Play interactive tourEdit tour
Analysis Report 6006bde674be5pdf.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Sigma detected: Dot net compiler compiles file from suspicious location
Yara detected Ursnif
Compiles code for process injection (via .Net compiler)
Creates a thread in another existing process (thread injection)
Hooks registry keys query functions (used to hide registry keys)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the export address table of user mode modules (user mode EAT hooks)
Modifies the import address table of user mode modules (user mode IAT hooks)
Modifies the prolog of user mode functions (user mode inline hooks)
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Suspicious Csc.exe Source File Folder
Suspicious powershell command line found
Writes or reads registry keys via WMI
Writes registry values via WMI
Antivirus or Machine Learning detection for unpacked file
Compiles C# or VB.Net code
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Searches for the Microsoft Outlook file path
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"server": "12", "whoami": "user@216041hh", "dns": "216041", "version": "251173", "uptime": "190", "crc": "2", "id": "4355", "user": "c2868f8f08f8d2d8cdc8873a4f316e0b", "soft": "3"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 7 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Dot net compiler compiles file from suspicious location | Show sources |
Source: | Author: Joe Security: |
Sigma detected: MSHTA Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag: |
Sigma detected: Suspicious Csc.exe Source File Folder | Show sources |
Source: | Author: Florian Roth: |
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Key opened: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Key opened: |
Source: | Window detected: |
Source: | File opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Suspicious powershell command line found | Show sources |
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Hooks registry keys query functions (used to hide registry keys) | Show sources |
Source: | IAT, EAT, inline or SSDT hook detected: |
Modifies the export address table of user mode modules (user mode EAT hooks) | Show sources |
Source: | IAT of a user mode module has changed: |
Modifies the import address table of user mode modules (user mode IAT hooks) | Show sources |
Source: | EAT of a user mode module has changed: |
Modifies the prolog of user mode functions (user mode inline hooks) | Show sources |
Source: | User mode code has changed: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | File opened / queried: |
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread sleep time: |
Source: | Code function: |
Source: | Process information queried: |
Source: | Process token adjusted: |
Source: | Memory protected: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Compiles code for process injection (via .Net compiler) | Show sources |
Source: | File written: | Jump to dropped file |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Process created: |
Source: | Code function: |
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Key value queried: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection411 | Disable or Modify Tools1 | Credential API Hooking3 | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Command and Scripting Interpreter1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Obfuscated Files or Information1 | Input Capture1 | Account Discovery1 | Remote Desktop Protocol | Email Collection1 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | PowerShell1 | Logon Script (Windows) | Logon Script (Windows) | Software Packing1 | Security Account Manager | File and Directory Discovery2 | SMB/Windows Admin Shares | Credential API Hooking3 | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Rootkit4 | NTDS | System Information Discovery25 | Distributed Component Object Model | Input Capture1 | Scheduled Transfer | Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Masquerading1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Virtualization/Sandbox Evasion3 | Cached Domain Credentials | Security Software Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Process Injection411 | DCSync | Virtualization/Sandbox Evasion3 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Process Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | Application Window Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | System Owner/User Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
resolver1.opendns.com | 208.67.222.222 | true | false | high | |
lopppooole.xyz | 185.186.244.49 | true | false |
| unknown |
1.0.0.127.in-addr.arpa | unknown | unknown | true |
| unknown |
8.8.8.8.in-addr.arpa | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 341463 |
Start date: | 19.01.2021 |
Start time: | 12:13:10 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 6006bde674be5pdf.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@25/62@6/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:15:36 | API Interceptor | |
12:15:48 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.186.244.49 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
resolver1.opendns.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
lopppooole.xyz | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
WEBZILLANL | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7636774599734342 |
Encrypted: | false |
SSDEEP: | 96:rmZJZP2Y9WhtUibfUeKngKM1ekYkzjkqAhernMB:rmZJZP2Y9WhtlfgFMP7QB |
MD5: | 1A71D1B57AA32CC9248CE1AE29CE139F |
SHA1: | 6E17D81F793D60AEAF85D6A44C437FBEBE73570F |
SHA-256: | 80D926CDEC64BFC7A8F5B3FE4828E345343840660EABDC4B648294CC8B97B658 |
SHA-512: | 05DDAD384805688895512AD69B1F4A54B8C99EB142CCF3EA1DA4AE9CFFA60D82E58B13DB59B287DBA44DE6AE918F9EA136D908907705751551A4A513197B442C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 72840 |
Entropy (8bit): | 2.0998012355443687 |
Encrypted: | false |
SSDEEP: | 192:rqZ5Z92y9WVtFf19MHSG7iJR1WcJmeWjMJidpZU:rWv0yU/dsHSNJ2EcAcjZU |
MD5: | 3CEB8DDFCED9FD74020E4B20B191B1D9 |
SHA1: | 322AEB78053BA15C7F526EBCA82EA2BFCBE2AB60 |
SHA-256: | 5C6BD506E698B2E46F60DC57A3AA30E5670741422307C0628DFE65F8028B1E2F |
SHA-512: | CA931FE32385B39EB6E2D2A671145BECC8C10E33D5B0FE95FF1582C701CDC7AF4F860BA6F45A355869F09F29AC950F50A169193524DB0945D508BAFAC629B73B |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29272 |
Entropy (8bit): | 1.7731020792151762 |
Encrypted: | false |
SSDEEP: | 96:r9ZaiZsz2Hc9WGZtFbf8elKMbjNOz1BqheMB:r9ZaiZsz2Hc9WGZtZf81MbwWfB |
MD5: | 0144E57B5A7795F8B187D812CE22DBBA |
SHA1: | 6030EDC0E3E97C8A259DFC6EE54DB7B3D0615CDC |
SHA-256: | 81F5BF622FCB478F4F66B1C24C2F64B051A667FE9CB75C949BFD6D3427118A41 |
SHA-512: | 9C37B4CDECE67DBB2EFD77527D8E2E7A433FB0F413B1E3050391474BF5A809EBC3655D7DE92658212896FD9F75A7E315BE69AE69C5F17118FAD94B5C9806B795 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27396 |
Entropy (8bit): | 1.854391995808093 |
Encrypted: | false |
SSDEEP: | 192:ryZNQ86OkmFjx24kW1MoYmUO9/eVCRUO9/eVK92eA:ruSHvmhg82oLUiRUit2Z |
MD5: | 13E0B8AE23F3CDFF65A6D14A6ABD6C75 |
SHA1: | DA8DE7FA0A59D0772BCACB01BB2BB8A04B1E2222 |
SHA-256: | 4CCA964FD7B1EC8DF43D1EA43669E6C9898513545D1AF56C8721A6FCBE0B1D39 |
SHA-512: | BC88C095B83F97C15E59FBECDB25976F020C1E637C013FA6891A9251A5D290B1E43DB8D1C17659EE3EA4FA11C1DD34C583FDD6B0D1EBE94D63D98C6CD09F274D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27864 |
Entropy (8bit): | 1.8294253324078362 |
Encrypted: | false |
SSDEEP: | 96:r4ZDQr65BSbFjR20kWeMdYSXnOMDRXnOMXjr:r4ZDQr65kbFjR20kWeMdYSXn3RXnbjr |
MD5: | 8A8CCEAFA375BC6F21D25767A9E4D4C4 |
SHA1: | 51E7E71050AFEAA4B971D7FF30A9B62E49E51DA0 |
SHA-256: | 9C0A27FE7D8B7CE6C799DEE0D5735413439A8A4C75DB575AB81E669C7E0149D0 |
SHA-512: | 241F56F21076F33226D467D5AE604AB3F06BCB777C9184AEBACC7E8E0A719A4DCE22CC1BC898CBCCF983BFE7BEF590C677DFD2DB9AE65518F6B1889D01B3B8EB |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27376 |
Entropy (8bit): | 1.8467745456197808 |
Encrypted: | false |
SSDEEP: | 96:rJZuQe64BS/FjJs2DxkW1M8Y6TALNFxTALN796A:rJZuQe64k/Fj+2NkW1M8Y6T2HxT2X6A |
MD5: | F52BBBE833B8E9496818A624A65D9D70 |
SHA1: | DAF0895BDE3908521227524EBDCB3FCCDD686054 |
SHA-256: | 2408DAF5FE6E0B877B352E2B5C981A58D38B875A4D277E437C41FCC27239A537 |
SHA-512: | 266CDD888368EDAA879B9D720424D5C90D179B1DA8CC56FE613E514E26A31DDC2E5D9A748788FA081D1F0B81C6E669B5E9B9E6C7245DE94447E25EEB80462164 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 27368 |
Entropy (8bit): | 1.8442440066613086 |
Encrypted: | false |
SSDEEP: | 192:rpZ6QS6akuFj52kkWiMRYiUD6txUD69fiA:rf39zuhIQTRHJDJpV |
MD5: | 43797433561639CEF2CDFB85E9FFB3FA |
SHA1: | 9FEED7BB1B9F9BA6330EFD63DB0804393F30D6D3 |
SHA-256: | 32BE8CAD7B3825D223FA173421055967F485C013FAC10964E4890B8C99F37574 |
SHA-512: | B20B3D20AB1F2EB7519D89DC374F8A3B12EFFDBBE46446B1915CF8C0048D4550016155B8F15DF49FE7D6A36454853C013E0AC8E07208A86F1146C61CE20FD2DF |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27380 |
Entropy (8bit): | 1.8513877261883762 |
Encrypted: | false |
SSDEEP: | 96:rFZSQq6kBS3FjZX2WkWtMAYWmB4xmB9uA:rFZSQq6kk3FjZX2WkWtMAYWmB4xmB9uA |
MD5: | 92C0669C13028205FE15C54D9B800F58 |
SHA1: | 183CA2090D4278E1C603B5D51FF672276280A286 |
SHA-256: | 1DEB9B372B7C76C54599923609688051A9393CAD3518457133C388B072350BCB |
SHA-512: | 65CE09E222A908F61AEE6F9466C7BE2DC5245D04B9995CAE5534DE1A1383EB9DAE3EF4B7ED4700FD9C2B2F9C4A0F23A80DE6153EBABE04E440A00839E7D3BD45 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.076532973907306 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOED2521nWimI002EtM3MHdNMNxOED2521nWimI00ONVbkEtMb:2d6NxOcSZHKd6NxOcSZ7Qb |
MD5: | D2E3AA302CE896D0D98F8D01202F0046 |
SHA1: | 0DDBFAF1246C404E8ADD0A51332FEB23DC261FCC |
SHA-256: | 8DA14EF587204CEFFD6A5628F527502AAAA3D76D1FA59A217E35914AD61436F2 |
SHA-512: | 783EC08E99CF31B2725F85D9167F8F157143DC683C50DEBCE5E9B91112787514DB87490A4A6179085712BDFCF698FA7FA92E0EA49F66B41986B35A3533EDD29C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.1056054298489935 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kXN1nWimI002EtM3MHdNMNxe2kXN1nWimI00ONkak6EtMb:2d6NxrOSZHKd6NxrOSZ72a7b |
MD5: | 0B437847535009B26ADD0F4FDD5F89D4 |
SHA1: | 989843A9E627400D33D779903A443BB6205F0208 |
SHA-256: | D48F3DBE97824A67C07DBCA0F9337B9EEECF96D701C2CC6D33BE2132D1DF6A1F |
SHA-512: | 397A76C17DE5586949DE598686A5BEF67F019F6BC7B6A1E2660247CB5902430E6BB35CCBDE1027810F1664F8F9C5C01BAC6B2CB2721FACF5E8F267520C581872 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 663 |
Entropy (8bit): | 5.122264096834139 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvL/YTdYT1nWimI002EtM3MHdNMNxvL/YTdYT1nWimI00ONmZEtMb:2d6NxvrY5YxSZHKd6NxvrY5YxSZ7Ub |
MD5: | 3E374275DBC486974F978F9CCC8D2CD1 |
SHA1: | EAA8631FC272C19B1F089D700A6657DCCAA70C0A |
SHA-256: | E19334DF72DABAE6A0A9FCB73960B29A7C64DAFB19A9E58FD38F3B773A9F6C1A |
SHA-512: | 8C7B36A1EEEFF85280E6795758CFB67DA126883D258FED855F10AD7402BCE044FC9BC85808540D2082F83460B4B7909272176ED87BCBE87623BC96312157109D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 648 |
Entropy (8bit): | 5.1153599882448795 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxiemQm1nWimI002EtM3MHdNMNxiemQm1nWimI00ONd5EtMb:2d6NxISZHKd6NxISZ7njb |
MD5: | B14CD9911FA06ADF0CA3D72AA18F05AB |
SHA1: | 998692E0997B124A29A1E6A6CFC6ECB9870418BC |
SHA-256: | ECBD19A8B561866B3C7F57F52FB81C47E887E1BCF66E76F5B03DB9D2FB4872DA |
SHA-512: | FB58FE7C68772675700847406293113646AD77C6A7CE4635C8C726672C2C858BFE75EFB79AAAE2FB3A9E2DC38CD4C92AA5B4D62C0BAEFC6335C8848A6E738AA1 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.132855046970139 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGw/YTdYT1nWimI002EtM3MHdNMNxhGw/YTdYT1nWimI00ON8K075Ety:2d6NxQ+Y5YxSZHKd6NxQ+Y5YxSZ7uKa/ |
MD5: | D611642F1096B473FEFE4D195B0357E5 |
SHA1: | D88CF316A87233B8A879536DCBB3FF3FE119C6A8 |
SHA-256: | 97AD4911F1E187570F3315C4BACDB422A2568F9AD1477F941251C53BADA401D4 |
SHA-512: | 8C86BEFFFD4A307F4A14AE779C09A0EFD7E8970DEB96A18BA08D91854DA024E8A1903B4283CD95BD304288784B3E8C37740189FE20DB2F7F51C1E8F366506141 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.080199545395012 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nD2521nWimI002EtM3MHdNMNx0nD2521nWimI00ONxEtMb:2d6Nx0NSZHKd6Nx0NSZ7Vb |
MD5: | 2B7859DF9BC418025B727A1856737275 |
SHA1: | 437C2DBE41577712B9DB517AA6275894824093B0 |
SHA-256: | D4EC4C5E8066FA1E9BB85198A3EAD7F05380C3EB0F9B2CC9D73FC96FEFE235DF |
SHA-512: | B0612EE066A30C4835F7644529D9E29ECE9435AC6CC2617DC0E23B249FAA0FD964E7D40AEF43C71CEB9236D21BB069F5B2CA88DEC7F23801EC7040AA9B5200B7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 657 |
Entropy (8bit): | 5.116107925564891 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxD2521nWimI002EtM3MHdNMNxxD2521nWimI00ON6Kq5EtMb:2d6Nx3SZHKd6Nx3SZ7ub |
MD5: | 2B347DF193B32CCA6749B79FAD8553DB |
SHA1: | 2A13CF32F4690D7A64794911AA765E8EB70A3D48 |
SHA-256: | 24DD26642CBF92950AFF10A0E30E74552867F0CB5A2CA4BC40248B12594E2568 |
SHA-512: | BF8485D46F5EF2C564E395D4D3E849B096D438AED4190D8DD2B505567893484DA34592EBD7FC6E6C8DB082C87E46C2FBA7D71DEB5B60CC4E9E716ECE3108C998 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 660 |
Entropy (8bit): | 5.114280039132979 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcemQm1nWimI002EtM3MHdNMNxcemQm1nWimI00ONVEtMb:2d6NxySZHKd6NxySZ71b |
MD5: | BDB933F476C12345A3C7E7C3CCCA0479 |
SHA1: | C413DE2FB72F002FCF919E9C89F5FE7DD1223174 |
SHA-256: | FC258D7861F557100B03170A5AD4300F1D8AB32EA5770BB0674011E6751646DE |
SHA-512: | D23275B6A036FBA30180C8AF4B97625BBE7A00DFD6E3259DA20EF7C8F42A4DD99225E28D995ED757A900F24F5089D7B6ECD03911D39D522FD9195D0B2D47B687 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 654 |
Entropy (8bit): | 5.100580867173223 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnemQm1nWimI002EtM3MHdNMNxfnemQm1nWimI00ONe5EtMb:2d6NxbSZHKd6NxbSZ7Ejb |
MD5: | B0477DEE4EF74C6B5EEF323444635CB7 |
SHA1: | CE4D422EFA52CF23F0B3F588D4B918956C616174 |
SHA-256: | E2475B7D111937AF631449FF8F57130A6CA43FC85D15B7DCA9CB28D6A1463DC2 |
SHA-512: | C32030F1857CA7093BDF4516BACDF45E9705C0E5F031F8697861FFC2BB634364F4ED09A3364EC8E7A486521F0428D69074F300ECDD431B930150C193E115FC11 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5652 |
Entropy (8bit): | 4.126812530716871 |
Encrypted: | false |
SSDEEP: | 96:/50aWBKcm5zDlvV2rkG4zuAZMXJFG62q7mQL:/5CBKl5zZ0IG46AaXJFG6v7mO |
MD5: | D9ECF2A1DC3786EA781E11216BD7D985 |
SHA1: | 93C064352086075BB2FEA857115404A684C78CCB |
SHA-256: | 993AA14DCC97C0B30E3B235C2A3E6F23679EC5E9ECEBE63B6EB7E11E73DF59C9 |
SHA-512: | 4C7F02C2001DA627100E96DD174B255003C9DEC98DA6B41135EBD0BB6555471410359AFF535D932BDA41295E8506B456429D6DD93CA862E4748A4AC4E33DA573 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 296364 |
Entropy (8bit): | 5.999872391694674 |
Encrypted: | false |
SSDEEP: | 6144:uzLKILnx7wYI8ST00ZYe5eFhubxvoP49VpZWSVf4w+NZ4ByOh41XC:uXKIjx7VST0ZzubP9RWSVfN6Z4R41S |
MD5: | D0144AC325155F9CBF39316DBFD562B0 |
SHA1: | 73C8D44818D6FAE02DA254C3A79D2B04549C26F4 |
SHA-256: | F71E6755A3CD8E6C09DB2DCA7002A83B04B8EF1C02778177176D730CF07FCA39 |
SHA-512: | AD6DBE9443DE9E3B65EED0F8EF821B59D012ED94ED8FAD6A375F697D65CE741575934B59C9A61DEE3F82B5F3CDDF47ADCD18BDEC40596BA5ACF137A329A3BC05 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2412 |
Entropy (8bit): | 5.977313052218162 |
Encrypted: | false |
SSDEEP: | 48:nGuHkEDqGfKM7d1sdF8TTapUb9lCE7dN01RZPMXaxLoJhsawt0T:GokZGr34F8TmpUxlDdObLoLsasy |
MD5: | 5CB29836874970B2D31D14AE291649B6 |
SHA1: | 73BDE6D548C57AF12A9D0488ACE44A25E1EEAF2E |
SHA-256: | A5370693B1E0C0AEC3F927CF8025BF4D7A4004EC22E2642B7D7732E5B356530F |
SHA-512: | 000D59ABA8E4C0FB4EBAD1CA96ADA33251BDE85A0B5068973FC280F7BEA2D929ED39B074126D599FC27384ED4932A726AE6EDFF5AB43EE9D52351100AE42A9F0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232888 |
Entropy (8bit): | 5.999840874151613 |
Encrypted: | false |
SSDEEP: | 6144:tEjJ1WSV6l16G26B+2vS2xAvloqxdMPfw:UnU16URAvloqx9 |
MD5: | BCBC0974A14F9635BA7B4B709BB8D443 |
SHA1: | 4C6BF31F06D5B3BDFF030D97F719FCD57DB39E17 |
SHA-256: | 52894E1C1DFF0158C8CF899A83A7C1E5FC1CF64CC4CBB647DCBE434DF0F77514 |
SHA-512: | 0F3084B7C936A729292B8C0D87A8CB6C6EB9F7A7E70F010D7CB1A5583A1051ECE7CC93F8A67BA4347C8650BEA56D0AA65739E9DBD3600E1C2CA0FD648DD9FC75 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5430 |
Entropy (8bit): | 4.0126861171462025 |
Encrypted: | false |
SSDEEP: | 96:n0aWBDm5zDlvV2rkG4zuAZMXJFG62q7mQ:nCBy5zZ0IG46AaXJFG6v7m |
MD5: | F74755B4757448D71FDCB4650A701816 |
SHA1: | 0BCBE73D6A198F6E5EBAFA035B734A12809CEFA6 |
SHA-256: | E78286D0F5DFA2C85615D11845D1B29B0BFEC227BC077E74CB1FF98CE8DF4C5A |
SHA-512: | E0FB5F740D67366106E80CBF22F1DA3CF1D236FE11F469B665236EC8F7C08DEA86C21EC8F8E66FC61493D6A8F4785292CE911D38982DBFA7F5F51DADEBCC8725 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 748 |
Entropy (8bit): | 7.249606135668305 |
Encrypted: | false |
SSDEEP: | 12:6v/7/2QeZ7HVJ6o6yiq1p4tSQfAVFcm6R2HkZuU4fB4CsY4NJlrvMezoW2uONroc:GeZ6oLiqkbDuU4fqzTrvMeBBlE |
MD5: | C4F558C4C8B56858F15C09037CD6625A |
SHA1: | EE497CC061D6A7A59BB66DEFEA65F9A8145BA240 |
SHA-256: | 39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781 |
SHA-512: | D60353D3FBEA2992D96795BA30B20727B022B9164B2094B922921D33CA7CE1634713693AC191F8F5708954544F7648F4840BCD5B62CB6A032EF292A8B0E52A44 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12105 |
Entropy (8bit): | 5.451485481468043 |
Encrypted: | false |
SSDEEP: | 192:x20iniOciwd1BtvjrG8tAGGGVWnvyJVUrUiki3ayimi5ezLCvJG1gwm3z:xPini/i+1Btvjy815ZVUwiki3ayimi5f |
MD5: | 9234071287E637F85D721463C488704C |
SHA1: | CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152 |
SHA-256: | 65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649 |
SHA-512: | 87D691987E7A2F69AD8605F35F94241AB7E68AD4F55AD384F1F0D40DC59FFD1432C758123661EE39443D624C881B01DCD228A67AFB8700FE5E66FC794A6C0384 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1612 |
Entropy (8bit): | 4.869554560514657 |
Encrypted: | false |
SSDEEP: | 24:5Y0bQ573pHpACtUZtJD0lFBopZleqw87xTe4D8FaFJ/Doz9AtjJgbCzg:5m73jcJqQep89TEw7Uxkk |
MD5: | DFEABDE84792228093A5A270352395B6 |
SHA1: | E41258C9576721025926326F76063C2305586F76 |
SHA-256: | 77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075 |
SHA-512: | E256F603E67335151BB709294749794E2E3085F4063C623461A0B3DECBCCA8E620807B707EC9BCBE36DCD7D639C55753DA0495BE85B4AE5FB6BFC52AB4B284FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2997 |
Entropy (8bit): | 4.4885437940628465 |
Encrypted: | false |
SSDEEP: | 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8Rra:vIlJ6G7Ao8Ra |
MD5: | 2DC61EB461DA1436F5D22BCE51425660 |
SHA1: | E1B79BCAB0F073868079D807FAEC669596DC46C1 |
SHA-256: | ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993 |
SHA-512: | A88BECB4FBDDC5AFC55E4DC0135AF714A3EEC4A63810AE5A989F2CECB824A686165D3CEDB8CBD8F35C7E5B9F4136C29DEA32736AABB451FE8088B978B493AC6D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4720 |
Entropy (8bit): | 5.164796203267696 |
Encrypted: | false |
SSDEEP: | 96:z9UUiqRxqH211CUIRgRLnRynjZbRXkRPRk6C87Apsat/5/+mhPcF+5g+mOQb7A9o:JsUOG1yNlX6ZzWpHOWLia16Cb7bk |
MD5: | D65EC06F21C379C87040B83CC1ABAC6B |
SHA1: | 208D0A0BB775661758394BE7E4AFB18357E46C8B |
SHA-256: | A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F |
SHA-512: | 8A166D26B49A5D95AEA49BC649E5EA58786A2191F4D2ADAC6F5FBB7523940CE4482D6A2502AA870A931224F215CB2010A8C9B99A2C1820150E4D365CAB28299E |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKaBPnKdi5:qEPerB4nqRL/HvFe9t4CvpBfui5 |
MD5: | C85C42A32E22DE29393FCCCCF3BBA96E |
SHA1: | EAF3755C63061C96400536041D4F4EB8BC66E99E |
SHA-256: | 9022F6D5F92065B07E1C63F551EC66E19B13E067C179C65EF520BA10DA8AE42C |
SHA-512: | 7708F8C2F4A6B362E35CED939F87B1232F19E16F191A67E29A00E6BB3CDCE89299E9A8D7129C3DFBF39C2B0EBAF160A8455D520D5BFB9619E4CDA5CC9BDCF550 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.211690837627141 |
Encrypted: | false |
SSDEEP: | 3:oVXUhJfY7W8JOGXnEhJfYNLun:o9Uh7qEheu |
MD5: | C2215B65DF2E156D186AA9C2BAA3781A |
SHA1: | 6F16C159714F6BF05494DAFD7086D7B20CCF51D0 |
SHA-256: | 5C0DA18D71CC87305D357F26D128521279CC9966C1B5FE9BEAB8FE108C96DC97 |
SHA-512: | 95204725947008E93FA37C66D8D8CE01E9E3EDC33F0FB1D96579E3B9658E42B7C189CD0958876C57CAE63C6DDC0B4D4840E8CDCC2B8A2154CD927F6CBBDCC602 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2188 |
Entropy (8bit): | 2.711299378426164 |
Encrypted: | false |
SSDEEP: | 24:B1rZuH8hKdNnI+ycuZhN0akSAPNnq92p4azW9I:B5ZuuKdV1ul0a3Yq93Q |
MD5: | 9A380021BD2E0983881E3B5080EDEA16 |
SHA1: | F60DA68C482C5C8A0F9B396674797B96A49A18AD |
SHA-256: | ABE654E00C0BA44EECC57B5470450750B77A22BB76C23CC75F0B8E80229757EE |
SHA-512: | 22CD33F6D55838A3FE50F9EE373B54F4607CDACA53468432DDE7564DB303DA38C82A451C815B570C4B57610BCDD4F184005A3597E1A706E4480173A2421627D0 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.100570562609009 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryjmak7Ynqq43PN5Dlq5J:+RI+ycuZhN0akSAPNnqX |
MD5: | E3DCCF61D85BF7BE2FC3C9C7794D6FD4 |
SHA1: | BB526DD9EA0690AFE634F5C280EF835707BCEEC8 |
SHA-256: | DE7564D9845740D5D4C558716EF76D95449EC0F112A93E7F470650B3F6AEA931 |
SHA-512: | 83732227AE4DFC6C3540D05C94C44EDFB64090114D5F4CBEE0E2887D2685E59E49E7CB85CF4201740CB98EA42362D9F8C97C26BDECC48A4112D408EB101E2822 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 407 |
Entropy (8bit): | 5.035115712763213 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJQJD52mMRSR7a1u7XLTYaSRa+rVSSRnA/fTLZfxkeYy:V/DTLDfuSD5957bm9rV5nA/7nkeYy |
MD5: | E6783D4478DED333CF3CDF5890B4797B |
SHA1: | 25794B2DE4EA900DBC1FB77CC87A492F96627027 |
SHA-256: | 679B90A8046177D7F89C8FCE2FA5CF91C548FD819E0E5272651BA2F655594770 |
SHA-512: | C69F10EABD5A149131A7F821058F4BC75F69C87A8BBF9E130BB7B4739A5358837F151416D0354D1AD4C5A7CEEAE5ED1783D562D1AF155C01988CCD19C8B7835A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.220320279685715 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fHvUzxs7+AEszI923fHPx:p37Lvkmb6Kz/MWZE2/Px |
MD5: | B6C9600FE52222E1FFDB19050088443A |
SHA1: | E4C0CBA974EAF98EFD62873D519C453A86A0120A |
SHA-256: | 95C58A998ED7295C0FC55E63695DE9E75AE7BAC7B575B014273D67F504A0D069 |
SHA-512: | FDE1B8E62C7B4DE7AB4DBB5CAF6F5A31F7056CAD2E10F2258D47CC9BCC95E40BBF6FD0C2AF2A9E7583935520179911585AE2C3C4500F6197E860DE7C97D3519A |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.616077939605394 |
Encrypted: | false |
SSDEEP: | 24:etGSeVs8mmDg85JuiwViswHdEAe8G4QstkZf26Rhkh+I+ycuZhN0akSAPNnq:6eVOmb5Jb+iswLhYJ2qK+1ul0a3Yq |
MD5: | 5AA198FBEF9504457C3B886E67DC7BFB |
SHA1: | 0527AC2A5A9F1A05EE7C8C6704D619156C45A5E3 |
SHA-256: | CB3960130320EC35B78D46C9494751A7421B00486A2DBE8E70F2EBC6F2E398E9 |
SHA-512: | 3B456031B648FE841176E7FDA546E8F40F877C3573752E52E109766E4FFA8C444A1D1BAF7473B7E1ADAA45E001885EC71901FB08270DF772BF9680AC58738FEB |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.108934493953577 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryxuqak7YnqqAubPN5Dlq5J:+RI+ycuZhNTTakSA8PNnqX |
MD5: | F1A0663318E700070C4FF3324096E6A1 |
SHA1: | 54ED0C1BC52F248BABDD443932284B53E01D411F |
SHA-256: | 00ABED24A47B06DC3EC96BB9F2172C28C3C604F199512E6CFB527863EA611CA9 |
SHA-512: | 25AC689DB3CCC4975C54230CF2C916692A0F0596BA1E58B03338ADACC902CB604D6210D5220325D0E0DD11DB8843DC170527CAEA0B0F319FF6A87EA125EC385C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 408 |
Entropy (8bit): | 4.973066216461546 |
Encrypted: | false |
SSDEEP: | 12:V/DTLDfuNHd9eg5r31vuEAiCM7nPXQEQy:JjmN9cKrFvuEtQy |
MD5: | B51D375352619766FF9E41EF8E39C000 |
SHA1: | AED407136DB175CB13331C6203781C7A29414F8C |
SHA-256: | DA74E408FA077334B3B0F9602FE873D56965700477997BE9D04C0722AE3546A7 |
SHA-512: | 47FD32E119F256D5633D3ACF734BFD14BE379FA3435247B9562097076C0A0ABEF195E4B0BCFF4A599157045AB1B67A146D569607DED82D39D1497B0BD0794866 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.234131444728021 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923f7DtHUzxs7+AEszI923f7D3:p37Lvkmb6KzHNUWZE2H3 |
MD5: | EE79CA8FE436EA7058F925DD99E5D58D |
SHA1: | 5CB8D38CB0368573B4C377CE45C3E2530E13CE49 |
SHA-256: | 2A98B41FEAFD1495C3EBE41B3949C633D3B5C4AEE9C68BC59BA531AA36A3B056 |
SHA-512: | A4B880471A8CBEEEEBB8DFFA6EF512A51EBA0A83C093EC7420A029CD034BC63584E1C93B0D7565E29CD38C5A01CDFC883E2F7AD79A3C4EF8D32981C12B8D3098 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6144517188258227 |
Encrypted: | false |
SSDEEP: | 24:etGSV/s8mmEer8MTz7e5dab9eWCMsdWeGtkZf7gEhgXI+ycuZhNTTakSA8PNnq:6dOLrMT4kCtWeJJ7gqgX1ulna3rq |
MD5: | F68BF30418406A5FFF1346F816157B58 |
SHA1: | 1576CC98F98E5020CB931F35260B2A5103380AC3 |
SHA-256: | F38627790B5A45C47AC4CB0424DC2CD042FF09F122CB36BDFA16135A06BC8919 |
SHA-512: | AD1CA42B6FDF4027F0A7D9AE75306D47F59ADB5B0CC0375583A80B0F9BE425F539C99023AB8782A418E766588288FF897370F2152AD388F57B6ED226B57C0E99 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | modified |
Size (bytes): | 412 |
Entropy (8bit): | 4.871364761010112 |
Encrypted: | false |
SSDEEP: | 12:zKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:zKaM5DqBVKVrdFAMBJTH |
MD5: | 83B3C9D9190CE2C57B83EEE13A9719DF |
SHA1: | ABFAB07DEA88AF5D3AF75970E119FE44F43FE19E |
SHA-256: | B5D219E5143716023566DD71C0195F41F32C3E7F30F24345E1708C391DEEEFDA |
SHA-512: | 0DE42AC5924B8A8E977C1330E9D7151E9DCBB1892A038C1815321927DA3DB804EC13B129196B6BC84C7BFC9367C1571FCD128CCB0645EAC7418E39A91BC2FEDB |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39633 |
Entropy (8bit): | 0.5708127781437619 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+npLCJjUk+60Uk+6EUk+6F:kBqoxKAuqR+npLCJjUD60UD6EUD6F |
MD5: | 1C7419EAC9A67383DA5EA84CB8D32B15 |
SHA1: | CF2AB5D36E1AC57BF35DA4DFBE492CC6DD74EA8A |
SHA-256: | 844F7155E7D9C4C973D9D1C491698AC05A3BC0E8DE95972C60995CC7F384BDCB |
SHA-512: | 834329EC0E3EBD76439521023C844C064381D5882FDD65395B2A6E86177FA1BDA17F1A696EDB1DFE7C2515A42DF32AB6FE3E367A17A59B3FA7DC99E17125AB8F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13365 |
Entropy (8bit): | 0.6655012274173329 |
Encrypted: | false |
SSDEEP: | 48:kBqoIlNlLlzhNQhUAUixmfKmfKummTxFETxvWmEn:kBqoIPZtS+ |
MD5: | 23B83DEFFA7DAF94E5532F3E031BB7DB |
SHA1: | A9D492251F4F178E0B470C598BE66AC4983D91BA |
SHA-256: | 073187E797761825E0976657E3219154EB14DF38F74098F0EBE6ED555A7D6D2D |
SHA-512: | C43B18CB497A0F9F310DBCEA5CD3E7E131F43E9BE98BD6AD81BCE94E13B9676CDE06EFC5F02F1DCEA283874CDB973365530EE0F7EBD163F4BC3EFC4A100E5612 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.4111538539731499 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loei9loeS9lWeckVTPkVKunn:kBqoIeNeLec6TP6Kunn |
MD5: | 8B7042B768494C606DD6D20853A5C404 |
SHA1: | 511255F01382CEF62B0395C6E737BBE60E2B47F0 |
SHA-256: | 0590CCB8585036E1C0548AACACA8967006623F87573864F311AA82E22AE9FF70 |
SHA-512: | 1E412995DE43636C7C69E5089E432877159556C922A08261C9C502B6059562DB7B11B0470567A6E35BCEEBFA10810E652C1F26815627708C9C6634784C224989 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12933 |
Entropy (8bit): | 0.40260863836865823 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo7i9lo7S9lW7vkmfZmFSfZm6Fn:kBqoI7N7L7/RmFSRm6Fn |
MD5: | 1A602964169D48FD574DE55309150E62 |
SHA1: | C52EE9405B8440FE104D961B34A4E8391C01872D |
SHA-256: | 41140C435C450DDA292D9BD12363A0AF23A6ED346FDBB17C02BA07ECEDC6D2EB |
SHA-512: | C08E031EADAA3146269F205999EA77E7D6FFC4815F4B8904180CAC99066CD3AFFB40E4B11FCA21739568CEFF0C42F607DE2231E117BDA84DFFA686AF70A51585 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39649 |
Entropy (8bit): | 0.5744831606285611 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+tzxQTxTALNHTALNDTALNI:kBqoxKAuqR+tzxQTxT2FT2JT2O |
MD5: | 810FFC7B39326BD4E206170B51F49CA4 |
SHA1: | 809A7554BDF402718A9298C57A15C4B18F0735B9 |
SHA-256: | F4865F02B4A1865C65440F7FAA6078B6E52D877F43B6CADCF5D932ED1CBFEED5 |
SHA-512: | 7C31B40A3B94620EBA5312E4AF0BFCF4486D7847DF963D416E3976C48457DF53DA51F992AA0B959A509DE6BD78431286EA1B73869F00B568B7A72261C065D825 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39657 |
Entropy (8bit): | 0.5776651511261041 |
Encrypted: | false |
SSDEEP: | 48:kBqoxKAuvScS+5M5q5w5R5dI5d67dEZfBK17dEZfBKl7dEZfBKq:kBqoxKAuvScS+2wqDwimBSmBOmBP |
MD5: | A5F6E3FA4DE7B5DE6759457CD5BB3BD9 |
SHA1: | 9167940722E3E9EDE0323820A8B3A3540C6D5C88 |
SHA-256: | A83024D20F4947A581102C5AB5EC35A77C0BB105B5283611D370542B340CFD43 |
SHA-512: | CFCBF89C93962917D2AA9931799E5171BB42128BCAF94586035F9938D55661B9E9030BD4EA449E5EFD461CCA931A91CD17C17FB7C250B65AF4CC35C6B8AEE9C1 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39601 |
Entropy (8bit): | 0.5650077749324669 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+2wqDwGXnOMyXnOMiXnOMr:kBqoxKAuqR+2wqDwGXn2Xn2Xnv |
MD5: | 1FCEB3CD28AFA9613F1AC7CD6034580B |
SHA1: | 00FD8AD6CEFD8FB46B7A600B90D44302899C2F90 |
SHA-256: | BB3DBA3CE471851F43B87BD2E7EDA77EA43F27791CB38C52E2A3B142E337D90D |
SHA-512: | B70FF553E342BA81FB0E086B419C08F834C69410EC55BBB69539983419A018D15B7F4B18142283E9DB104BCC687DD8B7F7A2AE80955883D82E63F17E1609B5F3 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39689 |
Entropy (8bit): | 0.582026937673991 |
Encrypted: | false |
SSDEEP: | 192:kBqoxKAuqR+npLCJvUO9/eVDUO9/eVDUO9/eVo:kBqoxKAuqR+npLCJvUi0UiIUix |
MD5: | BCC8C9120115DC08831ED14706F93155 |
SHA1: | D268F982E7EE2FC87375A37FCBF5D2E71C75A83F |
SHA-256: | 759CB08FF5CB5A4A0FDB6D6F01C65881F22757E0D4E361A777CB9932149D5C37 |
SHA-512: | F9D47C064AEA2B050AAA5EF8426D3AC1EA2189C74EA4D00262BF068D83E580DE6C6969E1C82AB6F4A8A91EE70237E7235F12935CDC2119F4BEEFA5753927366A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1191 |
Entropy (8bit): | 5.301496263397972 |
Encrypted: | false |
SSDEEP: | 24:BxSARDvBBOx2DOXUWOLCHGI4MWrUHjeTKKjX4CIym1ZJXDHOLCHGI4dnxSAZX:BZZv/OoORF4XQqDYB1ZzF4hZZX |
MD5: | 9790167AD6BCDECADDD44359BBD3DBBC |
SHA1: | 3420C328A9D170B2E3577398892D6AE361BA3FF6 |
SHA-256: | AD5AA2CA12EDA876CB7667E03887BC1A0175B4AB6DDF26E5708515B38644ABC7 |
SHA-512: | F332B3777D3F24E255C59ADF252E33CAC0750A2A5D0472D743E386BB042F761A22242232C7B6E98CCFF54B56B15D2A07A1FFEDC733BB2110541FB638EAECE4D1 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.85235682855832 |
TrID: |
|
File name: | 6006bde674be5pdf.dll |
File size: | 149848 |
MD5: | 2df646cf624fc096ebf0b19051ac4e93 |
SHA1: | 3e0769682853d0538845221a2e51df7fb1ba15e7 |
SHA256: | adc95420bda0ec4fcf33c410be8f86f185e95b642c0619a4103c4a64dac52cc6 |
SHA512: | 0d350522505f254a9134adf252bf61b6126e29491c745ab85b3273bff4f770fc6633a43dd36b80761c6ca5cd48f15f6ee676cd9239e5dd02b595a00a52ae3662 |
SSDEEP: | 1536:b+jYg1zXYxy2GnbqPL1MvkxhhGqjoioQ+mh:HgpXX2UyLqvYhAqMIh |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`...........!...2.J........... .......`............................................................................. |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x10002080 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x6006BBAB [Tue Jan 19 10:59:55 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 3 |
OS Version Minor: | 0 |
File Version Major: | 3 |
File Version Minor: | 0 |
Subsystem Version Major: | 3 |
Subsystem Version Minor: | 0 |
Import Hash: | 18b3e82c742f954d3c246fed10a1bb59 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=FRVFMPRLNIMAMSUIMT |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 74037A7D4D0D086E331903D222416173 |
Thumbprint SHA-1: | 0387CE856978CFA3E161FC03751820F003B478F3 |
Thumbprint SHA-256: | EAFE1C9E2CD2D33CEB4D7FAF3AE5B5434C75869B93896F8163076CD03B3B9A11 |
Serial: | 98A04EA05E8A949A4D880D0136794DF3 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 78h |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov dword ptr [ebp-04h], 000004BCh |
mov ecx, dword ptr [ebp+08h] |
mov dword ptr [10007B9Ch], ecx |
mov dword ptr [10007B7Ch], ebp |
mov dword ptr [ebp-08h], 00000064h |
lea eax, dword ptr [ebp-08h] |
push eax |
lea ecx, dword ptr [ebp-70h] |
push ecx |
call dword ptr [100074ACh] |
movzx edx, byte ptr [ebp-70h] |
cmp edx, 4Ah |
jne 00007F4FE886411Bh |
movzx eax, byte ptr [ebp-6Eh] |
cmp eax, 68h |
jne 00007F4FE8864112h |
movzx ecx, byte ptr [ebp-6Ch] |
cmp ecx, 44h |
jne 00007F4FE8864109h |
xor eax, eax |
jmp 00007F4FE886616Ch |
mov dword ptr [10007BB4h], 00000000h |
jmp 00007F4FE8864111h |
mov edx, dword ptr [10007BB4h] |
add edx, 01h |
mov dword ptr [10007BB4h], edx |
cmp dword ptr [10007BB4h], 0043CFDAh |
jnc 00007F4FE886411Ah |
push 10007078h |
call dword ptr [00000010h] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x710c | 0x64 | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x23400 | 0x1558 | .text4 |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x27000 | 0x824 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7314 | 0x1a4 | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x442c | 0x4600 | False | 0.0903459821429 | data | 4.49859360091 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x6000 | 0x190 | 0x200 | False | 0.40234375 | data | 3.16789426961 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x7000 | 0xc04 | 0xc00 | False | 0.452799479167 | data | 4.9773381038 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.text4 | 0x8000 | 0x1cd2c | 0x1ce00 | False | 0.389838676948 | data | 4.12524581256 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.text6 | 0x25000 | 0x64 | 0x200 | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.text5 | 0x26000 | 0x64 | 0x200 | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.reloc | 0x27000 | 0x824 | 0xa00 | False | 0.69609375 | data | 5.79486792216 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | GetLastError, LoadLibraryA, GetProcAddress, GetModuleHandleW, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle, TlsSetValue, TlsGetValue, lstrcpyA, lstrcmpA, WaitForSingleObject, VirtualProtect, UnmapViewOfFile, SuspendThread, Sleep, SizeofResource, SetUnhandledExceptionFilter, SetThreadPriority, SetThreadLocale, SetLastError, SetFileTime |
USER32.dll | LoadCursorA, CharUpperA, CharUpperW |
GDI32.dll | GetTextCharacterExtra, RealizePalette, TextOutA, StartPage, StartDocA, SetTextColor, SetMapMode, SetBkMode, SetBkColor, SelectObject, SelectClipRgn, MoveToEx, LineTo, GetTextMetricsW, GetTextFaceA, GetTextExtentPoint32A, GetStockObject, GetRgnBox, GetObjectW, GetDeviceCaps, GdiFlush, EndPage, EndDoc, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgnIndirect, CreatePen, CreateFontA, CreateFontW, CreateDIBSection, CreateDCW, CreateCompatibleDC, CombineRgn, BitBlt |
ADVAPI32.dll | GetUserNameA, RegOpenKeyA |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2021 12:15:23.916760921 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:23.917267084 CET | 49735 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:23.963144064 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:23.963186979 CET | 80 | 49735 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:23.963418007 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:23.966131926 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:23.966177940 CET | 49735 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.012197018 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043452978 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043508053 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043546915 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043587923 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043625116 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043661118 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043668985 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.043699980 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043700933 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.043736935 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043765068 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.043783903 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043826103 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.043832064 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.043881893 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.043961048 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091242075 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091265917 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091284037 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091300011 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091322899 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091341972 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091360092 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091377020 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091393948 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091392994 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091411114 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091428041 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091434002 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091442108 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091445923 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091449022 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091466904 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091475010 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091485977 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091511965 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091521978 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091542959 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091552973 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091562033 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091578960 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091593981 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091595888 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091614008 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.091628075 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091639042 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.091677904 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137644053 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137674093 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137697935 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137716055 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137732029 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137748957 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137763977 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137783051 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137804985 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137820005 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137839079 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137856007 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137864113 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137871981 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137888908 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137890100 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137906075 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137922049 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137937069 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137938976 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137953043 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137962103 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137968063 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.137970924 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.137989044 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138006926 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138015985 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138041973 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138050079 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138066053 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138073921 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138082027 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138097048 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138113022 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138132095 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138134003 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138137102 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138139963 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138144970 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138149023 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138166904 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138183117 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138191938 CET | 49734 | 80 | 192.168.2.5 | 185.186.244.49 |
Jan 19, 2021 12:15:24.138200045 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
Jan 19, 2021 12:15:24.138216019 CET | 80 | 49734 | 185.186.244.49 | 192.168.2.5 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 19, 2021 12:14:16.949157953 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:17.009609938 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:17.265947104 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:17.316654921 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:18.045341969 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:18.104206085 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:18.278394938 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:18.320241928 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:18.326219082 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:18.370870113 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:18.382359982 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:18.443537951 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:18.452728033 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:18.509139061 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:22.344144106 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:22.392647028 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:32.053364992 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:32.114023924 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:38.552215099 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:38.600174904 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:39.496400118 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:39.547189951 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:40.457703114 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:40.508759975 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:41.298398018 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:41.346185923 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:41.511719942 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:41.559380054 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:42.630991936 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:42.687535048 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:43.590053082 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:43.638271093 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:44.502753019 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:44.562197924 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:45.019123077 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:45.090714931 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:45.482395887 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:45.533154964 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:45.976847887 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:46.037437916 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:46.327724934 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:46.376141071 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:46.975521088 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:47.026205063 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:47.963057995 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:48.014035940 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:48.977009058 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:49.038712025 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:50.995033026 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:51.045692921 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:14:54.992321968 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:14:55.042994976 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:00.143220901 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:00.201432943 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:01.219774008 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:01.280926943 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:01.293230057 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:01.349627018 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:01.364358902 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:01.420501947 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:19.892364025 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:19.940613031 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:22.860976934 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:22.918737888 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:23.840601921 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:23.897068977 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:26.185436964 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:26.241856098 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:28.299551964 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:28.356056929 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:50.553179979 CET | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:50.601069927 CET | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:50.916039944 CET | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:50.964030027 CET | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:51.169473886 CET | 56895 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:51.217725039 CET | 53 | 56895 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:51.427617073 CET | 62372 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:51.475570917 CET | 53 | 62372 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:51.744858027 CET | 62373 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:51.793025970 CET | 53 | 62373 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:15:51.793926001 CET | 62374 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:15:51.845191956 CET | 53 | 62374 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:31.106296062 CET | 61515 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:31.187684059 CET | 53 | 61515 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:32.007517099 CET | 56675 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:32.066946983 CET | 53 | 56675 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:33.022666931 CET | 57172 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:33.081686974 CET | 53 | 57172 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:33.791445971 CET | 55267 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:33.847913027 CET | 53 | 55267 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:34.578417063 CET | 50969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:34.634922981 CET | 53 | 50969 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:35.509867907 CET | 64362 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:35.557703972 CET | 53 | 64362 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:36.416465998 CET | 54766 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:36.476074934 CET | 53 | 54766 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:37.539838076 CET | 61446 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:37.598146915 CET | 53 | 61446 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:38.826898098 CET | 57515 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:38.885323048 CET | 53 | 57515 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:16:39.592381954 CET | 58199 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:16:39.653898954 CET | 53 | 58199 | 8.8.8.8 | 192.168.2.5 |
Jan 19, 2021 12:17:01.845989943 CET | 65221 | 53 | 192.168.2.5 | 8.8.8.8 |
Jan 19, 2021 12:17:01.894328117 CET | 53 | 65221 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 19, 2021 12:15:23.840601921 CET | 192.168.2.5 | 8.8.8.8 | 0x6664 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 19, 2021 12:15:26.185436964 CET | 192.168.2.5 | 8.8.8.8 | 0x81b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 19, 2021 12:15:28.299551964 CET | 192.168.2.5 | 8.8.8.8 | 0xf1e4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 19, 2021 12:15:50.553179979 CET | 192.168.2.5 | 8.8.8.8 | 0xa486 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 19, 2021 12:15:51.744858027 CET | 192.168.2.5 | 8.8.8.8 | 0x1 | Standard query (0) | PTR (Pointer record) | IN (0x0001) | |
Jan 19, 2021 12:15:51.793926001 CET | 192.168.2.5 | 8.8.8.8 | 0x2 | Standard query (0) | PTR (Pointer record) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 19, 2021 12:15:23.897068977 CET | 8.8.8.8 | 192.168.2.5 | 0x6664 | No error (0) | 185.186.244.49 | A (IP address) | IN (0x0001) | ||
Jan 19, 2021 12:15:26.241856098 CET | 8.8.8.8 | 192.168.2.5 | 0x81b4 | No error (0) | 185.186.244.49 | A (IP address) | IN (0x0001) | ||
Jan 19, 2021 12:15:28.356056929 CET | 8.8.8.8 | 192.168.2.5 | 0xf1e4 | No error (0) | 185.186.244.49 | A (IP address) | IN (0x0001) | ||
Jan 19, 2021 12:15:50.601069927 CET | 8.8.8.8 | 192.168.2.5 | 0xa486 | No error (0) | 208.67.222.222 | A (IP address) | IN (0x0001) | ||
Jan 19, 2021 12:15:50.964030027 CET | 8.8.8.8 | 192.168.2.5 | 0xc407 | No error (0) | c-msn-com-nsatc.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Jan 19, 2021 12:15:51.793025970 CET | 8.8.8.8 | 192.168.2.5 | 0x1 | No error (0) | PTR (Pointer record) | IN (0x0001) | |||
Jan 19, 2021 12:15:51.845191956 CET | 8.8.8.8 | 192.168.2.5 | 0x2 | Name error (3) | none | none | PTR (Pointer record) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49734 | 185.186.244.49 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 19, 2021 12:15:23.966131926 CET | 5285 | OUT | |
Jan 19, 2021 12:15:24.043452978 CET | 5287 | IN |