D3F8 | |
| Source: | Code function: | 10_2_36B785D8 | |
| Source: | Code function: | 10_2_36B7B7D8 | |
| Source: | Code function: | 10_2_36B7E9D8 | |
| Source: | Code function: | 10_2_36B785C7 | |
| Source: | Code function: | 10_2_36B70530 | |
| Source: | Code function: | 10_2_36B78F38 | |
| Source: | Code function: | 10_2_36B7C138 | |
| Source: | Code function: | 10_2_36B7F338 | |
| Source: | Code function: | 10_2_36B70520 | |
| Source: | Code function: | 10_2_36B77110 | |
| Source: | Code function: | 10_2_36B70F10 | |
| Source: | Code function: | 10_2_36B7A518 | |
| Source: | Code function: | 10_2_36B7D718 | |
| Source: | Code function: | 10_2_36B72918 | |
| Source: | Code function: | 10_2_36B71D7F | |
| Source: | Code function: | 10_2_36B7C778 | |
| Source: | Code function: | 10_2_36B79578 | |
| Source: | Code function: | 10_2_36B7DD58 | |
| Source: | Code function: | 10_2_36B7AB58 | |
| Source: | Code function: | 10_2_36B7AB4E | |
| Source: | Code function: | 10_2_36B87128 | |
| Source: | Code function: | 10_2_36B87F30 | |
| Source: | Code function: | 10_2_36B87810 | |
| Source: | Code function: | 10_2_36B85950 | |
| Source: | Code function: | 10_2_36B88618 | |
| Source: | Code function: | 10_2_36B88D00 | |
| Source: | Code function: | 10_2_36B87118 | |
| Source: | Code function: | 10_2_36B87F20 | |
| Source: | Code function: | 10_2_36B83CF0 | |
| Source: | Code function: | 10_2_36B87800 | |
| Source: | Code function: | 10_2_36B88608 | |
| Source: | Code function: | 10_2_36B88CF2 | |
| Source: | Code function: | 10_2_36C76ED4 | |
| Source: | Code function: | 10_2_36C78F10 | |
| Source: | Code function: | 10_2_36C7E770 | |
| Source: | Code function: | 10_2_36C76ED3 | |
| Source: | Code function: | 10_2_36C74E34 | |
| Source: | Code function: | 10_2_36C77C78 | |
| Source: | Code function: | 10_2_36C79BB0 | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 2_2_004030D9 | |
| Source: | Code function: | 10_2_004030D9 | |
| Source: | Code function: | 2_2_0040431C | |
| Source: | Code function: | 2_2_0040205E | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 2_2_10001A5D | |
| Source: | Code function: | 2_2_10002D4E | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | API coverage: | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 2_2_00405FFD | |
| Source: | Code function: | 2_2_0040559B | |
| Source: | Code function: | 2_2_00402688 | |
| Source: | Code function: | 10_2_00405FFD | |
| Source: | Code function: | 10_2_00402688 | |
| Source: | Code function: | 10_2_0040559B | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_2-4577 | ||
| Source: | API call chain: | graph_2-4574 | ||
| Source: | Code function: | 2_2_10001A5D | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 2_2_00405D1B | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 11 Masquerading | 1 OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Email Collection | 1 Web Service | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 21 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 3 Ingress Tool Transfer | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | 1 Clipboard Data | 3 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | 14 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 215 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 3 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 38% | Virustotal | Browse | ||
| 24% | ReversingLabs |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 1% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.181.238 | true | false | high | |
| drive.usercontent.google.com | 142.250.186.129 | true | false | high | |
| reallyfreegeoip.org | 104.21.32.1 | true | false | high | |
| api.telegram.org | 149.154.167.220 | true | false | high | |
| checkip.dyndns.com | 193.122.130.0 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.186.129 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
| 104.21.32.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1617726 |
| Start date and time: | 2025-02-18 08:10:46 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 57s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 15 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | DHL AWB Document_pdf.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@3/25@5/5 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.61, 20.12.23.50
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:19:35 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 149.154.167.220 | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse | ||
| Get hash | malicious | Snake Keylogger | Browse | |||
| Get hash | malicious | AgentTesla | Browse | |||
| Get hash | malicious | Snake Keylogger | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | HTMLPhisher | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| 104.21.32.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| api.telegram.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| TELEGRAMRU | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Telegram Phisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Amadey, RedLine, Stealc | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | DBatLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MassLogger RAT | Browse |
| ||
| Get hash | malicious | DBatLoader, MassLogger RAT, PureLog Stealer | Browse |
| ||
| 3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | AgentTesla | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Amadey, RedLine, Stealc | Browse |
| |
| Get hash | malicious | Amadey, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, Healer AV Disabler, LummaC Stealer, Stealc, Vidar | Browse |
| ||
| Get hash | malicious | GhostRat | Browse |
| ||
| Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsn3651.tmp\System.dll | Get hash | malicious | AgentTesla, GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47 |
| Entropy (8bit): | 4.628848957968553 |
| Encrypted: | false |
| SSDEEP: | 3:YOm45GXQLQIfLBJXmgxv:5TGXQkIP2I |
| MD5: | B895D576D6637A778B387B2FCA0F56EC |
| SHA1: | E78D2BE4D94673D612C16D29C330BB0C78778429 |
| SHA-256: | BFEC1E97ED5D34825521D60B98986D1564CD159B4D1F9569EAE4C3464D2F5C47 |
| SHA-512: | B4A771D1B517A2776BA440F79F168306C244DF1A6DE1966313157154D8D52BEAD8131B95F846C2F55C15382E04284FFFC6CF6ABF3F6FCFCB259DF2EA58D769E5 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.256564762130954 |
| Encrypted: | false |
| SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
| MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
| SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
| SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
| SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 3.9637832956585757 |
| Encrypted: | false |
| SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
| MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
| SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
| SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
| SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.52973742089034 |
| Encrypted: | false |
| SSDEEP: | 3:sEMBQEJkJVEjERMJ9xQoXUn:2J9xvUn |
| MD5: | 6E218F4EAEF4854A4F310D8A5E335A2E |
| SHA1: | F84C2E914AD92E65F97EECFC4CD407ED6AA5AF1D |
| SHA-256: | A33C5B98649409C5FC2AB7D0EC13685DC41936FC9A50D1DE667D3B0209B851F1 |
| SHA-512: | EB377F9488888ACFC0AF7CEB03F3505CFB61795A61FB7F7FD77B9412539632FCAD137F0F507504A0EEDA4734F46FE350E0CFA4AE996F8BE61912AAA1EDA5C882 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.770824470205811 |
| Encrypted: | false |
| SSDEEP: | 192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn |
| MD5: | B8992E497D57001DDF100F9C397FCEF5 |
| SHA1: | E26DDF101A2EC5027975D2909306457C6F61CFBD |
| SHA-256: | 98BCD1DD88642F4DD36A300C76EBB1DDFBBBC5BFC7E3B6D7435DC6D6E030C13B |
| SHA-512: | 8823B1904DCCFAF031068102CB1DEF7958A057F49FF369F0E061F1B4DB2090021AA620BB8442A2A6AC9355BB74EE54371DC2599C20DC723755A46EDE81533A3C |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0914493934217315 |
| Encrypted: | false |
| SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
| MD5: | 5D04A35D3950677049C7A0CF17E37125 |
| SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
| SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
| SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56 |
| Entropy (8bit): | 4.300098279976057 |
| Encrypted: | false |
| SSDEEP: | 3:sAAEVvjsZMJ0vL84n:fLvJq |
| MD5: | C97FE66EE1FEA92C5368DA8F0B550B1F |
| SHA1: | FB630B702A1476D0277CEC9551FFFB8F75DCC268 |
| SHA-256: | 9A06D3BAB617D5CDAEBD1DFA907F1E6235238127D5BC50430B06479B37933640 |
| SHA-512: | 5DD85732FD624DE9A648289A9CBF7D6A33F62F4AA06E756B3EEDE0173C3354C47E59FE534E53D2FE596DA86FE400B9435E902A481B51659338639362D77E581F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38 |
| Entropy (8bit): | 4.115834092163221 |
| Encrypted: | false |
| SSDEEP: | 3:OBamvOnOKXDJ+B:uamXoVQ |
| MD5: | 57236E5883AC72789FE46439440C54AF |
| SHA1: | EE1BD5CF0B8C44213BC88C09E241EBA31A79DC7B |
| SHA-256: | 23568A0963E32E55958D6E7D442DEE234EB8AE8F2BCACD57B30FA6944253E791 |
| SHA-512: | F43DF2AC8A135B97C6A0A228F30298BBB7CA4328EEABAE655C3065C979C470C5124EC6EE10F5E681B44B7D627F407A05B49754FCEBDBB3542D56BFC77C97115B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 453586 |
| Entropy (8bit): | 7.0700917284249245 |
| Encrypted: | false |
| SSDEEP: | 6144:Rk5JDhffS33iRaI7Jq4rS72XYa3xZ4zBtdfYSUyFjlkJ5DrpekuGm:aVi33QaHOoahZytBFlFjls5DrQRGm |
| MD5: | BDB819F3FAEE6B069CF634CD8CDA27AE |
| SHA1: | CE6952BA21B2F961F58483EDBE2E03E45598B078 |
| SHA-256: | 8159404591D5E83AD91865B2B2E137D2FB7DB6D39F9191F7ABBF0A9DF50D4495 |
| SHA-512: | 9E06CCD55D27248AD4E383A8D19200648D5842FFE7D0D2AD02EB2F19AC97975DD9C3A83CBF1A5722AFEE473F7DACA6D87925FAA0E598A0042BFECEA9B301B91E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 373 |
| Entropy (8bit): | 4.6689888819839975 |
| Encrypted: | false |
| SSDEEP: | 6:u8RULdljrMCRX/BFkQy3J8E2+HF7xWZFukJt44tjoWCioZXHfLLznE6ARYBJe:uA8ACKQvn+l9WTn/joYoZXHjLLESBJe |
| MD5: | EA57DEBB5ED0FCC284A13708B57DF4B5 |
| SHA1: | 829BB4B4625C889FB7BE1129DBB44C5CA9C3463A |
| SHA-256: | CA4E5E4D2E8EE9E3A7C19358469280289474E701CF23180372F95A975E8E7B5B |
| SHA-512: | DCDA231F390809E486B24399573713746A90A02006BF829BE59F66A58A421212F82768DDBDF3BBC89497B1C32318E8D090175BF041681C12D64D5F3423F97CDE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 187748 |
| Entropy (8bit): | 1.2534161616514632 |
| Encrypted: | false |
| SSDEEP: | 3072:viD/FWcjS9V0XNgDhAq5q+ZhpMNY/rveNIvJWs99SBNGyCzrkGhrI:viD/FWcjS9V0XNgDhAq5q+ZhpMNY/rvi |
| MD5: | 664F0CBD44998A34FE4B192AF58382C2 |
| SHA1: | 2EDB2244FD7C1D740DC8E5AA1EA559BB22BDA69D |
| SHA-256: | 845B140AC14A7A324D4741347CE98213992C5B1604783765199D52D7FD4B7336 |
| SHA-512: | 389AEDDF6C015BCA238453013D6860CC160ABBE46D8BBB9CD0580EB33CB7B7EB78E3CADB42429076E45D0D0836D7C7F629C680CE7DAB3ACD0332142D56BEC0BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 169168 |
| Entropy (8bit): | 4.607884114166155 |
| Encrypted: | false |
| SSDEEP: | 3072:buGiLyU32iH87EStMFyszftVi/D+QM5Z4t:aVLl2iH8YW4TzfkvMjK |
| MD5: | E38137DECB58E3437E51AC1A6AF9CB21 |
| SHA1: | 14C60502028FBFFA2FF31413E96519A13A515020 |
| SHA-256: | EEA371EBB4304C9934911A7BFE135FA1F7EC031B3D5CDE63FAFCCD6FD5044A35 |
| SHA-512: | 4956D88F318C5947161924F22E83C034A6E5A88B100971877420A9F3F8EDA44BC853B6F586E07F6E28F88FEB04A3C04528C0FD9ECBFEFC64FBFA2C6FDEFC4E0C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 214120 |
| Entropy (8bit): | 1.2579565170685552 |
| Encrypted: | false |
| SSDEEP: | 768:q5nvyKGXCnISP0EVK0SaU31cnnQGGPHYv19dX9b6UU1DURU+3bmbKTLVaHF4RhuS:aqKXnFy1OAiXJipY |
| MD5: | 96B2F505D112A6F57388F3094D161250 |
| SHA1: | E8BEEF63CFAB5DBBF8FE5D3433CCB0E1BD0C30CB |
| SHA-256: | 89737BBD79CBE18E3A0CA679A61F40A4F8426FF5A20A8D5FA16E9F468D024ADF |
| SHA-512: | 34B0C0306589E7D5C813FC97ED51A9F96B19E86CDF5EA0582AD918F5A3AC5980161F16DA7893285BE4D38DDE34CE3386D0A242E3AD1983B198C11D911895EDC3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 435668 |
| Entropy (8bit): | 1.253832121572574 |
| Encrypted: | false |
| SSDEEP: | 3072:NKIEw9ZoxgquiPFmuHbpNx7eMjiqYAvKHJD0LMC12XdglxUiUKREgR8CzgO75Q01:hMrhB |
| MD5: | 37F81FE171AF7FFB40CA626AAF49C62D |
| SHA1: | 19C8F00E9697E02C1EA6318E5A76D1AE12EE99D1 |
| SHA-256: | 295E99D5CFF9FD679416772E4BE849B28FD9D26878A0FB6BCD938ED569389661 |
| SHA-512: | 1E157EFF96AFE784319820EEF8A4BAD0A311974B54EA9968FE20D06BFD39572DCF3C6CA147D08B842647A491118C4B8DD6CF1BD565FC5BFAA4BF47665058C895 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\nonredundant.txt
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 339 |
| Entropy (8bit): | 4.386002311199939 |
| Encrypted: | false |
| SSDEEP: | 6:eTMJWn6uG/xCKALCME9jvn4XxtGRlcXgQMzAjDJAWrF4SMgvNXlKjXnLfWqEKYTK:MIM6uG/Q7LcjvXcQJSAWrF/wL+BhK |
| MD5: | 27B2BA9A77B5AC1124E34924F8BCF439 |
| SHA1: | 61BB651112CACEB90B3F8D55B4FB70A8BF290C5D |
| SHA-256: | 89EED45CE89233A0DB0CE806E06F9F0D871BDFF0B2452174BC9424D492F3400B |
| SHA-512: | 0A18590A9ED34CED58624B2F84EB7DE8E17BBE6BA17DD79E63A267898526DB91D7666E17C3ACA48AF23F190A6B182BEEA9ACDB22D0DAE9D4B7CC4E76DFFB8FBC |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\nytaarsforstters.jpg
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11613 |
| Entropy (8bit): | 7.938426026696142 |
| Encrypted: | false |
| SSDEEP: | 192:Lbo5WFAOldq2TTsnS6z6DPy7yR0JrN1HzaVP8A2W3oFbutJFBa1OYswbWeRp7Mhy:3oI2Ofq20R67eBH+VPaW3uu1qhswyeRv |
| MD5: | A26FDA60840D7433C2B9F03FF5B6313F |
| SHA1: | 59E8062AACF7B5EE2BFA5B93E9DA575B71E93B6C |
| SHA-256: | CF4CB340522CBF86D73BC79CBC19E16ABD4957194F5951D1F8745A307A7EE125 |
| SHA-512: | C609BF930ABB7B5B48E4AA1F53AA2D8AF52B985E9808993C17978E7C943E7854ADF245ACF6A57A90A0CDE487706355AA7619AB1C9A71382C9497D2CEEE273CC4 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\peptonize.jpg
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6698 |
| Entropy (8bit): | 7.913586766253015 |
| Encrypted: | false |
| SSDEEP: | 96:RhDE/bw4VVlkoldIEd3q30RogKpZD1429e7hMbEUoH1Im5nw4xZt2pjpfG8Jk:LDCw4VsaSEda3JgKT87h4spnw4/t4rJk |
| MD5: | 171FB9CF38673F2775687EEABD5C17F9 |
| SHA1: | 91E101B39EA447C2AE37895D9928BD76A658D83B |
| SHA-256: | 6F5866884FEEC2E4E5849FFB69C597DF8A49334714F62793469C7617240FEF78 |
| SHA-512: | B253BD7961991ABFCF2B44516F0124EA0A5A2E20985B68F97D80509C6D879DBBCBC26749C1E641AC85B566A66D3CF46FB3B86ED34920B20BF20D21F8FB24B63A |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\polysomatic.txt
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 565 |
| Entropy (8bit): | 4.507713117297587 |
| Encrypted: | false |
| SSDEEP: | 12:78zhwZSb69J6TdesZIhFSzCondQEvM76qjzJ9tD:78zhoS8+ZIhFSzCJGSjBD |
| MD5: | 8751DD1639F8457EFB017CCD2FDE0F25 |
| SHA1: | 21784460C75DAC9412FCA4E971EC9FEDBA1BB8BC |
| SHA-256: | 254BB3E52AA738F17CBEF508E541FBBE928576F4FBBFCEE39ACC6C3025351991 |
| SHA-512: | 1B3F6823586BDA4AAEF8795D5AAEBC787EAA9AB4F2D9D9110B30CD71D95BF22CE7B4782647707A0C32855D24BB1C84F89F61DA527281DAD3DEB161851E20E531 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\stridsmndene.jpg
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35074 |
| Entropy (8bit): | 7.929273166684339 |
| Encrypted: | false |
| SSDEEP: | 768:/1qAL9ONp6yNZmL45EqsbSeIcggTHYRFvmgj14:/wW9DyLmc5xsmsg7R9ma4 |
| MD5: | E02B537614B9A3B20897B2CE88362B2F |
| SHA1: | 9E0BBCF243960400626DF59CE2F00A99D28464E5 |
| SHA-256: | 5833AF3396DEF24CE4EBF4CABC1E4B7C47564835167F977C25FF8CBDCC568306 |
| SHA-512: | 7014B6B8AB45E09735151E40FBD701D7CD7164E79AF7FD0FDB1497BD8AEDC092FEAB4CC443362EDD8E3F82993DF87E1E9ADB3A576A267BDCDE4C94E941A20140 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Gamdeboo\strolld.jpg
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40564 |
| Entropy (8bit): | 7.970435935833064 |
| Encrypted: | false |
| SSDEEP: | 768:EmF+WkDks/1TAMAlDmXMNHgnMSYb9dQfW44X7+znLdp0ja7xweTnuJ:EY+ksRAlDm0gMSYb/B44MnLdKja7eQn0 |
| MD5: | 5D97A896225E838266ED45E035111307 |
| SHA1: | 4C2B4255AB66255CB6FDBD1CC668D59A04FB0716 |
| SHA-256: | 6122CD9B5F6B422F502C1AE9621096E1CBDD1CC8519F9846D61B0EB050D9A360 |
| SHA-512: | 03802AD07BAA11F72843F6E8D9CBE477AAE608CF5FB6B6F3B2475A9CAF681FA6039F6520BAF3509FC2B45069550DDAA2901DFA5CDF28D2CF164621E105A14714 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\Svanehalsens40.ini
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 142 |
| Entropy (8bit): | 4.480171964505095 |
| Encrypted: | false |
| SSDEEP: | 3:rCA2rL0AIZAXCRxR62tyvLxMHLbFRMgdov+jE3uqrygitHjDxlvyy:W7L0LoUx0992brMgA3TrzidjDXT |
| MD5: | 89BD48202FA5C0E5862F7217C2E8BC7E |
| SHA1: | D3DFD6451B0EAB34FBE4CD2BAE5CD5734DB92BC4 |
| SHA-256: | 91A28F8430ECED63B1963DDF512DCD5F495215F2E9C8B5D3ED30F1FF592A399F |
| SHA-512: | FE5210EAC9736655F0746127A9D2697A97162C0F70E2E66A29AE5ACAFF9E7AE188BA0E0F60A7D7BE32656419AC3B54A433F5C3F9FCEA78CB9DA87DC8B1CD9FE8 |
| Malicious: | false |
| Preview: |
C:\Users\user\Slutafregningers175\ammunitionsfabrikkers\Unfrequentable\aeroenterectasia.txt
Download File
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 479 |
| Entropy (8bit): | 4.343563883081814 |
| Encrypted: | false |
| SSDEEP: | 12:0kuwpmq0bmPFIITWKCgTNK8R6woSCsGYaA9vGvLFDaH3:0BwpmDm/T8ZkvGdAhKLFWX |
| MD5: | B37F8F4DD6D203E91BF9B52164B0E930 |
| SHA1: | F498B348D3EF9D9F28439959D734A275F3718A2C |
| SHA-256: | 19D128854E9A737A66F1D78C4D7EACCD5CC6ADE765C4E626580828711BD34277 |
| SHA-512: | 51D77666407859F68F00B2C9F3DA8E886E8ABB8471D17C419E097C2FAAE93F8DE0CCB4B0CC28BE56B1A5C019C5FAF5D412E7D26BD544804A69AEB8660F1EDDAB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 781 |
| Entropy (8bit): | 4.440913869058056 |
| Encrypted: | false |
| SSDEEP: | 24:eMXVxcuu06yM2/vl9fq2y988SAk2B8yhV:eMlru03Dnl9fLypSAkhyhV |
| MD5: | EA579519E716D838A6AB18E046341A08 |
| SHA1: | 815A032D93679FAB52C35FADB9F08C0B51A75724 |
| SHA-256: | 7811FB74BB8885BDFF228CE12DD351D79853786B20648122375A59204200AC38 |
| SHA-512: | C020DF01710B43ADE68AAAD5D2DD0D057007FCEC78303E475AF25A212DE2CD269691611C42BCF393507C13034F66DAFFA8FC0FCDA990FE2042FB3DB095EA1D8B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 275 |
| Entropy (8bit): | 4.645241049855579 |
| Encrypted: | false |
| SSDEEP: | 6:0Bpt0IkBXzKRMblggulSY2+e5LZA1RWAuQhElBS4Fq:0BT0IkhzBelSRVgU384Lq |
| MD5: | 7D769C4365CA475B13B0D7D3FF060839 |
| SHA1: | 39A0854376445A023CEC7E0987142E1670CE8CF9 |
| SHA-256: | 4E3BB0A39D1C62DF3536CC0E9731F45E7577E922E01A0A3EEC3CF9B75CE024E2 |
| SHA-512: | 830B199CCA6058A4A17E3EE34C3875837509BE243D8FCF7CAAED2C1599F87FFF7BB42303966A5D7FDFDBD329B6658DC5F61A52A8E2D64FD2A3D8B85AAD1EF12C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 916 |
| Entropy (8bit): | 3.289213496338271 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0VsXMlykXoXJEIJcw8P12qkXI1J1FV0fC4xnXFl1N184t2YZ/elFlSJm:8WrmCzS7RrsC0X/Kqy |
| MD5: | 1FBC26D69BA8BC44B652435103DB1BBB |
| SHA1: | 152873A7FF0F5D170EF082D835072E62891D6F4B |
| SHA-256: | F2A572375D3518C309C5C4E5B8EA6E93F81EAB654C45BADB8235638894ADF895 |
| SHA-512: | FE422CC10A4D4AB35AD1423B9AFBDC00FCF50D23124DC0F3BE3C483F8EF4889EDA3D47D8E2874E90CF31406EC602FF5F0B7C127AC7070E01571BE4F11678E6A3 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.940149154960324 |
| TrID: |
|
| File name: | DHL AWB Document_pdf.exe |
| File size: | 713'347 bytes |
| MD5: | 0aeea57a56be2f86535e0809c6cd55d5 |
| SHA1: | 3f7e6a4ed823c699c6a18793ed8b18c97c620973 |
| SHA256: | 14b6341a024dfec538f97f5a3b11efbbc056863ea18eefe58822cd81e81ea09d |
| SHA512: | a68c5af239924f89090e3feec220e0ea1af99a169bbc9c712c43e8154aad754024d830bd58b716f50a245d27dd0f1ca4d44fba217e4b63d3aaea7cc6cca09370 |
| SSDEEP: | 12288:0Lx0wMMZg3uMgRJv47/qrsm3N1pY+1fgUCytb0OmL2H8tEB2LyO:0LTZgezfvMlmNP1YLZOmq8KALr |
| TLSH: | 17E4230062526E37E6C307B01A7290F2CA769E95B95A73873FA03F977D3547AC40B297 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....z.W.................^......... |
 | |
| Icon Hash: | a5d56872428d9074 |
| Entrypoint: | 0x4030d9 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x57017AA7 [Sun Apr 3 20:18:47 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b78ecf47c0a3e24a6f4af114e2d1f5de |
| Instruction |
|---|
| sub esp, 00000184h |
| push ebx |
| push esi |
| push edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+18h], ebx |
| mov dword ptr [esp+10h], 00409198h |
| mov dword ptr [esp+20h], ebx |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [004070A8h] |
| call dword ptr [004070A4h] |
| cmp ax, 00000006h |
| je 00007F6BAC7E84C3h |
| push ebx |
| call 00007F6BAC7EB431h |
| cmp eax, ebx |
| je 00007F6BAC7E84B9h |
| push 00000C00h |
| call eax |
| mov esi, 00407298h |
| push esi |
| call 00007F6BAC7EB3ADh |
| push esi |
| call dword ptr [004070A0h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], bl |
| jne 00007F6BAC7E849Dh |
| push ebp |
| push 00000009h |
| call 00007F6BAC7EB404h |
| push 00000007h |
| call 00007F6BAC7EB3FDh |
| mov dword ptr [00423704h], eax |
| call dword ptr [00407044h] |
| push ebx |
| call dword ptr [00407288h] |
| mov dword ptr [004237B8h], eax |
| push ebx |
| lea eax, dword ptr [esp+38h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0041ECC8h |
| call dword ptr [00407174h] |
| push 00409188h |
| push 00422F00h |
| call 00007F6BAC7EB027h |
| call dword ptr [0040709Ch] |
| mov ebp, 00429000h |
| push eax |
| push ebp |
| call 00007F6BAC7EB015h |
| push ebx |
| call dword ptr [00407154h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7428 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x36000 | 0x5110 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5c5b | 0x5e00 | 3d4c7426917ca8533fbfc9cd63e19ba3 | False | 0.6603640292553191 | data | 6.411487375491561 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1246 | 0x1400 | 43fab6a80651bd97af8f34ecf44cd8ac | False | 0.42734375 | data | 5.005029341587408 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x1a7f8 | 0x400 | 00798d060e552892531c88ed1710ae2c | False | 0.6376953125 | data | 5.108396988130901 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x24000 | 0x12000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x36000 | 0x5110 | 0x5200 | 4c0432814ed2e0e86b285740ae86eb13 | False | 0.18054496951219512 | data | 2.9066831452356485 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x362c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.10197095435684647 |
| RT_ICON | 0x38870 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.17659474671669795 |
| RT_ICON | 0x39918 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.21598360655737706 |
| RT_ICON | 0x3a2a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.2703900709219858 |
| RT_DIALOG | 0x3a708 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x3a850 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x3a950 | 0x11c | data | English | United States | 0.6091549295774648 |
| RT_DIALOG | 0x3aa70 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x3ab38 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x3ab98 | 0x3e | data | English | United States | 0.8064516129032258 |
| RT_VERSION | 0x3abd8 | 0x1f4 | data | English | United States | 0.552 |
| RT_MANIFEST | 0x3add0 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc |
| USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
| ADVAPI32.dll | RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Description | Data |
|---|---|
| Comments | becut megalichthys |
| LegalTrademarks | flamboyantizes kiksets rakkeren |
| OriginalFilename | undfangelsen resurceanvendelser.exe |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-18T08:12:38.250010+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.7 | 63509 | 142.250.181.238 | 443 | TCP |
| 2025-02-18T08:12:44.056523+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 63527 | 193.122.130.0 | 80 | TCP |
| 2025-02-18T08:12:45.462784+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 63527 | 193.122.130.0 | 80 | TCP |
| 2025-02-18T08:12:46.049174+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 63529 | 104.21.32.1 | 443 | TCP |
| 2025-02-18T08:12:46.603529+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 63530 | 193.122.130.0 | 80 | TCP |
| 2025-02-18T08:12:49.373281+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 63533 | 104.21.32.1 | 443 | TCP |
| 2025-02-18T08:12:59.712061+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 63543 | 104.21.32.1 | 443 | TCP |
| 2025-02-18T08:13:00.761974+0100 | 1810007 | Joe Security ANOMALY Telegram Send Message | 1 | 192.168.2.7 | 63544 | 149.154.167.220 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 18, 2025 08:11:59.402364016 CET | 63303 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:11:59.407118082 CET | 53 | 63303 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:11:59.407176018 CET | 63303 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:11:59.411971092 CET | 53 | 63303 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:11:59.871181011 CET | 63303 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:11:59.876396894 CET | 53 | 63303 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:11:59.876467943 CET | 63303 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:37.109210014 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.109265089 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.109358072 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.120018959 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.120033979 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.753091097 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.753176928 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.753875971 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.753950119 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.881032944 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.881062031 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.881438017 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.881495953 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.940707922 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:37.983355045 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.250019073 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.250190973 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:38.250345945 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:38.250386953 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.250540018 CET | 443 | 63509 | 142.250.181.238 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.250600100 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:38.250618935 CET | 63509 | 443 | 192.168.2.7 | 142.250.181.238 |
| Feb 18, 2025 08:12:38.275933027 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.275966883 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.276046038 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.276463032 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.276473999 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.919097900 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.919186115 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.923038960 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.923051119 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.923310041 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.923389912 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.930890083 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:38.975333929 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.082125902 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.082195044 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.082272053 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.082303047 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.082320929 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.082349062 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.096669912 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.096791983 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.096800089 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.096853018 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.170284033 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.170403957 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.170425892 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.170475006 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.170480967 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.170535088 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.170800924 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.170852900 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.170872927 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.170924902 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.177135944 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.177221060 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.177246094 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.177292109 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.183334112 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.183408976 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.183439970 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.183482885 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.189673901 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.189735889 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.189764023 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.189907074 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.196047068 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.196106911 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.196116924 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.196161032 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.201754093 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.201811075 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.201817989 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.201857090 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.207698107 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.207762003 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.207787037 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.207843065 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.213975906 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.214057922 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.214153051 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.214205027 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.218758106 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.218830109 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.218852997 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.218904018 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.224565983 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.224642038 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.224667072 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.224718094 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.230299950 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.230393887 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.258846998 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.258909941 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.258939981 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.258969069 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.258995056 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.259102106 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.259129047 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.259150028 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.259172916 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.259371996 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.259421110 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.262571096 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.262629032 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.262643099 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.262687922 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.268300056 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.268358946 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.268379927 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.268434048 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.274036884 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.274115086 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.274122000 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.274305105 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.274312019 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.274441004 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.279700994 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.279758930 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.279781103 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.279829025 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.285387039 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.285463095 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.285491943 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.285542965 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.291090965 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.291192055 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.291201115 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.291249990 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.296802998 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.296869040 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.296940088 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.296991110 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.302697897 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.302778006 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.302813053 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.302871943 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.307917118 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.307991982 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.308008909 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.308048010 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.312993050 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.313097954 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.313107014 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.313149929 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.317626953 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.317691088 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.317713976 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.317756891 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.322124958 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.322190046 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.322212934 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.322256088 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.326420069 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.326486111 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.326495886 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.326528072 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.330441952 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.330503941 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.330513954 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.330527067 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.330548048 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.330590010 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.330600977 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.330631018 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.334472895 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.334537029 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.334561110 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.334604025 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.338505030 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.338574886 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.338599920 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.338645935 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.343081951 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.343148947 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.343173981 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.343242884 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.346257925 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.346324921 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.346349955 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.346404076 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.350161076 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.350222111 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.350249052 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.350292921 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.352593899 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.352650881 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.352672100 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.352715015 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.354959965 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.355017900 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.355036020 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.355073929 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.357769012 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.357826948 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.357846975 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.357887983 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.359375000 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.359428883 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.359450102 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.359496117 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.361749887 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.361809969 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.361828089 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.361866951 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.364109993 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.364164114 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.364177942 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.364212036 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.366333008 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.366393089 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.366408110 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.366444111 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.368757963 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.368805885 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.368820906 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.368859053 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.371129036 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.371180058 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.371196032 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.371227980 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.373378038 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.373430967 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.373441935 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.373534918 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.375771999 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.375828981 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.375845909 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.375881910 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.378129005 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.378191948 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.378209114 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.378247976 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.380379915 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.380444050 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.380456924 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.380495071 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.382627964 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.382683992 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.382699013 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.382742882 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.384933949 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.384989977 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.385004997 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.385045052 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.387310982 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.387398005 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.387406111 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.387443066 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.389682055 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.389744043 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.389761925 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.389797926 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.391866922 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.391920090 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.391933918 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.391980886 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.394289970 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.394362926 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.394377947 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.394423962 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.396445990 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.396526098 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.396533966 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.396573067 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.398823023 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.398876905 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.398888111 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.398926020 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.401519060 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.401576996 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.401586056 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.401632071 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.403522968 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.403563976 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.403589010 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.403624058 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.406105042 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.406152964 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.406181097 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.406214952 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.407912970 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.407952070 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.407969952 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.408015966 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.410603046 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.410649061 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.410664082 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.410703897 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.412483931 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.412544966 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.412559032 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.412596941 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.414932966 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.414993048 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.415019035 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.415051937 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.416902065 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.416946888 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.416956902 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.417005062 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.419100046 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.419148922 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.419164896 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.419210911 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.421138048 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.421189070 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.421195984 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.421233892 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.421240091 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.421273947 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.423324108 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.423387051 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.423403025 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.423443079 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.425380945 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.425421953 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.425457954 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.425494909 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.428607941 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.428647995 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.428662062 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.428697109 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.429590940 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.429630041 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.429640055 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.429672003 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.432607889 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.432656050 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.432672977 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.432707071 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.436480045 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.436537981 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.436558008 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.436597109 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.437243938 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.437295914 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.437304020 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.437341928 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.439014912 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.439069986 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.439080954 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.439116955 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.440685034 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.440737009 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.440751076 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.440784931 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.442620039 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.442756891 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.442771912 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.442785025 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:41.442821026 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.442898989 CET | 63517 | 443 | 192.168.2.7 | 142.250.186.129 |
| Feb 18, 2025 08:12:41.442909956 CET | 443 | 63517 | 142.250.186.129 | 192.168.2.7 |
| Feb 18, 2025 08:12:42.409105062 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:42.414060116 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:42.414863110 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:42.415150881 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:42.420008898 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:42.870929956 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:42.900765896 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:42.905617952 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.012267113 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.056523085 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:44.462223053 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.462277889 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.462337017 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.464837074 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.464852095 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.923330069 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.923437119 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.926954031 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.926959991 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.927239895 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.930967093 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:44.971369982 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.067378998 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.067462921 CET | 443 | 63528 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.067533970 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.265784025 CET | 63528 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.309144020 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:45.313941002 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.408365011 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.415148973 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.415205956 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.415335894 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.415663958 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.415683031 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.462784052 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:45.899331093 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:45.927876949 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:45.927906036 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.048991919 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.049048901 CET | 443 | 63529 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.050127983 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:46.050127983 CET | 63529 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:46.091579914 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:46.095235109 CET | 63530 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:46.096564054 CET | 80 | 63527 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.096862078 CET | 63527 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:46.100122929 CET | 80 | 63530 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.100294113 CET | 63530 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:46.100373030 CET | 63530 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:46.105176926 CET | 80 | 63530 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.555290937 CET | 80 | 63530 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.556955099 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:46.557002068 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.557303905 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:46.557471991 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:46.557486057 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:46.603528976 CET | 63530 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:47.019875050 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:47.021994114 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:47.022015095 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:47.166657925 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:47.166727066 CET | 443 | 63531 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:47.166831017 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:47.167449951 CET | 63531 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:47.192131042 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:47.197047949 CET | 80 | 63532 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:47.197192907 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:47.197560072 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:47.202392101 CET | 80 | 63532 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:48.744066954 CET | 80 | 63532 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:48.751993895 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:48.752039909 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:48.752115965 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:48.756194115 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:48.756206989 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:48.791064978 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.229815960 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.237720013 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:49.237744093 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.373193979 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.373270988 CET | 443 | 63533 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.373400927 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:49.382738113 CET | 63533 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:49.847615004 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.848428011 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.852586985 CET | 80 | 63532 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.852677107 CET | 63532 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.853178024 CET | 80 | 63534 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:49.853418112 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.853418112 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:49.858247042 CET | 80 | 63534 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:51.499892950 CET | 80 | 63534 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:51.501224995 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:51.501264095 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:51.501410007 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:51.501696110 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:51.501708031 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:51.541007042 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:51.965481043 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:51.969245911 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:51.969278097 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.106807947 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.106885910 CET | 443 | 63535 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.106942892 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:52.107369900 CET | 63535 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:52.136337042 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:52.136941910 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:52.141983032 CET | 80 | 63534 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.142021894 CET | 80 | 63536 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.142080069 CET | 63534 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:52.142124891 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:52.142263889 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:52.147001982 CET | 80 | 63536 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.602129936 CET | 80 | 63536 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.610713959 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:52.610765934 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.610824108 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:52.614823103 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:52.614839077 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:52.650320053 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.089579105 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.091438055 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.091456890 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.230307102 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.230480909 CET | 443 | 63537 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.230535030 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.237868071 CET | 63537 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.384533882 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.385674953 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.389714956 CET | 80 | 63536 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.389769077 CET | 63536 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.390506029 CET | 80 | 63538 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.390563011 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.390738010 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:53.395479918 CET | 80 | 63538 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.845184088 CET | 80 | 63538 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.849642992 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.849689007 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.849781990 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.850032091 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:53.850047112 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:53.900362968 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.332978010 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.334837914 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:54.334861040 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.464688063 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.464750051 CET | 443 | 63539 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.465023994 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:54.465289116 CET | 63539 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:54.508961916 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.510268927 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.514857054 CET | 80 | 63538 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.514925003 CET | 63538 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.515348911 CET | 80 | 63540 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:54.515465975 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.515631914 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:54.520458937 CET | 80 | 63540 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:56.558365107 CET | 80 | 63540 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:56.559977055 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:56.560034037 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:56.560129881 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:56.560463905 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:56.560475111 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:56.603528023 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.022506952 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.024348974 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:57.024359941 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.154206038 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.154256105 CET | 443 | 63541 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.154350042 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:57.154872894 CET | 63541 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:57.183162928 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.184231043 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.188231945 CET | 80 | 63540 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.188297987 CET | 63540 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.189018965 CET | 80 | 63542 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:57.189146996 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.189256907 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:57.193959951 CET | 80 | 63542 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.103393078 CET | 80 | 63542 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.117448092 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.117501020 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.117558002 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.117867947 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.117882013 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.150362968 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:59.586476088 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.589459896 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.589493036 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.712023020 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.712188005 CET | 443 | 63543 | 104.21.32.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.712256908 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.712650061 CET | 63543 | 443 | 192.168.2.7 | 104.21.32.1 |
| Feb 18, 2025 08:12:59.879895926 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:59.885032892 CET | 80 | 63542 | 193.122.130.0 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.885118961 CET | 63542 | 80 | 192.168.2.7 | 193.122.130.0 |
| Feb 18, 2025 08:12:59.887972116 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:12:59.888036013 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.888115883 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:12:59.888660908 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:12:59.888746977 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.516921043 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.517076015 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:13:00.518990040 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:13:00.519006014 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.519247055 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.520731926 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:13:00.563335896 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.761652946 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.761725903 CET | 443 | 63544 | 149.154.167.220 | 192.168.2.7 |
| Feb 18, 2025 08:13:00.761826992 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:13:00.765845060 CET | 63544 | 443 | 192.168.2.7 | 149.154.167.220 |
| Feb 18, 2025 08:13:06.386292934 CET | 63530 | 80 | 192.168.2.7 | 193.122.130.0 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 18, 2025 08:11:59.398865938 CET | 53 | 55657 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:37.095917940 CET | 52850 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:37.103137970 CET | 53 | 52850 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:38.267386913 CET | 56036 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:38.274765968 CET | 53 | 56036 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:42.387128115 CET | 60666 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:42.393852949 CET | 53 | 60666 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:44.454107046 CET | 53875 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:44.461522102 CET | 53 | 53875 | 1.1.1.1 | 192.168.2.7 |
| Feb 18, 2025 08:12:59.880649090 CET | 62376 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 18, 2025 08:12:59.887293100 CET | 53 | 62376 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 18, 2025 08:12:37.095917940 CET | 192.168.2.7 | 1.1.1.1 | 0x5be8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 18, 2025 08:12:38.267386913 CET | 192.168.2.7 | 1.1.1.1 | 0xd637 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 18, 2025 08:12:42.387128115 CET | 192.168.2.7 | 1.1.1.1 | 0x3e11 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 18, 2025 08:12:44.454107046 CET | 192.168.2.7 | 1.1.1.1 | 0xc2e4 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 18, 2025 08:12:59.880649090 CET | 192.168.2.7 | 1.1.1.1 | 0x142e | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 18, 2025 08:12:37.103137970 CET | 1.1.1.1 | 192.168.2.7 | 0x5be8 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:38.274765968 CET | 1.1.1.1 | 192.168.2.7 | 0xd637 | No error (0) | 142.250.186.129 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:42.393852949 CET | 1.1.1.1 | 192.168.2.7 | 0x3e11 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:44.461522102 CET | 1.1.1.1 | 192.168.2.7 | 0xc2e4 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 18, 2025 08:12:59.887293100 CET | 1.1.1.1 | 192.168.2.7 | 0x142e | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 63527 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:42.415150881 CET | 151 | OUT | |
| Feb 18, 2025 08:12:42.870929956 CET | 321 | IN | |
| Feb 18, 2025 08:12:42.900765896 CET | 127 | OUT | |
| Feb 18, 2025 08:12:44.012267113 CET | 321 | IN | |
| Feb 18, 2025 08:12:45.309144020 CET | 127 | OUT | |
| Feb 18, 2025 08:12:45.408365011 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 63530 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:46.100373030 CET | 127 | OUT | |
| Feb 18, 2025 08:12:46.555290937 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 63532 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:47.197560072 CET | 151 | OUT | |
| Feb 18, 2025 08:12:48.744066954 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 63534 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:49.853418112 CET | 151 | OUT | |
| Feb 18, 2025 08:12:51.499892950 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 63536 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:52.142263889 CET | 151 | OUT | |
| Feb 18, 2025 08:12:52.602129936 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 63538 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:53.390738010 CET | 151 | OUT | |
| Feb 18, 2025 08:12:53.845184088 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 63540 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:54.515631914 CET | 151 | OUT | |
| Feb 18, 2025 08:12:56.558365107 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 63542 | 193.122.130.0 | 80 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 18, 2025 08:12:57.189256907 CET | 151 | OUT | |
| Feb 18, 2025 08:12:59.103393078 CET | 321 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 63509 | 142.250.181.238 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:37 UTC | 216 | OUT | |
| 2025-02-18 07:12:38 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 63517 | 142.250.186.129 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:38 UTC | 258 | OUT | |
| 2025-02-18 07:12:41 UTC | 5010 | IN | |
| 2025-02-18 07:12:41 UTC | 5010 | IN | |
| 2025-02-18 07:12:41 UTC | 4676 | IN | |
| 2025-02-18 07:12:41 UTC | 1325 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN | |
| 2025-02-18 07:12:41 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 63528 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:44 UTC | 85 | OUT | |
| 2025-02-18 07:12:45 UTC | 853 | IN | |
| 2025-02-18 07:12:45 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 63529 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:45 UTC | 61 | OUT | |
| 2025-02-18 07:12:46 UTC | 857 | IN | |
| 2025-02-18 07:12:46 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 63531 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:47 UTC | 85 | OUT | |
| 2025-02-18 07:12:47 UTC | 855 | IN | |
| 2025-02-18 07:12:47 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 63533 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:49 UTC | 61 | OUT | |
| 2025-02-18 07:12:49 UTC | 855 | IN | |
| 2025-02-18 07:12:49 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 6 | 192.168.2.7 | 63535 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:51 UTC | 85 | OUT | |
| 2025-02-18 07:12:52 UTC | 859 | IN | |
| 2025-02-18 07:12:52 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 7 | 192.168.2.7 | 63537 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:53 UTC | 85 | OUT | |
| 2025-02-18 07:12:53 UTC | 857 | IN | |
| 2025-02-18 07:12:53 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 8 | 192.168.2.7 | 63539 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:54 UTC | 85 | OUT | |
| 2025-02-18 07:12:54 UTC | 855 | IN | |
| 2025-02-18 07:12:54 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 9 | 192.168.2.7 | 63541 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:57 UTC | 85 | OUT | |
| 2025-02-18 07:12:57 UTC | 861 | IN | |
| 2025-02-18 07:12:57 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 10 | 192.168.2.7 | 63543 | 104.21.32.1 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:12:59 UTC | 61 | OUT | |
| 2025-02-18 07:12:59 UTC | 855 | IN | |
| 2025-02-18 07:12:59 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 11 | 192.168.2.7 | 63544 | 149.154.167.220 | 443 | 7596 | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-18 07:13:00 UTC | 349 | OUT | |
| 2025-02-18 07:13:00 UTC | 344 | IN | |
| 2025-02-18 07:13:00 UTC | 55 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 2 |
| Start time: | 02:11:41 |
| Start date: | 18/02/2025 |
| Path: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 713'347 bytes |
| MD5 hash: | 0AEEA57A56BE2F86535E0809C6CD55D5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 10 |
| Start time: | 03:19:15 |
| Start date: | 18/02/2025 |
| Path: | C:\Users\user\Desktop\DHL AWB Document_pdf.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 713'347 bytes |
| MD5 hash: | 0AEEA57A56BE2F86535E0809C6CD55D5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |