Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report http://xf.gdprvalidate.de/

Overview

General Information

Sample URL:http://xf.gdprvalidate.de/
Analysis ID:356828
Infos:

Most interesting Screenshot:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

No high impact signatures.

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 1956 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 1836 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Compliance:

barindex
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Encoding: gzipContent-Type: text/html; charset=UTF-8Date: Tue, 23 Feb 2021 16:29:00 GMTServer: Apache/2.2.34 (Amazon)Vary: Accept-EncodingContent-Length: 20Connection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 Data Ascii:
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKAccept-Ranges: bytesContent-Encoding: gzipContent-Type: image/vnd.microsoft.iconDate: Tue, 23 Feb 2021 16:29:01 GMTETag: "22f38-13e-5ac96e54073a8"Last-Modified: Tue, 11 Aug 2020 09:42:54 GMTServer: Apache/2.2.34 (Amazon)Vary: Accept-EncodingContent-Length: 62Connection: keep-aliveData Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 01 20 c9 c2 a0 c1 c8 c0 20 c6 c0 c0 a0 01 c4 02 40 ac 00 c4 20 71 10 68 60 40 00 01 28 fd ff ff 7f 86 91 0c 00 74 21 5b c8 3e 01 00 00 Data Ascii: c``B @ qh`@(t![>
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: xf.gdprvalidate.deConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: xf.gdprvalidate.deConnection: Keep-Alive
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.2.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: unknownDNS traffic detected: queries for: xf.gdprvalidate.de
Source: msapplication.xml.2.drString found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.2.drString found in binary or memory: http://www.google.com/
Source: msapplication.xml2.2.drString found in binary or memory: http://www.live.com/
Source: msapplication.xml3.2.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.2.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.2.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.2.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.2.drString found in binary or memory: http://www.youtube.com/
Source: ~DF543357D77BC484B8.TMP.2.drString found in binary or memory: http://xf.gdprvalidate.de/
Source: {AAA56A25-763F-11EB-90E4-ECF4BB862DED}.dat.2.drString found in binary or memory: http://xf.gdprvalidate.de/Root
Source: imagestore.dat.3.drString found in binary or memory: http://xf.gdprvalidate.de/favicon.ico
Source: classification engineClassification label: clean0.win@3/17@1/1
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF4A77A388F0ADC98B.TMPJump to behavior
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dllJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading1OS Credential DumpingFile and Directory Discovery1Remote ServicesData from Local SystemExfiltration Over Other Network MediumNon-Application Layer Protocol3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothApplication Layer Protocol3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationIngress Tool Transfer2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://xf.gdprvalidate.de/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://www.wikipedia.com/0%URL Reputationsafe
http://xf.gdprvalidate.de/Root0%Avira URL Cloudsafe
http://xf.gdprvalidate.de/favicon.ico0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com
54.228.229.1
truefalse
    		high
    xf.gdprvalidate.de
    		unknown
    		unknownfalse
      		unknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://xf.gdprvalidate.de/false
        		unknown
        http://xf.gdprvalidate.de/favicon.icofalse
        • Avira URL Cloud: safe
        		unknown
        http://xf.gdprvalidate.de/false
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://www.wikipedia.com/msapplication.xml6.2.drfalse
          • URL Reputation: safe
          • URL Reputation: safe
          • URL Reputation: safe
          		unknown
          http://www.amazon.com/msapplication.xml.2.drfalse
            		high
            http://www.nytimes.com/msapplication.xml3.2.drfalse
              		high
              http://xf.gdprvalidate.de/Root{AAA56A25-763F-11EB-90E4-ECF4BB862DED}.dat.2.drfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.live.com/msapplication.xml2.2.drfalse
                		high
                http://www.reddit.com/msapplication.xml4.2.drfalse
                  		high
                  http://www.twitter.com/msapplication.xml5.2.drfalse
                    		high
                    http://www.youtube.com/msapplication.xml7.2.drfalse
                      		high

                      Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public

                      IPDomainCountryFlagASNASN NameMalicious
                      54.228.229.1
                      		unknownUnited States
                      		16509AMAZON-02USfalse

                      General Information

                      Joe Sandbox Version:31.0.0 Emerald
                      Analysis ID:356828
                      Start date:23.02.2021
                      Start time:17:28:06
                      Joe Sandbox Product:CloudBasic
                      Overall analysis duration:0h 3m 10s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:browseurl.jbs
                      Sample URL:http://xf.gdprvalidate.de/
                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Detection:CLEAN
                      Classification:clean0.win@3/17@1/1
                      Cookbook Comments:
                      • Adjust boot time
                      • Enable AMSI
                      Warnings:
                      Show All
                      • Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 23.211.6.115, 88.221.62.148, 104.43.193.48, 104.42.151.234, 104.43.139.144, 184.30.24.56, 152.199.19.161, 51.104.139.180, 93.184.221.240, 8.253.95.120, 67.26.81.254, 8.253.207.120, 8.253.95.121, 8.248.149.254
                      • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, wu.azureedge.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, fs.microsoft.com, ie9comview.vo.msecnd.net, wu.ec.azureedge.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, skypedataprdcolcus15.cloudapp.net, store-images.s-microsoft.com, go.microsoft.com.edgekey.net, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, cs9.wpc.v0cdn.net
                      • VT rate limit hit for: http://xf.gdprvalidate.de/

                      Simulations

                      Behavior and APIs

                      No simulations

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASN

                      No context

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AAA56A23-763F-11EB-90E4-ECF4BB862DED}.dat
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:Microsoft Word Document
                      Category:dropped
                      Size (bytes):30296
                      Entropy (8bit):1.853936200969538
                      Encrypted:false
                      SSDEEP:96:rDZMZV2CWu5tubYefu7LYpYXMu9YBYtuPY7YfueYQfu4LYcYnX:rDZMZV2CWetefORM0ixf9MX
                      MD5:95F04F15AC4474E12FA7778FC4501793
                      SHA1:8D68575EA7A4777AC3950D7CDC4C61C3993E59F2
                      SHA-256:7E168FA442A68B736EE0B701B88A74620881D00FBFD39D7A9C1387DF5CFA8AFF
                      SHA-512:FBDC970332292160302F21A6C4D4F50EC64FF8488ED0E8CE008B9D39CBBB5ADAB73C3777682F272342DF601F2C80F851331437012E414BFAE8E5D42705FC9D92
                      Malicious:false
                      Reputation:low
                      Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AAA56A25-763F-11EB-90E4-ECF4BB862DED}.dat
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:Microsoft Word Document
                      Category:dropped
                      Size (bytes):24164
                      Entropy (8bit):1.6272677443304575
                      Encrypted:false
                      SSDEEP:48:IwyGcpr7GwpaSG4pQ6GrapbSbjGQpBSGHHpc8ETGUp8vGzYpmzIQGopSBDaGmXpm:rGZVQi6sBSJjp2ZWdMd4Cg
                      MD5:0EF0B2E2ED4701C1E5BAB5BCE5D48D13
                      SHA1:DD925E038391A9CFF3BF5F0FC3AF7340DAFA24E6
                      SHA-256:8690AC8D0B2CED90E207C60A1E4FEA5DA253DBBF09251D6B10038D864589773F
                      SHA-512:981091AF1B00A133BAA5860501F7E4899BEEC3F71940B412581A2ABCDF728D3A50FDCB9F1FDB9BC73B477F63B363C431313BA2617EC61929650BE0BAC5FBB3C9
                      Malicious:false
                      Reputation:low
                      Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AAA56A26-763F-11EB-90E4-ECF4BB862DED}.dat
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:Microsoft Word Document
                      Category:dropped
                      Size (bytes):16984
                      Entropy (8bit):1.5642103506367837
                      Encrypted:false
                      SSDEEP:48:IwjGcprCGwpaHG4pQTGrapbS1jGQpKJG7HpRCETGIpG:rZZqQp63BSrAoTjA
                      MD5:CCA6AFA238D9FAA1841973EF99E772A3
                      SHA1:D3946148318E462103B773F030FEF5B0A1E2A50E
                      SHA-256:7CCB28FF5A71542DC8BF8F869B487F4E93F5A790D6A1948434E59501410278B2
                      SHA-512:529CECAF62C2F972821D82C11C3D11E622D5822F769A8F8D7D077F00EDE3E62355E7053AA06ED9709C38E702DDCD07159D5BA1C470E92C7F33DD8E430136D39F
                      Malicious:false
                      Reputation:low
                      Preview: ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):656
                      Entropy (8bit):5.088064270829718
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxOEM5c0Bg5c01nWimI002EtM3MHdNMNxOEM5c0Bg5c01nWimI00ObVbkt:2d6NxOJ64g6aSZHKd6NxOJ64g6aSZ76b
                      MD5:03D34EDC8E124BE976606959417B3085
                      SHA1:40DBA36439996DCCFDC8E2D794AAEBE19E8F31E1
                      SHA-256:2D1EC5DFC0679FE69BD1EF8B982D29C9DB32BAEBEEDDB9EC7A26789C49A1B991
                      SHA-512:5A14CB5060F80416F1ED797884B953FE931802C241698BF03676061681A535E841CF1C384C78168A1E5323527FB1274131F30C856CABE648AB87A6CD76EFBD27
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):653
                      Entropy (8bit):5.061633057513573
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxe2kMUL0BgUL01nWimI002EtM3MHdNMNxe2kMUL0BgYAL01nWimI00Obv:2d6NxrpA4gAaSZHKd6NxrpA4gYALaSZ/
                      MD5:ACB87B27AF74A15E1104519552494886
                      SHA1:E65949644EF1B76B0164F261ACC7A4DDC5BF07E7
                      SHA-256:BB255572C948D1C811EFD8E82FA6A4B6FB1D3A650109DB7785A1A2E041C1F270
                      SHA-512:89C4F13838D9D47F03AA90B95360ADD24F09D5E8EBB02752B02CF850BBEDC4E0D2D28E65BB28C7223EB5CAD00A637CB3B7ED6C60477531A463CEA9136B2CF3E4
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x8010700a,0x01d70a4c</date><accdate>0x8010700a,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x8010700a,0x01d70a4c</date><accdate>0x8012d26e,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):662
                      Entropy (8bit):5.110552958233267
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxvLM5c0Bg5c01nWimI002EtM3MHdNMNxvLM5c0BgPR01nWimI00ObmZEs:2d6NxvA64g6aSZHKd6NxvA64gPRaSZ7Q
                      MD5:6BF8F60CC6E38D9021AC4FAC5EB64251
                      SHA1:6AD4D05EE40E25A41D1B9F635E50AB258EBC9136
                      SHA-256:A78CC9C9F5F61A35F3E23E8BC5AE68BABD99F3FA18A15B43D181A40CFD4FEBC6
                      SHA-512:183073986748E87285B69DD7A4599F2EC37F83A19F1ED04DB49BCCFC5A4C74BA4922E998103B5FCAE56F81F844962DC2DE083DE31FE43EF2DA21D388D9EBB9F4
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):647
                      Entropy (8bit):5.096881229272518
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxiMV0BgV01nWimI002EtM3MHdNMNxiMV0BgV01nWimI00Obd5EtMb:2d6NxXV4gVaSZHKd6NxXV4gVaSZ7Jjb
                      MD5:3FEF6F6191C8E228639E9160B6034AA5
                      SHA1:E20A9897CA551966EF12328D77E2BD99BFCBB96F
                      SHA-256:8C13756021E87A7B014D7CCED6143C277C4E055BE3BE83605DC69A62EBFE6CCB
                      SHA-512:134F37AA5E6256AB41561BA55100FAE3202B6D10A9FC1736D6DFD72AF4368A89809848A6670A2ECC9F882D02E9AC1E02B12CAA0FB30F371DE8EC4A509D49A4AD
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x801796fc,0x01d70a4c</date><accdate>0x801796fc,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x801796fc,0x01d70a4c</date><accdate>0x801796fc,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):656
                      Entropy (8bit):5.099617258577289
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxhGwMPR0BgPR01nWimI002EtM3MHdNMNxhGwMPR0BgPR01nWimI00Ob8V:2d6NxQlPR4gPRaSZHKd6NxQlPR4gPRaT
                      MD5:79C0B5F304F9EF6E46FD0D47110CCF95
                      SHA1:AF9E96AE0FB0FDD5E12D69AA67D71F1E215BD8FC
                      SHA-256:503E1DE3ABC3104AD4D37EC19A7888CFE501423A876F3F7B26E0337B8C40B864
                      SHA-512:84B74EE4A7EA9DEBAE85EA5E59FAC8C85A63D234B2157E82F38A36849261B3344498F8B9AB65B0EA244330CC4B302E02F0379D8E96BF8717DFBBB41C24D61A2B
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x801c5be2,0x01d70a4c</date><accdate>0x801c5be2,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):653
                      Entropy (8bit):5.091206243327631
                      Encrypted:false
                      SSDEEP:12:TMHdNMNx0nM5c0Bg5c01nWimI002EtM3MHdNMNx0nM5c0Bg5c01nWimI00ObxEty:2d6Nx0M64g6aSZHKd6Nx0M64g6aSZ7nb
                      MD5:4571D9E295AED462B217F3C835E47085
                      SHA1:58E1B4E873AC7A7416367AC0163CD8DBF3EC9A45
                      SHA-256:D12BE72362F5100BEB92EA62A0326DD605DF6C673147DCCEDCD94F9D4A190388
                      SHA-512:75842337538EBBB1D9CC8BF49B837B8C7999A3E7507429341FB81BFC0BC4D02F931D1CCA755B530E610FF18C3F9266AB4ED0030DE04B7F0071FC1B0941004062
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x8019f957,0x01d70a4c</date><accdate>0x8019f957,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):656
                      Entropy (8bit):5.121727232821825
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxxMV0BgV01nWimI002EtM3MHdNMNxxMV0BgV01nWimI00Ob6Kq5EtMb:2d6Nx+V4gVaSZHKd6Nx+V4gVaSZ7ob
                      MD5:51888543378154816C74CCB1EF29EC56
                      SHA1:9F99014FC61DF1686E7EBA64BAEB23260BA2F3B1
                      SHA-256:8C2CB822F52F23EDAAB4329DA1B209708395A459E64DCF82218922CD8642D200
                      SHA-512:BA6CB867E57E562930A0FADA71197B8473A79546504E4683C3772F9363B42B07CFDC73F9414AF951080A16AA1B07858B35E6D5FFC25EC633917FC34BE2FE4861
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x801796fc,0x01d70a4c</date><accdate>0x801796fc,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x801796fc,0x01d70a4c</date><accdate>0x801796fc,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):659
                      Entropy (8bit):5.073039541076934
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxcM+0Bg+01nWimI002EtM3MHdNMNxcM+0Bg+01nWimI00ObVEtMb:2d6NxB+4g+aSZHKd6NxB+4g+aSZ7Db
                      MD5:6CA31B41CDBAEC82AC01BC5E7E200EA6
                      SHA1:A4DA41D0E9112EB4ED9841E8A3AAF0C09C4B2DA2
                      SHA-256:D3D4637975FB3C1205E271F29EF1D4D673A273C973581532CE006C2FBA74DFB8
                      SHA-512:E2982C8571720E5AF1C6C6C6480D159020A31F7AE749065EC61B8D4377C98CD6CE895C16780A35FD3376C318374865A92BFE90A18DFE47CA5140B32C3309E72E
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                      Category:dropped
                      Size (bytes):653
                      Entropy (8bit):5.070652039463943
                      Encrypted:false
                      SSDEEP:12:TMHdNMNxfnM+0Bg+01nWimI002EtM3MHdNMNxfnM+0BgV01nWimI00Obe5EtMb:2d6Nxk+4g+aSZHKd6Nxk+4gVaSZ7ijb
                      MD5:6EE93B311C7F19DA679E3D0F2F8DFBF5
                      SHA1:5B3622ADB123A64DEDB2EB6E180AD303606DEAF9
                      SHA-256:A8721C2D624A6C3E757852E1E75008C54D7A573FB4FFBA37CDF83F86D0D44099
                      SHA-512:21BCD8BFD11477D5C28A9F10D3A2B215F80B2D7257B84225654B2388DFC9C555119E5918DBB4F84E5B13293DCDA879FA867FA440C29D11CA3E1310743D355A61
                      Malicious:false
                      Reputation:low
                      Preview: <?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801534ae,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x801534ae,0x01d70a4c</date><accdate>0x801796fc,0x01d70a4c</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
                      C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      File Type:data
                      Category:modified
                      Size (bytes):430
                      Entropy (8bit):1.4372120273419566
                      Encrypted:false
                      SSDEEP:3:mrqVrIi5AQZ4Wcl6lMlGlX/+NzNa/XllvlNl/AXll/llll/e/1ltllD3qt:9AQvcAMlGx/yzE/FJ3qt
                      MD5:E89ED02D2659CC510DFDEED7A773F994
                      SHA1:1F869B5CFDE087992C658922E73C0E226EC8A892
                      SHA-256:145E37D3FB68E357797EEEFDE35B72A644D8A5240D1A82A8C33226CD5CE60B72
                      SHA-512:CA37EEF1BE74B4D0CEE0377D8A8941B4D9375276E09BCA0F94F95894DF65367F081ABA1406ACE4A2F305E407136F4CA2FAD9F580DD94E5E725E4A21745A25E15
                      Malicious:false
                      Reputation:low
                      Preview: %.h.t.t.p.:././.x.f...g.d.p.r.v.a.l.i.d.a.t.e...d.e./.f.a.v.i.c.o.n...i.c.o.>.................(.......(....... ................................................................................................................................................................................................................................................................................................................5`.....5`....
                      C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\favicon[1].ico
                      Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      File Type:MS Windows icon resource - 1 icon, 16x16, 16 colors, 4 bits/pixel
                      Category:downloaded
                      Size (bytes):318
                      Entropy (8bit):0.5100955730555464
                      Encrypted:false
                      SSDEEP:3:8zNa/XllvlNl/AXll/llll/e/:8zE/F
                      MD5:68D4081095081FA97E81B0A2591BC11B
                      SHA1:0576D1E1333E12004E5A00E96A53B2FE16D5FECA
                      SHA-256:11E3549646A127E1B911E906600D8B555534A72D1AC4E7D6A06FE0485CD4E42D
                      SHA-512:6BFAD92DE78255F65C783CC469BCF64FBD3169D6AB3AB44D79CE81FD4788C8F98915E5FC5197123B6DE314F4C075883F3A23507B228621175BB47A1E073E2B9D
                      Malicious:false
                      Reputation:low
                      IE Cache URL:http://xf.gdprvalidate.de/favicon.ico
                      Preview: ..............(.......(....... ...............................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Temp\~DF4A77A388F0ADC98B.TMP
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):13029
                      Entropy (8bit):0.4796608847632269
                      Encrypted:false
                      SSDEEP:24:c9lLh9lLh9lIn9lIn9lopF9lor9lWOkoeurTe4F:kBqoIMSOJe2Tb
                      MD5:86D6E7FB2913B7C16349C6405C46B83C
                      SHA1:1BF7F989A850CE871BF50E9B06F68BD26DB7BFF9
                      SHA-256:5E6A203690350E09D79B8A556C419B39F0CF1E4AACB9D2CDD04758D8A346B404
                      SHA-512:16953EA1C6454C0E87E447CC0E4CA290C9EBBEA33962F7C12E1BFBFEE1F22527208C3288E6D996F1BB984A4CA83F910014E27A498B4544F91A97EA23835901BF
                      Malicious:false
                      Reputation:low
                      Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Temp\~DF543357D77BC484B8.TMP
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):34357
                      Entropy (8bit):0.34885891369311195
                      Encrypted:false
                      SSDEEP:24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwp9lwJ9l2H9l2H9l/zA:kBqoxKAuvScS+Ks2/zIzsBDm
                      MD5:DFD2A29DE155B584337B104D274D5EFE
                      SHA1:997D305C278DB3264AA425D3C85F9A3D2B3915F2
                      SHA-256:8CFEB01D3C5A4C2F65ED7F25A5F37A1A9A66EF50393F3AB2C8CF68486D218C04
                      SHA-512:0A430CBA423A9F3ED428F5303B3FA9A506B775AB00157A5F7D96DC85E1296C1C35137CCF66A75BA76D6D9D6872AA77CCAEC92A921BF42CFDC2FFF09B1FEAD04A
                      Malicious:false
                      Reputation:low
                      Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                      C:\Users\user\AppData\Local\Temp\~DFA1599CFF8E45F811.TMP
                      Process:C:\Program Files\internet explorer\iexplore.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):25441
                      Entropy (8bit):0.3012707816360274
                      Encrypted:false
                      SSDEEP:24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laARh:kBqoxxJhHWSVSEab
                      MD5:71D20A7F8F8BBE03A6D9CD8ABFDE3295
                      SHA1:0724423829B1B76A1E93E921387ABEEAC1AE3184
                      SHA-256:A3175FABE8D94F0A6F1129080F055B254DB30325562E5A279C506C04B2578CE1
                      SHA-512:C9E1258D245AFB9C8250182AEC9BA3662966FD9C25CE6CF2FD58161DBA289C668736A849C0DA88D0B83F756BE8387EFE0C49C0D4C8DDA034E03BA4CE3E8D1071
                      Malicious:false
                      Reputation:low
                      Preview: .............................*%..H..M..{y..+.0...(................... ...............................................*%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      Static File Info

                      No static file info

                      Network Behavior

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Feb 23, 2021 17:29:00.815969944 CET4970380192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:00.816854954 CET4970480192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:00.879151106 CET804970354.228.229.1192.168.2.3
                      Feb 23, 2021 17:29:00.879239082 CET4970380192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:00.879800081 CET804970454.228.229.1192.168.2.3
                      Feb 23, 2021 17:29:00.879885912 CET4970480192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:00.880124092 CET4970380192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:00.946935892 CET804970354.228.229.1192.168.2.3
                      Feb 23, 2021 17:29:00.947949886 CET804970354.228.229.1192.168.2.3
                      Feb 23, 2021 17:29:00.948038101 CET4970380192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:01.152014971 CET4970380192.168.2.354.228.229.1
                      Feb 23, 2021 17:29:01.220123053 CET804970354.228.229.1192.168.2.3
                      Feb 23, 2021 17:29:01.220243931 CET4970380192.168.2.354.228.229.1

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Feb 23, 2021 17:28:53.284315109 CET5062053192.168.2.38.8.8.8
                      Feb 23, 2021 17:28:53.345910072 CET53506208.8.8.8192.168.2.3
                      Feb 23, 2021 17:28:59.373236895 CET6493853192.168.2.38.8.8.8
                      Feb 23, 2021 17:28:59.433490992 CET53649388.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:00.745847940 CET6015253192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:00.806098938 CET53601528.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:11.049742937 CET5754453192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:11.100686073 CET53575448.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:12.086932898 CET5598453192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:12.147991896 CET53559848.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:18.264786005 CET6418553192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:18.313517094 CET53641858.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:19.218425989 CET6511053192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:19.269901037 CET53651108.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:20.280328989 CET5836153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:20.328974009 CET53583618.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:22.473661900 CET6349253192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:22.525882959 CET53634928.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:24.640371084 CET6083153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:24.698862076 CET53608318.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:25.809796095 CET6010053192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:25.861172915 CET53601008.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:27.049117088 CET5319553192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:27.108880997 CET53531958.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:29.375875950 CET5014153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:29.424745083 CET53501418.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:30.364536047 CET5302353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:30.385035992 CET5014153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:30.413180113 CET53530238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:30.447622061 CET53501418.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:30.989578962 CET4956353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:31.043862104 CET53495638.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:31.368581057 CET5302353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:31.383613110 CET5014153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:31.425750017 CET53530238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:31.440797091 CET53501418.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:31.591546059 CET5135253192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:31.643131018 CET53513528.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:32.368006945 CET5302353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:32.425437927 CET53530238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:33.399226904 CET5014153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:33.461559057 CET53501418.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:34.043478012 CET5934953192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:34.093580961 CET53593498.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:34.522460938 CET5302353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:34.575052977 CET53530238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:35.385934114 CET5708453192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:35.434685946 CET53570848.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:37.181510925 CET5882353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:37.230051994 CET53588238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:37.415240049 CET5014153192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:37.466852903 CET53501418.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:38.524638891 CET5302353192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:38.535578966 CET5756853192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:38.581976891 CET53530238.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:38.585910082 CET53575688.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:39.714648962 CET5054053192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:39.763519049 CET53505408.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:46.156208992 CET5436653192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:46.216053009 CET53543668.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:46.322170019 CET5303453192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:46.380882025 CET53530348.8.8.8192.168.2.3
                      Feb 23, 2021 17:29:46.934137106 CET5776253192.168.2.38.8.8.8
                      Feb 23, 2021 17:29:46.985575914 CET53577628.8.8.8192.168.2.3

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                      Feb 23, 2021 17:29:00.745847940 CET192.168.2.38.8.8.80x9a17Standard query (0)xf.gdprvalidate.deA (IP address)IN (0x0001)

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                      Feb 23, 2021 17:29:00.806098938 CET8.8.8.8192.168.2.30x9a17No error (0)xf.gdprvalidate.dexf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                      Feb 23, 2021 17:29:00.806098938 CET8.8.8.8192.168.2.30x9a17No error (0)xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com54.228.229.1A (IP address)IN (0x0001)
                      Feb 23, 2021 17:29:00.806098938 CET8.8.8.8192.168.2.30x9a17No error (0)xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com176.34.109.196A (IP address)IN (0x0001)

                      HTTP Request Dependency Graph

                      • xf.gdprvalidate.de

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortProcess
                      0192.168.2.34970354.228.229.180C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      TimestampkBytes transferredDirectionData
                      Feb 23, 2021 17:29:00.880124092 CET919OUTGET / HTTP/1.1
                      Accept: text/html, application/xhtml+xml, image/jxr, */*
                      Accept-Language: en-US
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Accept-Encoding: gzip, deflate
                      Host: xf.gdprvalidate.de
                      Connection: Keep-Alive
                      Feb 23, 2021 17:29:00.947949886 CET919INHTTP/1.1 200 OK
                      Content-Encoding: gzip
                      Content-Type: text/html; charset=UTF-8
                      Date: Tue, 23 Feb 2021 16:29:00 GMT
                      Server: Apache/2.2.34 (Amazon)
                      Vary: Accept-Encoding
                      Content-Length: 20
                      Connection: keep-alive
                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00
                      Data Ascii:
                      Feb 23, 2021 17:29:01.152014971 CET920OUTGET /favicon.ico HTTP/1.1
                      Accept: */*
                      Accept-Encoding: gzip, deflate
                      User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                      Host: xf.gdprvalidate.de
                      Connection: Keep-Alive
                      Feb 23, 2021 17:29:01.220123053 CET920INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Encoding: gzip
                      Content-Type: image/vnd.microsoft.icon
                      Date: Tue, 23 Feb 2021 16:29:01 GMT
                      ETag: "22f38-13e-5ac96e54073a8"
                      Last-Modified: Tue, 11 Aug 2020 09:42:54 GMT
                      Server: Apache/2.2.34 (Amazon)
                      Vary: Accept-Encoding
                      Content-Length: 62
                      Connection: keep-alive
                      Data Raw: 1f 8b 08 00 00 00 00 00 00 03 63 60 60 04 42 01 01 01 20 c9 c2 a0 c1 c8 c0 20 c6 c0 c0 a0 01 c4 02 40 ac 00 c4 20 71 10 68 60 40 00 01 28 fd ff ff 7f 86 91 0c 00 74 21 5b c8 3e 01 00 00
                      Data Ascii: c``B @ qh`@(t![>


                      Code Manipulations

                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      Behavior

                      Click to jump to process

                      System Behavior

                      Analysis Process: iexplore.exe PID: 1956 Parent PID: 792

                      General

                      Start time:17:28:58
                      Start date:23/02/2021
                      Path:C:\Program Files\internet explorer\iexplore.exe
                      Wow64 process (32bit):false
                      Commandline:'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
                      Imagebase:0x7ff724f40000
                      File size:823560 bytes
                      MD5 hash:6465CB92B25A7BC1DF8E01D8AC5E7596
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      Chronological Activities

                      Analysis Process: iexplore.exe PID: 1836 Parent PID: 1956

                      General

                      Start time:17:28:59
                      Start date:23/02/2021
                      Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                      Wow64 process (32bit):true
                      Commandline:'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1956 CREDAT:17410 /prefetch:2
                      Imagebase:0xc0000
                      File size:822536 bytes
                      MD5 hash:071277CC2E3DF41EEEA8013E2AB58D5A
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:low

                      Chronological Activities

                      Disassembly

                      Reset < >