Edit tour
Windows
Analysis Report
DNNueAb5UZ.exe
Overview
General Information
| Sample name: | DNNueAb5UZ.exerenamed because original name is a hash value |
| Original sample name: | 63e3936903bc65ce779ef8b852fbd0e0f92167b2d571c09dd92bc8b2f8fb16a4.exe |
| Analysis ID: | 1632222 |
| MD5: | 1f3c24498ead0b5bb12be0fb2a21aba8 |
| SHA1: | 5ae261e3568b4f994a087f4b545e555dbcb1ce03 |
| SHA256: | 63e3936903bc65ce779ef8b852fbd0e0f92167b2d571c09dd92bc8b2f8fb16a4 |
| Tags: | exeGuLoaderuser-adrian__luca |
| Infos: |  |
 | |
Detection
GuLoader, Snake Keylogger
| Score: | 100 |
| Range: | 0 - 100 |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Joe Sandbox ML detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
- System is w10x64
DNNueAb5UZ.exe (PID: 5580 cmdline: "C:\Users\ user\Deskt op\DNNueAb 5UZ.exe" MD5: 1F3C24498EAD0B5BB12BE0FB2A21ABA8) - DNNueAb5UZ.exe (PID: 7784 cmdline:
"C:\Users\ user\Deskt op\DNNueAb 5UZ.exe" MD5: 1F3C24498EAD0B5BB12BE0FB2A21ABA8)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| 404 Keylogger, Snake Keylogger | Snake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram. | No Attribution |
{"Exfil Mode": "Telegram", "Token": "7985048972:AAETw71DlbcHqzvtl1F1nkzl_0aMbnCis_c", "Chat_id": "7794818739", "Version": "4.4"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_SnakeKeylogger | Yara detected Snake Keylogger | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:08:25.761232+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49693 | 104.21.112.1 | 443 | TCP |
| 2025-03-07T21:08:28.880655+0100 | 2803305 | 3 | Unknown Traffic | 192.168.2.6 | 49695 | 104.21.112.1 | 443 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:08:20.263553+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49691 | 132.226.8.169 | 80 | TCP |
| 2025-03-07T21:08:23.246411+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49691 | 132.226.8.169 | 80 | TCP |
| 2025-03-07T21:08:26.793256+0100 | 2803274 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49694 | 132.226.8.169 | 80 | TCP |
| Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:08:11.602139+0100 | 2803270 | 2 | Potentially Bad Traffic | 192.168.2.6 | 49689 | 142.250.185.238 | 443 | TCP |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Integrated Neural Analysis Model: | ||
Location Tracking | |
|---|
| Source: | DNS query: | ||
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_00405FFD | |
| Source: | Code function: | 0_2_0040559B | |
| Source: | Code function: | 0_2_00402688 | |
| Source: | Code function: | 9_2_00405FFD | |
| Source: | Code function: | 9_2_00402688 | |
| Source: | Code function: | 9_2_0040559B | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | JA3 fingerprint: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | Suricata IDS: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 0_2_00405050 | |
| Source: | Process Stats: | ||
| Source: | Code function: | 0_2_004030D9 | |
| Source: | Code function: | 9_2_004030D9 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 0_2_00406344 | |
| Source: | Code function: | 0_2_0040488F | |
| Source: | Code function: | 9_2_00406344 | |
| Source: | Code function: | 9_2_0040488F | |
| Source: | Code function: | 9_2_066CC738 | |
| Source: | Code function: | 9_2_066C6FC8 | |
| Source: | Code function: | 9_2_066CC468 | |
| Source: | Code function: | 9_2_066C5370 | |
| Source: | Code function: | 9_2_066CA088 | |
| Source: | Code function: | 9_2_066CC146 | |
| Source: | Code function: | 9_2_066C69A0 | |
| Source: | Code function: | 9_2_066C3E09 | |
| Source: | Code function: | 9_2_066C3A89 | |
| Source: | Code function: | 9_2_066C29EC | |
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004030D9 | |
| Source: | Code function: | 9_2_004030D9 | |
| Source: | Code function: | 0_2_0040431C | |
| Source: | Code function: | 0_2_0040205E | |
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Static PE information: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 0_2_10001A5D | |
| Source: | Code function: | 0_2_10002D4E | |
| Source: | Code function: | 9_3_0670EE65 | |
| Source: | Code function: | 9_3_067038E0 | |
| Source: | Code function: | 9_3_0670CF4D | |
| Source: | Code function: | 9_3_0670EEA9 | |
| Source: | Code function: | 9_2_066C9D55 | |
| Source: | Code function: | 9_2_066C6900 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | API/Special instruction interceptor: | ||
| Source: | API/Special instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | RDTSC instruction interceptor: | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405FFD | |
| Source: | Code function: | 0_2_0040559B | |
| Source: | Code function: | 0_2_00402688 | |
| Source: | Code function: | 9_2_00405FFD | |
| Source: | Code function: | 9_2_00402688 | |
| Source: | Code function: | 9_2_0040559B | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | API call chain: | graph_0-4769 | ||
| Source: | API call chain: | graph_0-4772 | ||
| Source: | Code function: | 0_2_10001A5D | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00405D1B | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 11 Masquerading | OS Credential Dumping | 21 Security Software Discovery | Remote Services | 1 Archive Collected Data | 11 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 11 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 31 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Clipboard Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
| Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 31 Virtualization/Sandbox Evasion | Security Account Manager | 1 Application Window Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
| Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 1 System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
| Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
| Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | 214 System Information Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
| DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
| Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 74% | Virustotal | Browse | ||
| 55% | ReversingLabs | Win32.Trojan.Guloader | ||
| 100% | Avira | TR/Injector.byrsu |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 1% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.185.238 | true | false | high | |
| drive.usercontent.google.com | 142.250.181.225 | true | false | high | |
| reallyfreegeoip.org | 104.21.112.1 | true | false | high | |
| checkip.dyndns.com | 132.226.8.169 | true | false | high | |
| checkip.dyndns.org | unknown | unknown | false | high |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high | ||
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 132.226.8.169 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false | |
| 104.21.112.1 | reallyfreegeoip.org | United States | 13335 | CLOUDFLARENETUS | false | |
| 142.250.181.225 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.185.238 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox version: | 42.0.0 Malachite |
| Analysis ID: | 1632222 |
| Start date and time: | 2025-03-07 21:05:27 +01:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 6m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | DNNueAb5UZ.exerenamed because original name is a hash value |
| Original Sample Name: | 63e3936903bc65ce779ef8b852fbd0e0f92167b2d571c09dd92bc8b2f8fb16a4.exe |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@3/25@4/4 |
| EGA Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.60.203.209
- Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com, c.pki.goog
- Execution Graph export aborted for target DNNueAb5UZ.exe, PID 7784 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
| Time | Type | Description |
|---|---|---|
| 15:08:21 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 132.226.8.169 | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | PureLog Stealer, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger | Browse |
| ||
| 104.21.112.1 | Get hash | malicious | FormBook | Browse |
| |
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | Lokibot | Browse |
| ||
| Get hash | malicious | DCRat, PureLog Stealer, zgRAT | Browse |
| ||
| Get hash | malicious | FormBook, GuLoader | Browse |
| ||
| Get hash | malicious | DarkCloud | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| reallyfreegeoip.org | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| checkip.dyndns.com | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| UTMEMUS | Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
| Get hash | malicious | Growtopia | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | LummaC Stealer | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| Get hash | malicious | MSIL Logger, MassLogger RAT | Browse |
| ||
| Get hash | malicious | Snake Keylogger, VIP Keylogger | Browse |
| ||
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| |
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | GhostRat, Mimikatz, Nitol | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsh96BF.tmp\System.dll | Get hash | malicious | GuLoader, Snake Keylogger | Browse | ||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | Remcos, GuLoader | Browse | |||
| Get hash | malicious | GuLoader, Snake Keylogger | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | Unknown | Browse |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 47 |
| Entropy (8bit): | 4.628848957968553 |
| Encrypted: | false |
| SSDEEP: | 3:YOm45GXQLQIfLBJXmgxv:5TGXQkIP2I |
| MD5: | B895D576D6637A778B387B2FCA0F56EC |
| SHA1: | E78D2BE4D94673D612C16D29C330BB0C78778429 |
| SHA-256: | BFEC1E97ED5D34825521D60B98986D1564CD159B4D1F9569EAE4C3464D2F5C47 |
| SHA-512: | B4A771D1B517A2776BA440F79F168306C244DF1A6DE1966313157154D8D52BEAD8131B95F846C2F55C15382E04284FFFC6CF6ABF3F6FCFCB259DF2EA58D769E5 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 74 |
| Entropy (8bit): | 3.9637832956585757 |
| Encrypted: | false |
| SSDEEP: | 3:sRQE1wFEt/ijNJyI3dj2+n:aQEGiwh3D |
| MD5: | 16D513397F3C1F8334E8F3E4FC49828F |
| SHA1: | 4EE15AFCA81CA6A13AF4E38240099B730D6931F0 |
| SHA-256: | D3C781A1855C8A70F5ACA88D9E2C92AFFFA80541334731F62CAA9494AA8A0C36 |
| SHA-512: | 4A350B790FDD2FE957E9AB48D5969B217AB19FC7F93F3774F1121A5F140FF9A9EAAA8FA30E06A9EF40AD776E698C2E65A05323C3ADF84271DA1716E75F5183C3 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11264 |
| Entropy (8bit): | 5.770824470205811 |
| Encrypted: | false |
| SSDEEP: | 192:PPtkumJX7zB22kGwfy0mtVgkCPOs81un:E702k5qpds8Qn |
| MD5: | B8992E497D57001DDF100F9C397FCEF5 |
| SHA1: | E26DDF101A2EC5027975D2909306457C6F61CFBD |
| SHA-256: | 98BCD1DD88642F4DD36A300C76EBB1DDFBBBC5BFC7E3B6D7435DC6D6E030C13B |
| SHA-512: | 8823B1904DCCFAF031068102CB1DEF7958A057F49FF369F0E061F1B4DB2090021AA620BB8442A2A6AC9355BB74EE54371DC2599C20DC723755A46EDE81533A3C |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 4.256564762130954 |
| Encrypted: | false |
| SSDEEP: | 3:DyWgLQIfLBJXmgU:mkIP25 |
| MD5: | F15BFDEBB2DF02D02C8491BDE1B4E9BD |
| SHA1: | 93BD46F57C3316C27CAD2605DDF81D6C0BDE9301 |
| SHA-256: | C87F2FF45BB530577FB8856DF1760EDAF1060AE4EE2934B17FDD21B7D116F043 |
| SHA-512: | 1757ED4AE4D47D0C839511C18BE5D75796224D4A3049E2D8853650ACE2C5057C42040DE6450BF90DD4969862E9EBB420CD8A34F8DD9C970779ED2E5459E8F2F1 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 52 |
| Entropy (8bit): | 4.0914493934217315 |
| Encrypted: | false |
| SSDEEP: | 3:sBa99k1NoCFOn:KankVg |
| MD5: | 5D04A35D3950677049C7A0CF17E37125 |
| SHA1: | CAFDD49A953864F83D387774B39B2657A253470F |
| SHA-256: | A9493973DD293917F3EBB932AB255F8CAC40121707548DE100D5969956BB1266 |
| SHA-512: | C7B1AFD95299C0712BDBC67F9D2714926D6EC9F71909AF615AFFC400D8D2216AB76F6AC35057088836435DE36E919507E1B25BE87B07C911083F964EB67E003B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 56 |
| Entropy (8bit): | 4.206435556800405 |
| Encrypted: | false |
| SSDEEP: | 3:sAAEVvjsEUu584n:fL7 |
| MD5: | 2FA3DF58C18CB4583373FA62BBA1A08B |
| SHA1: | 227058DAF77045256FB805ADBF094694A9D3A3C6 |
| SHA-256: | 72F998DA4040DCD638D0915CD02FA061138E7643CEA8B455EEB3F47C31F08C27 |
| SHA-512: | EE7C3377F567E90C4C51958D468005F08E0EE792907F125CD5DA0EDF801DEDA5D6D0522CD122410EB58394B0760C52ED3D067120066A5CC8C4D05876F2AC4B2C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 60 |
| Entropy (8bit): | 4.454248670673993 |
| Encrypted: | false |
| SSDEEP: | 3:sEMBQEJkJVEjN3U4FVdWxQoXUn:+LWxvUn |
| MD5: | 81F1A2A166A0F9EF2EDF60696A7058CE |
| SHA1: | DE9DC3311A1D6DDEA771E4273AADD80FB24D6A12 |
| SHA-256: | C11645EFD0C7BB411FDDCC2FD191465BFCA0D092A797A4E9A10844CF9DC350FD |
| SHA-512: | 606B948E99F80E98F954581D0A59624431B9647CFD04C68DE7B6B077804CC2DBD6D53A6D59FA1A63A700C7DBD71614ABC5B1B992A1249FF6DDB2F05473D7D93D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 38 |
| Entropy (8bit): | 4.115834092163221 |
| Encrypted: | false |
| SSDEEP: | 3:OBamvOnOKXDJ+B:uamXoVQ |
| MD5: | 57236E5883AC72789FE46439440C54AF |
| SHA1: | EE1BD5CF0B8C44213BC88C09E241EBA31A79DC7B |
| SHA-256: | 23568A0963E32E55958D6E7D442DEE234EB8AE8F2BCACD57B30FA6944253E791 |
| SHA-512: | F43DF2AC8A135B97C6A0A228F30298BBB7CA4328EEABAE655C3065C979C470C5124EC6EE10F5E681B44B7D627F407A05B49754FCEBDBB3542D56BFC77C97115B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 187748 |
| Entropy (8bit): | 1.2534161616514632 |
| Encrypted: | false |
| SSDEEP: | 3072:viD/FWcjS9V0XNgDhAq5q+ZhpMNY/rveNIvJWs99SBNGyCzrkGhrI:viD/FWcjS9V0XNgDhAq5q+ZhpMNY/rvi |
| MD5: | 664F0CBD44998A34FE4B192AF58382C2 |
| SHA1: | 2EDB2244FD7C1D740DC8E5AA1EA559BB22BDA69D |
| SHA-256: | 845B140AC14A7A324D4741347CE98213992C5B1604783765199D52D7FD4B7336 |
| SHA-512: | 389AEDDF6C015BCA238453013D6860CC160ABBE46D8BBB9CD0580EB33CB7B7EB78E3CADB42429076E45D0D0836D7C7F629C680CE7DAB3ACD0332142D56BEC0BC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 214120 |
| Entropy (8bit): | 1.2579565170685552 |
| Encrypted: | false |
| SSDEEP: | 768:q5nvyKGXCnISP0EVK0SaU31cnnQGGPHYv19dX9b6UU1DURU+3bmbKTLVaHF4RhuS:aqKXnFy1OAiXJipY |
| MD5: | 96B2F505D112A6F57388F3094D161250 |
| SHA1: | E8BEEF63CFAB5DBBF8FE5D3433CCB0E1BD0C30CB |
| SHA-256: | 89737BBD79CBE18E3A0CA679A61F40A4F8426FF5A20A8D5FA16E9F468D024ADF |
| SHA-512: | 34B0C0306589E7D5C813FC97ED51A9F96B19E86CDF5EA0582AD918F5A3AC5980161F16DA7893285BE4D38DDE34CE3386D0A242E3AD1983B198C11D911895EDC3 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 435668 |
| Entropy (8bit): | 1.253832121572574 |
| Encrypted: | false |
| SSDEEP: | 3072:NKIEw9ZoxgquiPFmuHbpNx7eMjiqYAvKHJD0LMC12XdglxUiUKREgR8CzgO75Q01:hMrhB |
| MD5: | 37F81FE171AF7FFB40CA626AAF49C62D |
| SHA1: | 19C8F00E9697E02C1EA6318E5A76D1AE12EE99D1 |
| SHA-256: | 295E99D5CFF9FD679416772E4BE849B28FD9D26878A0FB6BCD938ED569389661 |
| SHA-512: | 1E157EFF96AFE784319820EEF8A4BAD0A311974B54EA9968FE20D06BFD39572DCF3C6CA147D08B842647A491118C4B8DD6CF1BD565FC5BFAA4BF47665058C895 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 142 |
| Entropy (8bit): | 4.480171964505095 |
| Encrypted: | false |
| SSDEEP: | 3:rCA2rL0AIZAXCRxR62tyvLxMHLbFRMgdov+jE3uqrygitHjDxlvyy:W7L0LoUx0992brMgA3TrzidjDXT |
| MD5: | 89BD48202FA5C0E5862F7217C2E8BC7E |
| SHA1: | D3DFD6451B0EAB34FBE4CD2BAE5CD5734DB92BC4 |
| SHA-256: | 91A28F8430ECED63B1963DDF512DCD5F495215F2E9C8B5D3ED30F1FF592A399F |
| SHA-512: | FE5210EAC9736655F0746127A9D2697A97162C0F70E2E66A29AE5ACAFF9E7AE188BA0E0F60A7D7BE32656419AC3B54A433F5C3F9FCEA78CB9DA87DC8B1CD9FE8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 479 |
| Entropy (8bit): | 4.343563883081814 |
| Encrypted: | false |
| SSDEEP: | 12:0kuwpmq0bmPFIITWKCgTNK8R6woSCsGYaA9vGvLFDaH3:0BwpmDm/T8ZkvGdAhKLFWX |
| MD5: | B37F8F4DD6D203E91BF9B52164B0E930 |
| SHA1: | F498B348D3EF9D9F28439959D734A275F3718A2C |
| SHA-256: | 19D128854E9A737A66F1D78C4D7EACCD5CC6ADE765C4E626580828711BD34277 |
| SHA-512: | 51D77666407859F68F00B2C9F3DA8E886E8ABB8471D17C419E097C2FAAE93F8DE0CCB4B0CC28BE56B1A5C019C5FAF5D412E7D26BD544804A69AEB8660F1EDDAB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 781 |
| Entropy (8bit): | 4.440913869058056 |
| Encrypted: | false |
| SSDEEP: | 24:eMXVxcuu06yM2/vl9fq2y988SAk2B8yhV:eMlru03Dnl9fLypSAkhyhV |
| MD5: | EA579519E716D838A6AB18E046341A08 |
| SHA1: | 815A032D93679FAB52C35FADB9F08C0B51A75724 |
| SHA-256: | 7811FB74BB8885BDFF228CE12DD351D79853786B20648122375A59204200AC38 |
| SHA-512: | C020DF01710B43ADE68AAAD5D2DD0D057007FCEC78303E475AF25A212DE2CD269691611C42BCF393507C13034F66DAFFA8FC0FCDA990FE2042FB3DB095EA1D8B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 275 |
| Entropy (8bit): | 4.645241049855579 |
| Encrypted: | false |
| SSDEEP: | 6:0Bpt0IkBXzKRMblggulSY2+e5LZA1RWAuQhElBS4Fq:0BT0IkhzBelSRVgU384Lq |
| MD5: | 7D769C4365CA475B13B0D7D3FF060839 |
| SHA1: | 39A0854376445A023CEC7E0987142E1670CE8CF9 |
| SHA-256: | 4E3BB0A39D1C62DF3536CC0E9731F45E7577E922E01A0A3EEC3CF9B75CE024E2 |
| SHA-512: | 830B199CCA6058A4A17E3EE34C3875837509BE243D8FCF7CAAED2C1599F87FFF7BB42303966A5D7FDFDBD329B6658DC5F61A52A8E2D64FD2A3D8B85AAD1EF12C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 339 |
| Entropy (8bit): | 4.386002311199939 |
| Encrypted: | false |
| SSDEEP: | 6:eTMJWn6uG/xCKALCME9jvn4XxtGRlcXgQMzAjDJAWrF4SMgvNXlKjXnLfWqEKYTK:MIM6uG/Q7LcjvXcQJSAWrF/wL+BhK |
| MD5: | 27B2BA9A77B5AC1124E34924F8BCF439 |
| SHA1: | 61BB651112CACEB90B3F8D55B4FB70A8BF290C5D |
| SHA-256: | 89EED45CE89233A0DB0CE806E06F9F0D871BDFF0B2452174BC9424D492F3400B |
| SHA-512: | 0A18590A9ED34CED58624B2F84EB7DE8E17BBE6BA17DD79E63A267898526DB91D7666E17C3ACA48AF23F190A6B182BEEA9ACDB22D0DAE9D4B7CC4E76DFFB8FBC |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11613 |
| Entropy (8bit): | 7.938426026696142 |
| Encrypted: | false |
| SSDEEP: | 192:Lbo5WFAOldq2TTsnS6z6DPy7yR0JrN1HzaVP8A2W3oFbutJFBa1OYswbWeRp7Mhy:3oI2Ofq20R67eBH+VPaW3uu1qhswyeRv |
| MD5: | A26FDA60840D7433C2B9F03FF5B6313F |
| SHA1: | 59E8062AACF7B5EE2BFA5B93E9DA575B71E93B6C |
| SHA-256: | CF4CB340522CBF86D73BC79CBC19E16ABD4957194F5951D1F8745A307A7EE125 |
| SHA-512: | C609BF930ABB7B5B48E4AA1F53AA2D8AF52B985E9808993C17978E7C943E7854ADF245ACF6A57A90A0CDE487706355AA7619AB1C9A71382C9497D2CEEE273CC4 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6698 |
| Entropy (8bit): | 7.913586766253015 |
| Encrypted: | false |
| SSDEEP: | 96:RhDE/bw4VVlkoldIEd3q30RogKpZD1429e7hMbEUoH1Im5nw4xZt2pjpfG8Jk:LDCw4VsaSEda3JgKT87h4spnw4/t4rJk |
| MD5: | 171FB9CF38673F2775687EEABD5C17F9 |
| SHA1: | 91E101B39EA447C2AE37895D9928BD76A658D83B |
| SHA-256: | 6F5866884FEEC2E4E5849FFB69C597DF8A49334714F62793469C7617240FEF78 |
| SHA-512: | B253BD7961991ABFCF2B44516F0124EA0A5A2E20985B68F97D80509C6D879DBBCBC26749C1E641AC85B566A66D3CF46FB3B86ED34920B20BF20D21F8FB24B63A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 565 |
| Entropy (8bit): | 4.507713117297587 |
| Encrypted: | false |
| SSDEEP: | 12:78zhwZSb69J6TdesZIhFSzCondQEvM76qjzJ9tD:78zhoS8+ZIhFSzCJGSjBD |
| MD5: | 8751DD1639F8457EFB017CCD2FDE0F25 |
| SHA1: | 21784460C75DAC9412FCA4E971EC9FEDBA1BB8BC |
| SHA-256: | 254BB3E52AA738F17CBEF508E541FBBE928576F4FBBFCEE39ACC6C3025351991 |
| SHA-512: | 1B3F6823586BDA4AAEF8795D5AAEBC787EAA9AB4F2D9D9110B30CD71D95BF22CE7B4782647707A0C32855D24BB1C84F89F61DA527281DAD3DEB161851E20E531 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35074 |
| Entropy (8bit): | 7.929273166684339 |
| Encrypted: | false |
| SSDEEP: | 768:/1qAL9ONp6yNZmL45EqsbSeIcggTHYRFvmgj14:/wW9DyLmc5xsmsg7R9ma4 |
| MD5: | E02B537614B9A3B20897B2CE88362B2F |
| SHA1: | 9E0BBCF243960400626DF59CE2F00A99D28464E5 |
| SHA-256: | 5833AF3396DEF24CE4EBF4CABC1E4B7C47564835167F977C25FF8CBDCC568306 |
| SHA-512: | 7014B6B8AB45E09735151E40FBD701D7CD7164E79AF7FD0FDB1497BD8AEDC092FEAB4CC443362EDD8E3F82993DF87E1E9ADB3A576A267BDCDE4C94E941A20140 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40564 |
| Entropy (8bit): | 7.970435935833064 |
| Encrypted: | false |
| SSDEEP: | 768:EmF+WkDks/1TAMAlDmXMNHgnMSYb9dQfW44X7+znLdp0ja7xweTnuJ:EY+ksRAlDm0gMSYb/B44MnLdKja7eQn0 |
| MD5: | 5D97A896225E838266ED45E035111307 |
| SHA1: | 4C2B4255AB66255CB6FDBD1CC668D59A04FB0716 |
| SHA-256: | 6122CD9B5F6B422F502C1AE9621096E1CBDD1CC8519F9846D61B0EB050D9A360 |
| SHA-512: | 03802AD07BAA11F72843F6E8D9CBE477AAE608CF5FB6B6F3B2475A9CAF681FA6039F6520BAF3509FC2B45069550DDAA2901DFA5CDF28D2CF164621E105A14714 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 373 |
| Entropy (8bit): | 4.6689888819839975 |
| Encrypted: | false |
| SSDEEP: | 6:u8RULdljrMCRX/BFkQy3J8E2+HF7xWZFukJt44tjoWCioZXHfLLznE6ARYBJe:uA8ACKQvn+l9WTn/joYoZXHjLLESBJe |
| MD5: | EA57DEBB5ED0FCC284A13708B57DF4B5 |
| SHA1: | 829BB4B4625C889FB7BE1129DBB44C5CA9C3463A |
| SHA-256: | CA4E5E4D2E8EE9E3A7C19358469280289474E701CF23180372F95A975E8E7B5B |
| SHA-512: | DCDA231F390809E486B24399573713746A90A02006BF829BE59F66A58A421212F82768DDBDF3BBC89497B1C32318E8D090175BF041681C12D64D5F3423F97CDE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 122260 |
| Entropy (8bit): | 4.5929632616009295 |
| Encrypted: | false |
| SSDEEP: | 1536:igdlOYfKj8uRBsUJZpAdSrNrisp4iSH7gSV9z+qEBmpnl2Sb:igdlO88sk3OS0sp4jdLJiSb |
| MD5: | AFD6807D6FF6C3B7424033AEEE262CBE |
| SHA1: | 7C2B46FD1BBDA17D89178870E691CDB72686780D |
| SHA-256: | 5B68869CCAFA00D4FC7D3EC1EA542F0445076D42966A407445629EF4ABC43C36 |
| SHA-512: | 2C17FE693761B5B030784E69D9BB48708AD252D7E37CFF50358C7D3F85450BCF6992DBEC1693FA245EB4583BEF6F8415652DE2C556886F22A119CF040AA4988A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 451245 |
| Entropy (8bit): | 7.156159388668953 |
| Encrypted: | false |
| SSDEEP: | 6144:D+mImWJVJ4BnUO7ki4SAihLGnGMWoh0CYDKPrxtqCbWn0ys69HjbvoMAec:LrKlc4aLGHh52Kx9bab/oMAl |
| MD5: | 4DE177D01CBC7FF1886FFFAD13543F85 |
| SHA1: | 1DA143C0FFCF24C9D0B70102FB928EC68ED78EF4 |
| SHA-256: | C6E87CFF1C6ED34C7256A989A328F2329A47D8106FA2125F8945C771160114E0 |
| SHA-512: | 1DEDD29CD3A3DA52D400E8B61AA4BBB1407889AD0CA4C1ADDC2707659D68E91B5020E00C02D9F01C4A3C224D68B8CB3052038207EFA90A537354CA140932492C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 874 |
| Entropy (8bit): | 3.2436212412372507 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0VRsX2luXJEIJcw8P12nt1J1FV0f77sYN17Uv4t2YZ/elFlSJm:8AwCzS2/rsfJalqy |
| MD5: | 254256B5FA48766A14BD1DDE31608E40 |
| SHA1: | B59C08EC3AC339B7CE580E1872B03F4C1479D56F |
| SHA-256: | 482BF02BE04F76D5FC6FAAE4A288334D2B7CC8566AD5557D49EE33170191B222 |
| SHA-512: | 36245B8C52E3DD0C0B2933B2837FACDA50A39D95F9B1B911463A37B4EEB7C44DDF28039F19F40A485A21D6D3569131512F45C632CDD040F2A067A9E8EFDE63E3 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.938526516431953 |
| TrID: |
|
| File name: | DNNueAb5UZ.exe |
| File size: | 700'990 bytes |
| MD5: | 1f3c24498ead0b5bb12be0fb2a21aba8 |
| SHA1: | 5ae261e3568b4f994a087f4b545e555dbcb1ce03 |
| SHA256: | 63e3936903bc65ce779ef8b852fbd0e0f92167b2d571c09dd92bc8b2f8fb16a4 |
| SHA512: | 48a50eccb70cc9e3afc0dee98e0cd26dc3ef8fd2eb08dbeaa2f1481bd625e732c81628f9cb2526beea21216fb4e728c4d7124552dc3a979727b5d0b5c502c8d5 |
| SSDEEP: | 12288:0LBrC5dhAjeHZcdRX+m5nJT5t56rGSMFOfAq/Ijytb0OmL2H8tEB2LyD:0LBrtRXrxtz5FSgpC4ZOmq8KALG |
| TLSH: | 02E42380B2978D26E5C22430E462E1F4DA7BAD521267575F2F813E6F3DB58B2C90B317 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L....z.W.................^......... |
 | |
| Icon Hash: | a5d56872428d9074 |
| Entrypoint: | 0x4030d9 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x57017AA7 [Sun Apr 3 20:18:47 2016 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b78ecf47c0a3e24a6f4af114e2d1f5de |
| Instruction |
|---|
| sub esp, 00000184h |
| push ebx |
| push esi |
| push edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+18h], ebx |
| mov dword ptr [esp+10h], 00409198h |
| mov dword ptr [esp+20h], ebx |
| mov byte ptr [esp+14h], 00000020h |
| call dword ptr [004070A8h] |
| call dword ptr [004070A4h] |
| cmp ax, 00000006h |
| je 00007F795CE1B2A3h |
| push ebx |
| call 00007F795CE1E211h |
| cmp eax, ebx |
| je 00007F795CE1B299h |
| push 00000C00h |
| call eax |
| mov esi, 00407298h |
| push esi |
| call 00007F795CE1E18Dh |
| push esi |
| call dword ptr [004070A0h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], bl |
| jne 00007F795CE1B27Dh |
| push ebp |
| push 00000009h |
| call 00007F795CE1E1E4h |
| push 00000007h |
| call 00007F795CE1E1DDh |
| mov dword ptr [00423704h], eax |
| call dword ptr [00407044h] |
| push ebx |
| call dword ptr [00407288h] |
| mov dword ptr [004237B8h], eax |
| push ebx |
| lea eax, dword ptr [esp+38h] |
| push 00000160h |
| push eax |
| push ebx |
| push 0041ECC8h |
| call dword ptr [00407174h] |
| push 00409188h |
| push 00422F00h |
| call 00007F795CE1DE07h |
| call dword ptr [0040709Ch] |
| mov ebp, 00429000h |
| push eax |
| push ebp |
| call 00007F795CE1DDF5h |
| push ebx |
| call dword ptr [00407154h] |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7428 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x36000 | 0x5110 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x298 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x5c5b | 0x5e00 | 3d4c7426917ca8533fbfc9cd63e19ba3 | False | 0.6603640292553191 | data | 6.411487375491561 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x7000 | 0x1246 | 0x1400 | 43fab6a80651bd97af8f34ecf44cd8ac | False | 0.42734375 | data | 5.005029341587408 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x9000 | 0x1a7f8 | 0x400 | 00798d060e552892531c88ed1710ae2c | False | 0.6376953125 | data | 5.108396988130901 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x24000 | 0x12000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x36000 | 0x5110 | 0x5200 | 4c0432814ed2e0e86b285740ae86eb13 | False | 0.18054496951219512 | data | 2.9066831452356485 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
|---|---|---|---|---|---|---|
| RT_ICON | 0x362c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.10197095435684647 |
| RT_ICON | 0x38870 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.17659474671669795 |
| RT_ICON | 0x39918 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.21598360655737706 |
| RT_ICON | 0x3a2a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.2703900709219858 |
| RT_DIALOG | 0x3a708 | 0x144 | data | English | United States | 0.5216049382716049 |
| RT_DIALOG | 0x3a850 | 0x100 | data | English | United States | 0.5234375 |
| RT_DIALOG | 0x3a950 | 0x11c | data | English | United States | 0.6091549295774648 |
| RT_DIALOG | 0x3aa70 | 0xc4 | data | English | United States | 0.5918367346938775 |
| RT_DIALOG | 0x3ab38 | 0x60 | data | English | United States | 0.7291666666666666 |
| RT_GROUP_ICON | 0x3ab98 | 0x3e | data | English | United States | 0.8064516129032258 |
| RT_VERSION | 0x3abd8 | 0x1f4 | data | English | United States | 0.552 |
| RT_MANIFEST | 0x3add0 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc |
| USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA |
| ADVAPI32.dll | RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Description | Data |
|---|---|
| Comments | becut megalichthys |
| LegalTrademarks | flamboyantizes kiksets rakkeren |
| OriginalFilename | undfangelsen resurceanvendelser.exe |
| Translation | 0x0409 0x04e4 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
|---|---|---|---|---|---|---|---|---|
| 2025-03-07T21:08:11.602139+0100 | 2803270 | ETPRO MALWARE Common Downloader Header Pattern UHCa | 2 | 192.168.2.6 | 49689 | 142.250.185.238 | 443 | TCP |
| 2025-03-07T21:08:20.263553+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49691 | 132.226.8.169 | 80 | TCP |
| 2025-03-07T21:08:23.246411+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49691 | 132.226.8.169 | 80 | TCP |
| 2025-03-07T21:08:25.761232+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49693 | 104.21.112.1 | 443 | TCP |
| 2025-03-07T21:08:26.793256+0100 | 2803274 | ETPRO MALWARE Common Downloader Header Pattern UH | 2 | 192.168.2.6 | 49694 | 132.226.8.169 | 80 | TCP |
| 2025-03-07T21:08:28.880655+0100 | 2803305 | ETPRO MALWARE Common Downloader Header Pattern H | 3 | 192.168.2.6 | 49695 | 104.21.112.1 | 443 | TCP |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 21:08:08.855662107 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:08.855714083 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:08.855825901 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:08.938149929 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:08.938193083 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:10.852045059 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:10.852190018 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:10.852916956 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:10.852983952 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:10.946449041 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:10.946474075 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:10.946875095 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:10.946944952 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:10.951287985 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:10.992330074 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.602195024 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.602277994 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.602298021 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:11.602329969 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:11.738416910 CET | 49689 | 443 | 192.168.2.6 | 142.250.185.238 |
| Mar 7, 2025 21:08:11.738447905 CET | 443 | 49689 | 142.250.185.238 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.966099024 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:11.966140985 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.966212988 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:11.966639042 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:11.966653109 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:13.924930096 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:13.925062895 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:13.928854942 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:13.928890944 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:13.929218054 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:13.929290056 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:13.929641008 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:13.972335100 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.232089043 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.232227087 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.245671034 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.245874882 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.252521038 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.252598047 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.259244919 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.259294033 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.326934099 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.327173948 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.361608982 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.361691952 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.373929977 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.373999119 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.374402046 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.374469995 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.374480009 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.374524117 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.385978937 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.386073112 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.386096954 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.386141062 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.406960964 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.407042980 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.407069921 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.407124996 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.424252033 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.424324036 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.424340010 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.424387932 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.429480076 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.429542065 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.429553032 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.429605961 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.432293892 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.432351112 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.441171885 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.441262007 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.443810940 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.443861961 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.457730055 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.457786083 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.457799911 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.457834959 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.457845926 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.457854986 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.457873106 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.457921982 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.470544100 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.470601082 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.470613956 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.470653057 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.473015070 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.473073006 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.473081112 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.473125935 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.473236084 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.473283052 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.473334074 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.473383904 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.474698067 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.474788904 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.475286007 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.475330114 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.475454092 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.475503922 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.476089001 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.476138115 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.476144075 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.476186991 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.476218939 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.476264954 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.476438046 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.476484060 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.480675936 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.480724096 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.480731010 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.480768919 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.486059904 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.486112118 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.486119032 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.486160040 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.486165047 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.486208916 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.492507935 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.492568970 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.496916056 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.496967077 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.503832102 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.503890038 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.503897905 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.503947020 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.521048069 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.521121025 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.521133900 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.521179914 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.526366949 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.526424885 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.526433945 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.526472092 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.531228065 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.531285048 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.531291962 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.531335115 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.540844917 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.540901899 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.540910006 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.540950060 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.554647923 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.554835081 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.554843903 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.554892063 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.558053017 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.558116913 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.558121920 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.558163881 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.558167934 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.558213949 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.564699888 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.564770937 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.564776897 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.564815044 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.571480036 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.571537018 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.571542978 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.571584940 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.577270031 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.577327013 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.577332020 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.577378988 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.577383995 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.577428102 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.580797911 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.580857992 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.580866098 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.580907106 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.583707094 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.583758116 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.583765984 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.583815098 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.586772919 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.586821079 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.586827993 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.586868048 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.590353012 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.590396881 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.590404987 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.590449095 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.592931032 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.592979908 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.592986107 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.593044996 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.597183943 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.597235918 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.597243071 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.597282887 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.597289085 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.597332001 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.599767923 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.599824905 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.599831104 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.599875927 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.609085083 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.609141111 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.609149933 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.609191895 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.616565943 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.616626978 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.616646051 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.616693020 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.633187056 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.633245945 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.633245945 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.633261919 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.633285999 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.633320093 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.633347034 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.633395910 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.635426998 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.635483027 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.635493040 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.635571003 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.644468069 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.644587994 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.646481991 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.646567106 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.646576881 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.646631002 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.646636963 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.646648884 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.646681070 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.649014950 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.649069071 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.649076939 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.649117947 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.651510954 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.651567936 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.651573896 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.651609898 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.654723883 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.654788017 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.655846119 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.655894995 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.655903101 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.655941963 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.659421921 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.659471035 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.659486055 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.659493923 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.659509897 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.659543991 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.661880016 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.661931038 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.661937952 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.661978006 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.665021896 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.665100098 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.665108919 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.665158987 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.667844057 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.667886972 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.667895079 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.667934895 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.670922995 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.670989990 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.670996904 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.671050072 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.673896074 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.673957109 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.673964024 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.674007893 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.676882029 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.676948071 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.676954985 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.676996946 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.679641008 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.679754972 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.679763079 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.679805040 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.682255030 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.682320118 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.682327986 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.682377100 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.684925079 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.684972048 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.684978962 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.685015917 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.687372923 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.687429905 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.687436104 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.687501907 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.689853907 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.689915895 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.689922094 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.689961910 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.689968109 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.690006971 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.692248106 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.692327976 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.692341089 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.692397118 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.694645882 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.694710016 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.694719076 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.694762945 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.696785927 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.696831942 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.696846008 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.696882010 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.698951006 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.699004889 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.699012041 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.699068069 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.701077938 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.701143980 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.701152086 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.701200008 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.703228951 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.703289032 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.703294992 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.703334093 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.707387924 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.707484961 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.707493067 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.707529068 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.707560062 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.707597971 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.707607985 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.707652092 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.710195065 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.710247993 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.710256100 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.710308075 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.710314989 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.710366011 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.711747885 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.711803913 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.711811066 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.711848974 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.713860035 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.713926077 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.713933945 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.713978052 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.715931892 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.716027021 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.716036081 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.716084003 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.718034029 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.718086958 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.718096018 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.718137026 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.720165014 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.720230103 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.720238924 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.720278978 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.722399950 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.722462893 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.722470999 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.722521067 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.724719048 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.724772930 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.724782944 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.724819899 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.726434946 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.726481915 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.726489067 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.726531982 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.728539944 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.728581905 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.728602886 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.728641987 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.728647947 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.728687048 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.730767965 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.730817080 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.730824947 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.730865955 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.732678890 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.732722044 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.741342068 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.741396904 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.741408110 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.741446972 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.742223978 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.742394924 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.742403030 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.742517948 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.744168043 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.744226933 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.744232893 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.744271994 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.746045113 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.746095896 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.746098042 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.746109009 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.746136904 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.746155977 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.746273041 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:17.746315956 CET | 443 | 49690 | 142.250.181.225 | 192.168.2.6 |
| Mar 7, 2025 21:08:17.746366024 CET | 49690 | 443 | 192.168.2.6 | 142.250.181.225 |
| Mar 7, 2025 21:08:18.666408062 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:18.671533108 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:18.671669006 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:18.671921968 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:18.677047014 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:19.941351891 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:19.948632956 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:19.953779936 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:20.222026110 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:20.263552904 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:20.720752001 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:20.720783949 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:20.720880985 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:20.741151094 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:20.741179943 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.415950060 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.416070938 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:22.425102949 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:22.425131083 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.425549984 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.429120064 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:22.476325035 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.932706118 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.932781935 CET | 443 | 49692 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:22.932881117 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:22.939351082 CET | 49692 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:22.945456982 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:22.950584888 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:23.205585003 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:23.209053040 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:23.209080935 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:23.209315062 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:23.209590912 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:23.209604979 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:23.246411085 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:24.883341074 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:24.888083935 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:24.888129950 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:25.761240005 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:25.761311054 CET | 443 | 49693 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:25.761487007 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:25.761899948 CET | 49693 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:25.765693903 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:25.766973019 CET | 49694 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:25.770970106 CET | 80 | 49691 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:25.771056890 CET | 49691 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:25.772062063 CET | 80 | 49694 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:25.772154093 CET | 49694 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:25.772249937 CET | 49694 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:25.777301073 CET | 80 | 49694 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:26.748162031 CET | 80 | 49694 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:26.761359930 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:26.761403084 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:26.761473894 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:26.761925936 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:26.761940956 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:26.793256044 CET | 49694 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:28.382812023 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:28.384385109 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:28.384407997 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:28.880690098 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:28.880788088 CET | 443 | 49695 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:28.880846024 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:28.881269932 CET | 49695 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:28.885727882 CET | 49696 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:28.890889883 CET | 80 | 49696 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:28.890989065 CET | 49696 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:28.891089916 CET | 49696 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:28.896097898 CET | 80 | 49696 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:29.727588892 CET | 80 | 49696 | 132.226.8.169 | 192.168.2.6 |
| Mar 7, 2025 21:08:29.777846098 CET | 49696 | 80 | 192.168.2.6 | 132.226.8.169 |
| Mar 7, 2025 21:08:31.863414049 CET | 49697 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:31.863516092 CET | 443 | 49697 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:31.863594055 CET | 49697 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:31.863878965 CET | 49697 | 443 | 192.168.2.6 | 104.21.112.1 |
| Mar 7, 2025 21:08:31.863894939 CET | 443 | 49697 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:33.482321024 CET | 443 | 49697 | 104.21.112.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:33.527772903 CET | 49697 | 443 | 192.168.2.6 | 104.21.112.1 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 7, 2025 21:08:08.785628080 CET | 59389 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:08:08.793026924 CET | 53 | 59389 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:11.957927942 CET | 50594 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:08:11.965106010 CET | 53 | 50594 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:18.654356956 CET | 61995 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:08:18.662384987 CET | 53 | 61995 | 1.1.1.1 | 192.168.2.6 |
| Mar 7, 2025 21:08:20.710736990 CET | 55218 | 53 | 192.168.2.6 | 1.1.1.1 |
| Mar 7, 2025 21:08:20.719610929 CET | 53 | 55218 | 1.1.1.1 | 192.168.2.6 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 21:08:08.785628080 CET | 192.168.2.6 | 1.1.1.1 | 0xdc78 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:08:11.957927942 CET | 192.168.2.6 | 1.1.1.1 | 0x6792 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:08:18.654356956 CET | 192.168.2.6 | 1.1.1.1 | 0x4077 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 7, 2025 21:08:20.710736990 CET | 192.168.2.6 | 1.1.1.1 | 0xeb2f | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 7, 2025 21:08:08.793026924 CET | 1.1.1.1 | 192.168.2.6 | 0xdc78 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:11.965106010 CET | 1.1.1.1 | 192.168.2.6 | 0x6792 | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:18.662384987 CET | 1.1.1.1 | 192.168.2.6 | 0x4077 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.112.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.64.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.16.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.48.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.32.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.80.1 | A (IP address) | IN (0x0001) | false | ||
| Mar 7, 2025 21:08:20.719610929 CET | 1.1.1.1 | 192.168.2.6 | 0xeb2f | No error (0) | 104.21.96.1 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49691 | 132.226.8.169 | 80 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:08:18.671921968 CET | 151 | OUT | |
| Mar 7, 2025 21:08:19.941351891 CET | 273 | IN | |
| Mar 7, 2025 21:08:19.948632956 CET | 127 | OUT | |
| Mar 7, 2025 21:08:20.222026110 CET | 273 | IN | |
| Mar 7, 2025 21:08:22.945456982 CET | 127 | OUT | |
| Mar 7, 2025 21:08:23.205585003 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49694 | 132.226.8.169 | 80 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:08:25.772249937 CET | 127 | OUT | |
| Mar 7, 2025 21:08:26.748162031 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.6 | 49696 | 132.226.8.169 | 80 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| Mar 7, 2025 21:08:28.891089916 CET | 151 | OUT | |
| Mar 7, 2025 21:08:29.727588892 CET | 273 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 0 | 192.168.2.6 | 49689 | 142.250.185.238 | 443 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:08:10 UTC | 216 | OUT | |
| 2025-03-07 20:08:11 UTC | 1610 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 1 | 192.168.2.6 | 49690 | 142.250.181.225 | 443 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:08:13 UTC | 258 | OUT | |
| 2025-03-07 20:08:17 UTC | 5025 | IN | |
| 2025-03-07 20:08:17 UTC | 5025 | IN | |
| 2025-03-07 20:08:17 UTC | 4647 | IN | |
| 2025-03-07 20:08:17 UTC | 1323 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN | |
| 2025-03-07 20:08:17 UTC | 1378 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 2 | 192.168.2.6 | 49692 | 104.21.112.1 | 443 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:08:22 UTC | 85 | OUT | |
| 2025-03-07 20:08:22 UTC | 862 | IN | |
| 2025-03-07 20:08:22 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 3 | 192.168.2.6 | 49693 | 104.21.112.1 | 443 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:08:24 UTC | 61 | OUT | |
| 2025-03-07 20:08:25 UTC | 855 | IN | |
| 2025-03-07 20:08:25 UTC | 362 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
|---|---|---|---|---|---|---|
| 4 | 192.168.2.6 | 49695 | 104.21.112.1 | 443 | 7784 | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Timestamp | Bytes transferred | Direction | Data |
|---|---|---|---|
| 2025-03-07 20:08:28 UTC | 61 | OUT | |
| 2025-03-07 20:08:28 UTC | 857 | IN | |
| 2025-03-07 20:08:28 UTC | 362 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Click to jump to process
| Target ID: | 0 |
| Start time: | 15:06:22 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 700'990 bytes |
| MD5 hash: | 1F3C24498EAD0B5BB12BE0FB2A21ABA8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | true |
| Target ID: | 9 |
| Start time: | 15:07:52 |
| Start date: | 07/03/2025 |
| Path: | C:\Users\user\Desktop\DNNueAb5UZ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 700'990 bytes |
| MD5 hash: | 1F3C24498EAD0B5BB12BE0FB2A21ABA8 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Has exited: | false |