Edit tour
Windows
Analysis Report
Swift Copy_19.02.2025.exe
Overview
General Information
| Sample name: | Swift Copy_19.02.2025.exe |
| Analysis ID: | 1620702 |
| MD5: | cfd2a2a0de8c10180319835f2c148578 |
| SHA1: | a685193f4a254f4a67d116120c870f827d83b561 |
| SHA256: | 7d9639376d9c7dcecfdf494950100a6d04238a7d510d65c4b52225b634073b24 |
| Tags: | exeuser-lowmal3 |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 88 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
Swift Copy_19.02.2025.exe (PID: 7488 cmdline:
"C:\Users\ user\Deskt op\Swift C opy_19.02. 2025.exe" MD5: CFD2A2A0DE8C10180319835F2C148578) "C:\Users\ user\Deskt op\Swift C opy_19.02. 2025.exe" MD5: CFD2A2A0DE8C10180319835F2C148578)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "7868872251:AAGgFQ9Bkl4sqj91n2vPKSuoyNLVzJTqODY", "Chat_id": "8173633564", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:22:31.896120+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.7 | 49976 | 104.21.64.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:22:29.637025+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49974 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:30.855980+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49974 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:32.840208+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49977 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:34.168285+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49979 | 132.226.247.73 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:22:24.024973+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.7 | 49972 | 172.217.16.206 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_004065C7 | |
| Source: | Code function: | 0_2_00405996 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 6_2_00402868 | |
| Source: | Code function: | 6_2_004065C7 | |
| Source: | Code function: | 6_2_00405996 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_0040542B | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Code function: | 6_2_00403359 | |
| Source: | Code function: | 0_2_00404C68 | |
| Source: | Code function: | 0_2_0040698E | |
| Source: | Code function: | 0_2_703D1B5F | |
| Source: | Code function: | 6_2_00404C68 | |
| Source: | Code function: | 6_2_0040698E | |
| Source: | Code function: | 6_2_03F95370 | |
| Source: | Code function: | 6_2_03F9C146 | |
| Source: | Code function: | 6_2_03F96FC8 | |
| Source: | Code function: | 6_2_03F9C738 | |
| Source: | Code function: | 6_2_03F976F1 | |
| Source: | Code function: | 6_2_03F93E09 | |
| Source: | Code function: | 6_2_03F99DE0 | |
| Source: | Code function: | 6_2_03F96498 | |
| Source: | Code function: | 6_2_03F9C468 | |
| Source: | Code function: | 6_2_03F929E0 | |
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Code function: | 6_2_00403359 | |
| Source: | Code function: | 0_2_004046EC | |
| Source: | Code function: | 0_2_00402104 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | LNK file: | ||
| Source: | LNK file: | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_703D1B5F | |
| Source: | Code function: | 6_2_03F9891F | |
| Source: | Code function: | 6_2_03F98DE0 | |
| Source: | Code function: | 6_2_03F98C30 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Code function: | 0_2_004065C7 | |
| Source: | Code function: | 0_2_00405996 | |
| Source: | Code function: | 0_2_00402868 | |
| Source: | Code function: | 6_2_00402868 | |
| Source: | Code function: | 6_2_004065C7 | |
| Source: | Code function: | 6_2_00405996 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4888 | ||
| Source: | API call chain: | graph_0-4883 | ||
| Source: | Code function: | 0_2_00401E49 | |
| Source: | Code function: | 0_2_703D1B5F | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00403359 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 214 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 45% | ReversingLabs | Win32.Spyware.Snakekeylogger | ||
| 53% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 172.217.16.206 | true | false | high | |
| drive.usercontent.google.com | 142.250.185.193 | true | false | high | |
| reallyfreegeoip.org | 104.21.64.1 | true | false | high | |
| checkip.dyndns.com | 132.226.247.73 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.185.193 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 172.217.16.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 104.21.64.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1620702 |
| Start date and time: | 2025-02-21 08:19:25 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 35s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 9 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Swift Copy_19.02.2025.exe |
| Detection: | MAL |
| Classification: | mal88.troj.evad.winEXE@3/14@4/4 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.246.60, 52.149.20.212
- Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target Swift Copy_19.02.2025.exe, PID 720 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 03:43:02 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 104.21.64.1 | Get hash | malicious | Lokibot | Browse |
| |
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| 132.226.247.73 | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| UTMEMUS | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| |
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| |
| Get hash | malicious | Discord Token Stealer, GuLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nszB838.tmp\System.dll | Get hash | malicious | FormBook, GuLoader | Browse | ||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 846 |
| Entropy (8bit): | 3.45252604806538 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0c0a/ledp8wXuQUlbqOl11RsbdpYmHbq+14kXWmvRdRc0zJCN85v4t2YZ/elr:8QudO/9lTYd9l4MJw224qy |
| MD5: | BA27DF34223B9D62B86A37DDD99B9B1B |
| SHA1: | 71A2670AA9F59922E1838214359565D0431C1FBF |
| SHA-256: | 3F448C804FEFB0CF3B1BC38A429A4316EF3D1A04388B3190D31FDF17DC337D17 |
| SHA-512: | 5852137128F8A8D203EF63CA96D50745FD1DB8E1DE351351611B3FE80357D01E23CAEB9EE32405C2C8016BC4EB49B975CE3D1045B70F4C64CF992571F35A99BB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.719859767584478 |
| Encrypted: | false |
| SSDEEP: | 192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6 |
| MD5: | 0D7AD4F45DC6F5AA87F606D0331C6901 |
| SHA1: | 48DF0911F0484CBE2A8CDD5362140B63C41EE457 |
| SHA-256: | 3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA |
| SHA-512: | C07DE7308CB54205E8BD703001A7FE4FD7796C9AC1B4BB330C77C872BF712B093645F40B80CE7127531FE6746A5B66E18EA073AB6A644934ABED9BB64126FEA9 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 846 |
| Entropy (8bit): | 3.45252604806538 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0c0a/ledp8wXuQUlbqOl11RsbdpYmHbq+14kXWmvRdRc0zJCN85v4t2YZ/elr:8QudO/9lTYd9l4MJw224qy |
| MD5: | BA27DF34223B9D62B86A37DDD99B9B1B |
| SHA1: | 71A2670AA9F59922E1838214359565D0431C1FBF |
| SHA-256: | 3F448C804FEFB0CF3B1BC38A429A4316EF3D1A04388B3190D31FDF17DC337D17 |
| SHA-512: | 5852137128F8A8D203EF63CA96D50745FD1DB8E1DE351351611B3FE80357D01E23CAEB9EE32405C2C8016BC4EB49B975CE3D1045B70F4C64CF992571F35A99BB |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 385 |
| Entropy (8bit): | 4.832402033784482 |
| Encrypted: | false |
| SSDEEP: | 6:TgHzz2qOXw2WiNBEzeEbEHJMA20Lm/HklkC70jeQQuRhClLZMJyNUivycFAe1:KGJYiNyXgHJMAt6HkyC70jkRT71 |
| MD5: | 90EC9FEAAB66462033FBB70FB9A3EE4B |
| SHA1: | 7AEF435EFC9C6007010315D6A7278A04E5A52429 |
| SHA-256: | E2C21AFE2CCD6E3D219780F268500BB8337D8B891E8595EC7C49AC35BAAC2057 |
| SHA-512: | 2CF848417755B906827EB26E42F84B8A454EA409855F3705D74E66F0F4340B8019D914E6616D302A69363A5F834A6E1CCB9A1F2B7887FA5A42BD11CAE317BEB4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28874 |
| Entropy (8bit): | 7.844370082286915 |
| Encrypted: | false |
| SSDEEP: | 768:JPcUFwwqj73AuqAnmlcjknNblmP1CvYUI3dtz1VSA:JPcUsjHqOwxDYiA |
| MD5: | C9ABF950B5EA7C4E30DD9F58FC96E8D2 |
| SHA1: | 783B728F9C93A86A9524AF93F9DF2EC851A38A69 |
| SHA-256: | 7B1F375157924D100B36C83547FD9A070C5C2F99AA2821AF7372D73DD34A264B |
| SHA-512: | C40DAFA22A0D2AEAB1757D1EF4A4D47A5A3098552C98AB1CA36A4C8D4EB6526ACD632737ACE30C04DD56C37F967B2477991DB1A461BAC329A26B6A050EA6A7BE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 450534 |
| Entropy (8bit): | 2.6473802752967566 |
| Encrypted: | false |
| SSDEEP: | 3072:d3x7TBmJ/bOa0qNwkQOlSzOrRth4+49IBW276D:dhnghuq+kLSOrRth4XCBWY6D |
| MD5: | E846A0B20301808D60676739AC9B5EB1 |
| SHA1: | E930132F14B65F087EF4FD0F82AD02A63B546244 |
| SHA-256: | FD753F0E8394081E9DC335352A9A1681D6E542AF7E24E891C5A37E2DF65B3F10 |
| SHA-512: | 7D1E14D4CEC4ED12F22C3909EDAC6C802D421BF00F045BF61DBE10B9357708B4BAF3F12CEB0D0709832134DC9E1FC41F32D922B254E62A65AA731B09D591B36A |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 215804 |
| Entropy (8bit): | 7.513742176745442 |
| Encrypted: | false |
| SSDEEP: | 3072:auYg7NtmmfwGUNKQMibuuvBtskYCWBYZiLuWhnsF+fAFlPmnhHvF3nVPXoT7XxCl:amNFUNC4LBBYCWBtCohPFnx+hyYto1AW |
| MD5: | C305740F9F095BD3F9D7DFFA1068399E |
| SHA1: | 6976A759EE936BDEE1DF7CAA370494A1B3701AE4 |
| SHA-256: | 4D6A7623602268D5A5BC24E72B2E92658D1196C85A3D15C8C398D7AEC8B2F9E0 |
| SHA-512: | DE84527E96BC3021C36C7CC81BCC2BF533EC6C36F308CD845BBA5484F8B6C8B7FD42617F411DFB9DE1BA98AFA855FC3B9E1B3639F236C9B7911A93FEEAF31892 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 491 |
| Entropy (8bit): | 4.31953270914656 |
| Encrypted: | false |
| SSDEEP: | 12:7KiEoPLTxneWRDBeFaSWTVQK/mD5VWlHAX/bIogUXv:+xojTxneydeF0QKF9Wfg6 |
| MD5: | 663E26E192D34C89A21482F86A0CC079 |
| SHA1: | D50C89DDF76D97B7FFF7AFBB20FE698B820F35BE |
| SHA-256: | 79AB4370CA578D5FA793BFE1A3041D70B95855D3056594FA41EDC00ECF416A20 |
| SHA-512: | B9A84B48F8A8F733F10A88F285169ECA7416E6FE1A2B51B73A4A4228C7A8781292DCBDE1FF748ECD1E7FF14B743F3E0BF455EE3C1BD0BF2454B0E33B39A30FA3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 4.355240967905803 |
| Encrypted: | false |
| SSDEEP: | 12:DQK0AeDcGABWyOVm1kjppAiYFCR/TD6zQAFqrX47tP8wokbb1XF1LbkeW0r3q:DQK0AeDKczjDInzQzrX47tP3ZIKr3q |
| MD5: | 790EBF2AC0CA4ADCDB58E45D0A450DBC |
| SHA1: | D18F698C2AA650D78AD5167E3B2B9953F54D3F8A |
| SHA-256: | C49F3F671B7CBF550040EA2DC10D462A46D87C7D62CA0F85C6CDFE86A42CECD2 |
| SHA-512: | 1F3D6EE159D0EE604D22A6565228F41C58FADCF141B8A69A277D70B8D74A3306205B3FC56C1F4D93873056BF29C68053305B55EEA3B878A0C967739D224A445B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 29380 |
| Entropy (8bit): | 1.2646489004189274 |
| Encrypted: | false |
| SSDEEP: | 192:vp3MOAy7WiXB2O1NUcFWb38pStMMI81jeUWBmSF//LzzIxj13gjwKWuQ6SSph7NC:x3vArO7WwNM/JUZe3gjw36z7A |
| MD5: | 766D9EF7530D23758F482B0AB2B54788 |
| SHA1: | C430E21B1463ECEB32D05C6F0909D9821C27A3E7 |
| SHA-256: | 7BA4160056FB1B321E5859A9AA1F9C277B9C798B968C34E735F5222710E7ED09 |
| SHA-512: | 5BC154B564AF204C25D2E7651E3C4C9F9263C3E6A88F149DDBE9892BAF0B26079E171AEBAC4DD334EE8192EC4F2C5D510536A2287AD1EEA5BD357AAAFABAD68F |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 602 |
| Entropy (8bit): | 4.605036996213703 |
| Encrypted: | false |
| SSDEEP: | 12:VOnCFZCC0zHqKKMiM5tLBcwhRlZGoMTisWPulSW5VKZRU4wPa:UGQCsqKtiEvlEBTi1W5gZRB |
| MD5: | AC5918C28B077C9134D607DD4DA5C7D8 |
| SHA1: | 0B6E4CD64998D4A6BDCBD6698F1388BB0B4F204D |
| SHA-256: | 7A0296F17E8BDED15E306321AF16A537DFE424EA806BDA138402C11453C27E1D |
| SHA-512: | 0B83B999A6EE4FD22604DF2ED2610403ABEAA24AA0926DB61C91F63B9477A0AA63DA1AC8B6C2DE348F523E7ED4C414CD28A30B75E8B6FADED2C2431D5F6A6F5E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 497 |
| Entropy (8bit): | 4.53243935171649 |
| Encrypted: | false |
| SSDEEP: | 12:0IFT8Q2uF5oBYyQgRxc6h9JOTTu8MSgMgUWYM16Ew51NLaH:X8VuYYyxrhrViBDy/9H |
| MD5: | 349C3014AD27290CECAF439303816708 |
| SHA1: | 33C07D049A06EDA444A3AB12E4E935D61618ADC8 |
| SHA-256: | 7AEA294FBDC4CFA3972C4BF45A2C787F38174B5A0E8A3C2AB45ACB0FC5B5D120 |
| SHA-512: | 801B190430E8FBED64D7EE2E1BCAA2A35651E5C261D79726E93668D7F13DEA58D8CCD34EDBCA3FD4340B219AB1FA75CB2F58ADAE2EF79741C8886462A6A16FCE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 499466 |
| Entropy (8bit): | 1.2537138658824154 |
| Encrypted: | false |
| SSDEEP: | 1536:n9B+wZ0kdeJjeICC3gnX++yF9zMVwwC6mfPWc:n950dCqaXFyPzM1mfB |
| MD5: | A751D549670670F890F5A08CC4F5A4D6 |
| SHA1: | C44D434264F7DAE94C0D5A7FB58053D81B99391D |
| SHA-256: | D05E57BC53965EA455C243B24BD34A5549ED8F08698C834A411435F0EB9F893D |
| SHA-512: | 03FDFE35FC7D8DD0BF02E7E78C7D69B989A6A495BD4ECBDD34C1012AE82B7ABFDBE8FC30B82705BF54BDBD0F2493F7A04F78F9FA15809A8461AD556B8A584AA8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 271621 |
| Entropy (8bit): | 1.2540543167421097 |
| Encrypted: | false |
| SSDEEP: | 768:KtofaHIEDu5ffzIabBiHt/tAr4ajzjk8NG4GwGuV0VXHfR:1faDwfzIaAYDjk8gXfR |
| MD5: | CCE99D8B4C78640993AA75D7C428D061 |
| SHA1: | 6C4F21368687D9A2C8423032BCC8E0ED3227DA07 |
| SHA-256: | 33D5EDAE3829EF41E644CD76D9BC5F8386420513BD254CA7AB4A88C5C615810C |
| SHA-512: | 47ED14565C2D4208F66A7AE070454243F26D06C72F784B9C8675BA172A0B94CF85868778E8DE07F12ABE6078A29D58A833FA269BFD82CD47A01E9E4601730836 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.9564349118896605 |
| TrID: |
|
| File name: | Swift Copy_19.02.2025.exe |
| File size: | 693'604 bytes |
| MD5: | cfd2a2a0de8c10180319835f2c148578 |
| SHA1: | a685193f4a254f4a67d116120c870f827d83b561 |
| SHA256: | 7d9639376d9c7dcecfdf494950100a6d04238a7d510d65c4b52225b634073b24 |
| SHA512: | a423f5abf8ff6b7caa625cb292760f08839527352dde9808f8c73b2d7e5f76d5c7e6f4d997054c39a9375a02a74b044a89efd4dae9e7ad0a4c835c8ae83ca259 |
| SSDEEP: | 12288:Xa/AcZ6qJ2s1+pBOi+jWtpXpUtvntYRo0/vzwZ2XdgjPEmADNA0EpphZNG2K:X4Z6SQB5+ypXGL4oyszjsmY0K |
| TLSH: | F1E4239162D4C9EAE0668FF2E47DCAF44DF89D20E938834353547E2D3D7A5018E1A3DA |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L......\.................d...*..... |
 | |
| Icon Hash: | 23034d4b1303112b |
| Entrypoint: | 0x403359 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5C157F1B [Sat Dec 15 22:24:27 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080A8h] |
| call dword ptr [004080A4h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [0042A20Ch], eax |
| je 00007FAED8B00223h |
| push ebx |
| call 00007FAED8B034D5h |
| cmp eax, ebx |
| je 00007FAED8B00219h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007FAED8B0344Fh |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007FAED8B001FCh |
| push 0000000Ah |
| call 00007FAED8B034A8h |
| push 00000008h |
| call 00007FAED8B034A1h |
| push 00000006h |
| mov dword ptr [0042A204h], eax |
| call 00007FAED8B03495h |
| cmp eax, ebx |
| je 00007FAED8B00221h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007FAED8B00219h |
| or byte ptr [0042A20Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [0042A2D8h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 004216A8h |
| call dword ptr [00408188h] |
| push 0040A2C8h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x55000 | 0x2fde8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x62a5 | 0x6400 | 5814efda24a547f46f687d77de540309 | False | 0.6590234375 | data | 6.431421556070023 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x1396 | 0x1400 | ef1be07ca8b096915258569fb3718a3c | False | 0.453125 | data | 5.159710562612049 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x20318 | 0x600 | 7d0d44c89e64b001096d8f9c60b1ac1b | False | 0.4928385416666667 | data | 3.90464114821524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x2b000 | 0x2a000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x55000 | 0x2fde8 | 0x2fe00 | 30681180cff1042f2d0d4ceee6d45f1a | False | 0.9422986700391645 | data | 7.870508006637617 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x55418 | 0x1c24c | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States | 1.0003036191401506 |
| RT_ICON | 0x71668 | 0x923b | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States | 0.9948978228930145 |
| RT_ICON | 0x7a8a8 | 0x3945 | PNG image data, 256 x 256, 4-bit colormap, non-interlaced | English | United States | 1.0007502898847283 |
| RT_ICON | 0x7e1f0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.5910788381742739 |
| RT_ICON | 0x80798 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.62312382739212 |
| RT_ICON | 0x81840 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304 | English | United States | 0.7022921108742004 |
| RT_ICON | 0x826e8 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | English | United States | 0.7955776173285198 |
| RT_ICON | 0x82f90 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States | 0.5170731707317073 |
| RT_ICON | 0x835f8 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256 | English | United States | 0.7210982658959537 |
| RT_ICON | 0x83b60 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.7322695035460993 |
| RT_ICON | 0x83fc8 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States | 0.6666666666666666 |
| RT_ICON | 0x842b0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States | 0.7297297297297297 |
| RT_DIALOG | 0x843d8 | 0x120 | data | English | United States | 0.5138888888888888 |
| RT_DIALOG | 0x844f8 | 0x11c | data | English | United States | 0.6056338028169014 |
| RT_DIALOG | 0x84618 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x846e0 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x84740 | 0xae | data | English | United States | 0.6379310344827587 |
| RT_VERSION | 0x847f0 | 0x2b8 | COM executable for DOS | English | United States | 0.47413793103448276 |
| RT_MANIFEST | 0x84aa8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States | 0.5542168674698795 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Description | Data |
|---|---|
| Comments | lampatia |
| FileDescription | flighting redescribes nasioinial |
| FileVersion | 1.4.0.0 |
| InternalName | dovetailwise.exe |
| OriginalFilename | dovetailwise.exe |
| ProductName | autodidakte leah bubas |
| ProductVersion | 1.4.0.0 |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-02-21T08:22:24.024973+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.7 | 49972 | 172.217.16.206 | 443 | TCP |
| 2025-02-21T08:22:29.637025+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49974 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:30.855980+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49974 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:31.896120+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.7 | 49976 | 104.21.64.1 | 443 | TCP |
| 2025-02-21T08:22:32.840208+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49977 | 132.226.247.73 | 80 | TCP |
| 2025-02-21T08:22:34.168285+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.7 | 49979 | 132.226.247.73 | 80 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:22:22.519126892 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:22.519167900 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:22.519305944 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:22.533747911 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:22.533766031 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:23.167778015 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:23.168044090 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:23.168406963 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:23.168469906 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:23.673739910 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:23.673768997 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:23.674139023 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:23.674216986 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:23.722476959 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:23.763331890 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.024971008 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.025125027 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:24.025141001 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.025285006 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:24.025340080 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:24.025382996 CET | 443 | 49972 | 172.217.16.206 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.025481939 CET | 49972 | 443 | 192.168.2.7 | 172.217.16.206 |
| Feb 21, 2025 08:22:24.053273916 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.053325891 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.053406000 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.053842068 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.053858042 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.708812952 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.708942890 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.712646961 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.712657928 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.713083982 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.713172913 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.713512897 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:24.759329081 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.076319933 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.076411009 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.077088118 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.077166080 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.092971087 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.093059063 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.093070030 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.093128920 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.166795015 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.166843891 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.166866064 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.166899920 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.166918993 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.166932106 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.166982889 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.166982889 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.166992903 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.167040110 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.171746016 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.171873093 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.171896935 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.171951056 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.178070068 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.178138971 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.178168058 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.178229094 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.184571028 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.184659958 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.184693098 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.184746027 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.190891027 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.190949917 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.190982103 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.191066027 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.196763992 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.196834087 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.196854115 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.196937084 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.202950001 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.203011990 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.203046083 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.203093052 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.208798885 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.208877087 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.208900928 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.208951950 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.214802980 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.214891911 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.214919090 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.214987993 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.220724106 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.220784903 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.220818996 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.220942020 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.226782084 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.226861954 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.257477045 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257592916 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.257623911 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257683992 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257684946 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.257699013 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257755041 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.257767916 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257846117 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.257901907 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.257956982 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.258680105 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.258744955 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.258966923 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.259044886 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.259054899 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.259105921 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.264067888 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.264133930 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.264144897 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.264208078 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.270008087 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.270060062 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.270087004 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.270118952 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.270148039 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.270168066 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.275902033 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.276356936 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.276390076 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.276813984 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.284416914 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.284482956 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.284512043 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.284595013 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.288515091 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.288616896 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.288646936 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.288832903 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.293354034 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.293418884 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.293451071 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.293582916 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.299124956 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.299355030 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.299391031 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.299592018 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.304677010 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.304744959 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.304776907 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.304827929 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.311029911 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.311124086 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.311151981 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.311206102 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.315826893 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.315901041 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.315927982 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.315988064 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.320270061 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.320380926 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.320414066 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.320492983 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.324587107 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.324672937 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.324702978 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.324822903 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.328598976 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.328648090 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.328694105 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.328694105 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.328721046 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.328768015 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.332684994 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.332786083 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.332811117 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.332896948 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.336765051 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.336873055 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.336903095 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.337168932 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.340528965 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.340626001 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.340658903 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.340825081 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.344356060 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.344429016 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.344460964 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.344804049 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.348201036 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.348416090 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.348443031 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.348500013 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.350771904 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.350903988 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.350919962 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.350975990 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.352966070 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.353040934 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.353063107 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.353118896 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.355463982 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.355528116 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.355546951 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.355603933 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.357609034 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.357734919 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.357764006 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.357820034 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.360052109 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.360320091 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.360359907 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.360436916 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.362211943 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.362332106 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.362360001 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.362413883 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.364200115 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.364321947 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.364342928 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.364586115 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.368377924 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.368453979 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.368485928 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.368551970 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.369175911 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.369242907 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.369362116 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.369414091 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.370953083 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.371043921 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.371077061 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.371130943 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.373563051 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.373631954 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.373661995 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.373817921 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.374346972 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.374417067 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.374440908 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.374492884 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.376908064 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.377015114 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.377043962 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.377175093 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.378767967 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.378828049 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.378854990 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.378920078 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.381151915 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.381228924 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.381258011 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.381319046 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.384478092 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.384557009 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.384582043 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.384686947 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.385808945 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.385871887 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.386017084 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.386070013 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.391876936 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.391922951 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.391967058 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.391967058 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.391978025 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.392117977 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.395929098 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.396147013 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.396157980 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.396233082 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.396244049 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.396294117 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.396301031 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.396373987 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.401251078 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.401305914 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.401314974 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.401329994 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.401386023 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.401386023 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.401395082 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.401454926 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.405759096 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.405816078 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.405823946 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.405832052 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.405886889 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.405886889 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.405896902 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.405956030 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.410346031 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.410389900 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.410410881 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.410438061 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.410475969 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.410475969 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.410545111 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.410603046 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.415409088 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.415477991 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.415504932 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.415570021 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.415577888 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.415622950 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.415630102 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.415702105 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.419507027 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.419574976 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.419600010 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.419858932 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.419864893 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.419877052 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.419939995 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.419950008 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.420099974 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.423412085 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.423521042 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.423566103 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.423738956 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.423930883 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.424011946 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.424083948 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.424195051 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.427548885 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.427597046 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.427640915 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.427640915 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.427654028 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.427676916 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.427711964 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.427711964 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.429439068 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.429897070 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.429909945 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.429919958 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.429966927 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.429986000 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.429999113 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.430124044 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.433248043 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.433337927 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.433356047 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.433413029 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.434350967 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.434406996 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.434417963 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.434462070 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.437016010 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.437084913 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.437107086 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.437228918 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.437458992 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.437546968 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.439991951 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.440042973 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.440068007 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.440098047 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.440110922 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.440213919 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.440608978 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.440665007 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.440679073 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.440748930 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.443514109 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.443578959 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.443658113 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.443718910 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.444108009 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.444180965 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.444196939 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.444250107 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.445638895 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.445722103 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.445736885 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.446028948 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.446991920 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.447128057 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.447182894 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.447238922 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.448715925 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.448786974 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.448997974 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.449450016 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.450150967 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.450336933 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.450411081 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.450481892 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.451968908 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.452061892 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.452080011 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.452230930 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.453515053 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.453598976 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.453623056 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.453710079 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.454864979 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.454951048 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.454966068 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.455198050 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.456267118 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.456331968 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.456350088 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.456399918 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.457796097 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.457839012 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.457885027 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.457885027 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.457907915 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.457967043 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.459022999 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.459078074 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.459095955 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.459145069 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.460499048 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.460596085 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.460616112 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.460695982 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.461787939 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.461852074 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.461868048 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.461932898 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.463157892 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.463238001 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.463252068 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.463335037 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.465143919 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.465219021 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.465244055 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.465359926 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.467573881 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.467621088 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.467653990 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.467683077 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.467684031 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.467706919 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.467725039 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.467776060 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.472287893 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.472414017 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.472440004 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.472475052 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:27.472517967 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.472517967 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.473140955 CET | 49973 | 443 | 192.168.2.7 | 142.250.185.193 |
| Feb 21, 2025 08:22:27.473161936 CET | 443 | 49973 | 142.250.185.193 | 192.168.2.7 |
| Feb 21, 2025 08:22:28.678229094 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:28.683398008 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:28.683476925 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:28.683619976 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:28.688769102 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.357745886 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.380371094 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:29.386571884 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.587616920 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.637025118 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:29.963974953 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:29.964032888 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.964102030 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:29.966412067 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:29.966434002 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.433533907 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.433727026 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.437658072 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.437686920 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.438137054 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.441893101 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.483336926 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.566800117 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.566910982 CET | 443 | 49975 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.566981077 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.573442936 CET | 49975 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.601624966 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:30.606724977 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.807456970 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.811559916 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.811647892 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.811732054 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.811996937 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:30.812031031 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:30.855979919 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:31.267832041 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:31.327383041 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:31.787967920 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:31.788002968 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:31.896131039 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:31.896203041 CET | 443 | 49976 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:31.896255970 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:31.913927078 CET | 49976 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:32.120707035 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:32.122205973 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:32.125940084 CET | 80 | 49974 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.126003027 CET | 49974 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:32.127252102 CET | 80 | 49977 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.127330065 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:32.127432108 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:32.132383108 CET | 80 | 49977 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.797480106 CET | 80 | 49977 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.799192905 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:32.799252033 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.799335957 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:32.799602032 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:32.799627066 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:32.840208054 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.278975964 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.280951977 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:33.281008005 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.424256086 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.424324989 CET | 443 | 49978 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.424474955 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:33.425183058 CET | 49978 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:33.451481104 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.452764988 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.456820011 CET | 80 | 49977 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.456893921 CET | 49977 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.457768917 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:33.457854033 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.457906008 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:33.462876081 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:34.121898890 CET | 80 | 49979 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:34.123156071 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:34.123208046 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:34.123333931 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:34.123533964 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:34.123550892 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:34.168284893 CET | 49979 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:34.590830088 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:34.637048960 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:37.031905890 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:37.031936884 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.142427921 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.142518997 CET | 443 | 49980 | 104.21.64.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.142626047 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:37.143208027 CET | 49980 | 443 | 192.168.2.7 | 104.21.64.1 |
| Feb 21, 2025 08:22:37.146390915 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:37.151413918 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.151520014 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:37.151688099 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Feb 21, 2025 08:22:37.156739950 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.814584970 CET | 80 | 49981 | 132.226.247.73 | 192.168.2.7 |
| Feb 21, 2025 08:22:37.855823040 CET | 49981 | 80 | 192.168.2.7 | 132.226.247.73 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 21, 2025 08:22:22.496881962 CET | 56038 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 21, 2025 08:22:22.505244970 CET | 53 | 56038 | 1.1.1.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:24.042017937 CET | 52996 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 21, 2025 08:22:24.051177979 CET | 53 | 52996 | 1.1.1.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:28.658999920 CET | 63966 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 21, 2025 08:22:28.666435957 CET | 53 | 63966 | 1.1.1.1 | 192.168.2.7 |
| Feb 21, 2025 08:22:29.953207970 CET | 60786 | 53 | 192.168.2.7 | 1.1.1.1 |
| Feb 21, 2025 08:22:29.963320971 CET | 53 | 60786 | 1.1.1.1 | 192.168.2.7 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:22:22.496881962 CET | 192.168.2.7 | 1.1.1.1 | 0xa37e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:22:24.042017937 CET | 192.168.2.7 | 1.1.1.1 | 0xf691 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:22:28.658999920 CET | 192.168.2.7 | 1.1.1.1 | 0x1028 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Feb 21, 2025 08:22:29.953207970 CET | 192.168.2.7 | 1.1.1.1 | 0x4c28 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 21, 2025 08:22:22.505244970 CET | 1.1.1.1 | 192.168.2.7 | 0xa37e | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:24.051177979 CET | 1.1.1.1 | 192.168.2.7 | 0xf691 | No error (0) | 142.250.185.193 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:28.666435957 CET | 1.1.1.1 | 192.168.2.7 | 0x1028 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false | ||
| Feb 21, 2025 08:22:29.963320971 CET | 1.1.1.1 | 192.168.2.7 | 0x4c28 | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49974 | 132.226.247.73 | 80 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:22:28.683619976 CET | 151 | OUT | |
| Feb 21, 2025 08:22:29.357745886 CET | 273 | IN | |
| Feb 21, 2025 08:22:29.380371094 CET | 127 | OUT | |
| Feb 21, 2025 08:22:29.587616920 CET | 273 | IN | |
| Feb 21, 2025 08:22:30.601624966 CET | 127 | OUT | |
| Feb 21, 2025 08:22:30.807456970 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49977 | 132.226.247.73 | 80 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:22:32.127432108 CET | 127 | OUT | |
| Feb 21, 2025 08:22:32.797480106 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49979 | 132.226.247.73 | 80 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:22:33.457906008 CET | 127 | OUT | |
| Feb 21, 2025 08:22:34.121898890 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port |
|---|---|---|---|---|
| 3 | 192.168.2.7 | 49981 | 132.226.247.73 | 80 |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Feb 21, 2025 08:22:37.151688099 CET | 151 | OUT | |
| Feb 21, 2025 08:22:37.814584970 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.7 | 49972 | 172.217.16.206 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:23 UTC | 216 | OUT | |
| 2025-02-21 07:22:24 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.7 | 49973 | 142.250.185.193 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:24 UTC | 258 | OUT | |
| 2025-02-21 07:22:27 UTC | 5015 | IN | |
| 2025-02-21 07:22:27 UTC | 5015 | IN | |
| 2025-02-21 07:22:27 UTC | 4666 | IN | |
| 2025-02-21 07:22:27 UTC | 1325 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN | |
| 2025-02-21 07:22:27 UTC | 1390 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.7 | 49975 | 104.21.64.1 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:30 UTC | 85 | OUT | |
| 2025-02-21 07:22:30 UTC | 850 | IN | |
| 2025-02-21 07:22:30 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.7 | 49976 | 104.21.64.1 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:31 UTC | 61 | OUT | |
| 2025-02-21 07:22:31 UTC | 858 | IN | |
| 2025-02-21 07:22:31 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.7 | 49978 | 104.21.64.1 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:33 UTC | 85 | OUT | |
| 2025-02-21 07:22:33 UTC | 866 | IN | |
| 2025-02-21 07:22:33 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 5 | 192.168.2.7 | 49980 | 104.21.64.1 | 443 | 720 | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-02-21 07:22:37 UTC | 85 | OUT | |
| 2025-02-21 07:22:37 UTC | 853 | IN | |
| 2025-02-21 07:22:37 UTC | 362 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 02:20:27 |
| Start date: | 21/02/2025 |
| Path: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 693'604 bytes |
| MD5 hash: | CFD2A2A0DE8C10180319835F2C148578 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 6 |
| Start time: | 03:42:46 |
| Start date: | 21/02/2025 |
| Path: | C:\Users\user\Desktop\Swift Copy_19.02.2025.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 693'604 bytes |
| MD5 hash: | CFD2A2A0DE8C10180319835F2C148578 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |