Analysis Report http://xf.gdprvalidate.de/
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol3 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection1 | LSASS Memory | Application Window Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com | 54.228.229.1 | true | false | high | |
xf.gdprvalidate.de | unknown | unknown | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | unknown | ||
false |
| unknown | |
false | unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
54.228.229.1 | unknown | United States | 16509 | AMAZON-02US | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356828 |
Start date: | 23.02.2021 |
Start time: | 17:28:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | browseurl.jbs |
Sample URL: | http://xf.gdprvalidate.de/ |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.win@3/17@1/1 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30296 |
Entropy (8bit): | 1.853936200969538 |
Encrypted: | false |
SSDEEP: | 96:rDZMZV2CWu5tubYefu7LYpYXMu9YBYtuPY7YfueYQfu4LYcYnX:rDZMZV2CWetefORM0ixf9MX |
MD5: | 95F04F15AC4474E12FA7778FC4501793 |
SHA1: | 8D68575EA7A4777AC3950D7CDC4C61C3993E59F2 |
SHA-256: | 7E168FA442A68B736EE0B701B88A74620881D00FBFD39D7A9C1387DF5CFA8AFF |
SHA-512: | FBDC970332292160302F21A6C4D4F50EC64FF8488ED0E8CE008B9D39CBBB5ADAB73C3777682F272342DF601F2C80F851331437012E414BFAE8E5D42705FC9D92 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24164 |
Entropy (8bit): | 1.6272677443304575 |
Encrypted: | false |
SSDEEP: | 48:IwyGcpr7GwpaSG4pQ6GrapbSbjGQpBSGHHpc8ETGUp8vGzYpmzIQGopSBDaGmXpm:rGZVQi6sBSJjp2ZWdMd4Cg |
MD5: | 0EF0B2E2ED4701C1E5BAB5BCE5D48D13 |
SHA1: | DD925E038391A9CFF3BF5F0FC3AF7340DAFA24E6 |
SHA-256: | 8690AC8D0B2CED90E207C60A1E4FEA5DA253DBBF09251D6B10038D864589773F |
SHA-512: | 981091AF1B00A133BAA5860501F7E4899BEEC3F71940B412581A2ABCDF728D3A50FDCB9F1FDB9BC73B477F63B363C431313BA2617EC61929650BE0BAC5FBB3C9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16984 |
Entropy (8bit): | 1.5642103506367837 |
Encrypted: | false |
SSDEEP: | 48:IwjGcprCGwpaHG4pQTGrapbS1jGQpKJG7HpRCETGIpG:rZZqQp63BSrAoTjA |
MD5: | CCA6AFA238D9FAA1841973EF99E772A3 |
SHA1: | D3946148318E462103B773F030FEF5B0A1E2A50E |
SHA-256: | 7CCB28FF5A71542DC8BF8F869B487F4E93F5A790D6A1948434E59501410278B2 |
SHA-512: | 529CECAF62C2F972821D82C11C3D11E622D5822F769A8F8D7D077F00EDE3E62355E7053AA06ED9709C38E702DDCD07159D5BA1C470E92C7F33DD8E430136D39F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.088064270829718 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxOEM5c0Bg5c01nWimI002EtM3MHdNMNxOEM5c0Bg5c01nWimI00ObVbkt:2d6NxOJ64g6aSZHKd6NxOJ64g6aSZ76b |
MD5: | 03D34EDC8E124BE976606959417B3085 |
SHA1: | 40DBA36439996DCCFDC8E2D794AAEBE19E8F31E1 |
SHA-256: | 2D1EC5DFC0679FE69BD1EF8B982D29C9DB32BAEBEEDDB9EC7A26789C49A1B991 |
SHA-512: | 5A14CB5060F80416F1ED797884B953FE931802C241698BF03676061681A535E841CF1C384C78168A1E5323527FB1274131F30C856CABE648AB87A6CD76EFBD27 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.061633057513573 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxe2kMUL0BgUL01nWimI002EtM3MHdNMNxe2kMUL0BgYAL01nWimI00Obv:2d6NxrpA4gAaSZHKd6NxrpA4gYALaSZ/ |
MD5: | ACB87B27AF74A15E1104519552494886 |
SHA1: | E65949644EF1B76B0164F261ACC7A4DDC5BF07E7 |
SHA-256: | BB255572C948D1C811EFD8E82FA6A4B6FB1D3A650109DB7785A1A2E041C1F270 |
SHA-512: | 89C4F13838D9D47F03AA90B95360ADD24F09D5E8EBB02752B02CF850BBEDC4E0D2D28E65BB28C7223EB5CAD00A637CB3B7ED6C60477531A463CEA9136B2CF3E4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 662 |
Entropy (8bit): | 5.110552958233267 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxvLM5c0Bg5c01nWimI002EtM3MHdNMNxvLM5c0BgPR01nWimI00ObmZEs:2d6NxvA64g6aSZHKd6NxvA64gPRaSZ7Q |
MD5: | 6BF8F60CC6E38D9021AC4FAC5EB64251 |
SHA1: | 6AD4D05EE40E25A41D1B9F635E50AB258EBC9136 |
SHA-256: | A78CC9C9F5F61A35F3E23E8BC5AE68BABD99F3FA18A15B43D181A40CFD4FEBC6 |
SHA-512: | 183073986748E87285B69DD7A4599F2EC37F83A19F1ED04DB49BCCFC5A4C74BA4922E998103B5FCAE56F81F844962DC2DE083DE31FE43EF2DA21D388D9EBB9F4 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 647 |
Entropy (8bit): | 5.096881229272518 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxiMV0BgV01nWimI002EtM3MHdNMNxiMV0BgV01nWimI00Obd5EtMb:2d6NxXV4gVaSZHKd6NxXV4gVaSZ7Jjb |
MD5: | 3FEF6F6191C8E228639E9160B6034AA5 |
SHA1: | E20A9897CA551966EF12328D77E2BD99BFCBB96F |
SHA-256: | 8C13756021E87A7B014D7CCED6143C277C4E055BE3BE83605DC69A62EBFE6CCB |
SHA-512: | 134F37AA5E6256AB41561BA55100FAE3202B6D10A9FC1736D6DFD72AF4368A89809848A6670A2ECC9F882D02E9AC1E02B12CAA0FB30F371DE8EC4A509D49A4AD |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.099617258577289 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxhGwMPR0BgPR01nWimI002EtM3MHdNMNxhGwMPR0BgPR01nWimI00Ob8V:2d6NxQlPR4gPRaSZHKd6NxQlPR4gPRaT |
MD5: | 79C0B5F304F9EF6E46FD0D47110CCF95 |
SHA1: | AF9E96AE0FB0FDD5E12D69AA67D71F1E215BD8FC |
SHA-256: | 503E1DE3ABC3104AD4D37EC19A7888CFE501423A876F3F7B26E0337B8C40B864 |
SHA-512: | 84B74EE4A7EA9DEBAE85EA5E59FAC8C85A63D234B2157E82F38A36849261B3344498F8B9AB65B0EA244330CC4B302E02F0379D8E96BF8717DFBBB41C24D61A2B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.091206243327631 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNx0nM5c0Bg5c01nWimI002EtM3MHdNMNx0nM5c0Bg5c01nWimI00ObxEty:2d6Nx0M64g6aSZHKd6Nx0M64g6aSZ7nb |
MD5: | 4571D9E295AED462B217F3C835E47085 |
SHA1: | 58E1B4E873AC7A7416367AC0163CD8DBF3EC9A45 |
SHA-256: | D12BE72362F5100BEB92EA62A0326DD605DF6C673147DCCEDCD94F9D4A190388 |
SHA-512: | 75842337538EBBB1D9CC8BF49B837B8C7999A3E7507429341FB81BFC0BC4D02F931D1CCA755B530E610FF18C3F9266AB4ED0030DE04B7F0071FC1B0941004062 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 656 |
Entropy (8bit): | 5.121727232821825 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxxMV0BgV01nWimI002EtM3MHdNMNxxMV0BgV01nWimI00Ob6Kq5EtMb:2d6Nx+V4gVaSZHKd6Nx+V4gVaSZ7ob |
MD5: | 51888543378154816C74CCB1EF29EC56 |
SHA1: | 9F99014FC61DF1686E7EBA64BAEB23260BA2F3B1 |
SHA-256: | 8C2CB822F52F23EDAAB4329DA1B209708395A459E64DCF82218922CD8642D200 |
SHA-512: | BA6CB867E57E562930A0FADA71197B8473A79546504E4683C3772F9363B42B07CFDC73F9414AF951080A16AA1B07858B35E6D5FFC25EC633917FC34BE2FE4861 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 659 |
Entropy (8bit): | 5.073039541076934 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxcM+0Bg+01nWimI002EtM3MHdNMNxcM+0Bg+01nWimI00ObVEtMb:2d6NxB+4g+aSZHKd6NxB+4g+aSZ7Db |
MD5: | 6CA31B41CDBAEC82AC01BC5E7E200EA6 |
SHA1: | A4DA41D0E9112EB4ED9841E8A3AAF0C09C4B2DA2 |
SHA-256: | D3D4637975FB3C1205E271F29EF1D4D673A273C973581532CE006C2FBA74DFB8 |
SHA-512: | E2982C8571720E5AF1C6C6C6480D159020A31F7AE749065EC61B8D4377C98CD6CE895C16780A35FD3376C318374865A92BFE90A18DFE47CA5140B32C3309E72E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 653 |
Entropy (8bit): | 5.070652039463943 |
Encrypted: | false |
SSDEEP: | 12:TMHdNMNxfnM+0Bg+01nWimI002EtM3MHdNMNxfnM+0BgV01nWimI00Obe5EtMb:2d6Nxk+4g+aSZHKd6Nxk+4gVaSZ7ijb |
MD5: | 6EE93B311C7F19DA679E3D0F2F8DFBF5 |
SHA1: | 5B3622ADB123A64DEDB2EB6E180AD303606DEAF9 |
SHA-256: | A8721C2D624A6C3E757852E1E75008C54D7A573FB4FFBA37CDF83F86D0D44099 |
SHA-512: | 21BCD8BFD11477D5C28A9F10D3A2B215F80B2D7257B84225654B2388DFC9C555119E5918DBB4F84E5B13293DCDA879FA867FA440C29D11CA3E1310743D355A61 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 430 |
Entropy (8bit): | 1.4372120273419566 |
Encrypted: | false |
SSDEEP: | 3:mrqVrIi5AQZ4Wcl6lMlGlX/+NzNa/XllvlNl/AXll/llll/e/1ltllD3qt:9AQvcAMlGx/yzE/FJ3qt |
MD5: | E89ED02D2659CC510DFDEED7A773F994 |
SHA1: | 1F869B5CFDE087992C658922E73C0E226EC8A892 |
SHA-256: | 145E37D3FB68E357797EEEFDE35B72A644D8A5240D1A82A8C33226CD5CE60B72 |
SHA-512: | CA37EEF1BE74B4D0CEE0377D8A8941B4D9375276E09BCA0F94F95894DF65367F081ABA1406ACE4A2F305E407136F4CA2FAD9F580DD94E5E725E4A21745A25E15 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 318 |
Entropy (8bit): | 0.5100955730555464 |
Encrypted: | false |
SSDEEP: | 3:8zNa/XllvlNl/AXll/llll/e/:8zE/F |
MD5: | 68D4081095081FA97E81B0A2591BC11B |
SHA1: | 0576D1E1333E12004E5A00E96A53B2FE16D5FECA |
SHA-256: | 11E3549646A127E1B911E906600D8B555534A72D1AC4E7D6A06FE0485CD4E42D |
SHA-512: | 6BFAD92DE78255F65C783CC469BCF64FBD3169D6AB3AB44D79CE81FD4788C8F98915E5FC5197123B6DE314F4C075883F3A23507B228621175BB47A1E073E2B9D |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://xf.gdprvalidate.de/favicon.ico |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13029 |
Entropy (8bit): | 0.4796608847632269 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lopF9lor9lWOkoeurTe4F:kBqoIMSOJe2Tb |
MD5: | 86D6E7FB2913B7C16349C6405C46B83C |
SHA1: | 1BF7F989A850CE871BF50E9B06F68BD26DB7BFF9 |
SHA-256: | 5E6A203690350E09D79B8A556C419B39F0CF1E4AACB9D2CDD04758D8A346B404 |
SHA-512: | 16953EA1C6454C0E87E447CC0E4CA290C9EBBEA33962F7C12E1BFBFEE1F22527208C3288E6D996F1BB984A4CA83F910014E27A498B4544F91A97EA23835901BF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34357 |
Entropy (8bit): | 0.34885891369311195 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwp9lwJ9l2H9l2H9l/zA:kBqoxKAuvScS+Ks2/zIzsBDm |
MD5: | DFD2A29DE155B584337B104D274D5EFE |
SHA1: | 997D305C278DB3264AA425D3C85F9A3D2B3915F2 |
SHA-256: | 8CFEB01D3C5A4C2F65ED7F25A5F37A1A9A66EF50393F3AB2C8CF68486D218C04 |
SHA-512: | 0A430CBA423A9F3ED428F5303B3FA9A506B775AB00157A5F7D96DC85E1296C1C35137CCF66A75BA76D6D9D6872AA77CCAEC92A921BF42CFDC2FFF09B1FEAD04A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 25441 |
Entropy (8bit): | 0.3012707816360274 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laARh:kBqoxxJhHWSVSEab |
MD5: | 71D20A7F8F8BBE03A6D9CD8ABFDE3295 |
SHA1: | 0724423829B1B76A1E93E921387ABEEAC1AE3184 |
SHA-256: | A3175FABE8D94F0A6F1129080F055B254DB30325562E5A279C506C04B2578CE1 |
SHA-512: | C9E1258D245AFB9C8250182AEC9BA3662966FD9C25CE6CF2FD58161DBA289C668736A849C0DA88D0B83F756BE8387EFE0C49C0D4C8DDA034E03BA4CE3E8D1071 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
No static file info |
---|
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 17:29:00.815969944 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:00.816854954 CET | 49704 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:00.879151106 CET | 80 | 49703 | 54.228.229.1 | 192.168.2.3 |
Feb 23, 2021 17:29:00.879239082 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:00.879800081 CET | 80 | 49704 | 54.228.229.1 | 192.168.2.3 |
Feb 23, 2021 17:29:00.879885912 CET | 49704 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:00.880124092 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:00.946935892 CET | 80 | 49703 | 54.228.229.1 | 192.168.2.3 |
Feb 23, 2021 17:29:00.947949886 CET | 80 | 49703 | 54.228.229.1 | 192.168.2.3 |
Feb 23, 2021 17:29:00.948038101 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:01.152014971 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
Feb 23, 2021 17:29:01.220123053 CET | 80 | 49703 | 54.228.229.1 | 192.168.2.3 |
Feb 23, 2021 17:29:01.220243931 CET | 49703 | 80 | 192.168.2.3 | 54.228.229.1 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 17:28:53.284315109 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:28:53.345910072 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:28:59.373236895 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:28:59.433490992 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:00.745847940 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:00.806098938 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:11.049742937 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:11.100686073 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:12.086932898 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:12.147991896 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:18.264786005 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:18.313517094 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:19.218425989 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:19.269901037 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:20.280328989 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:20.328974009 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:22.473661900 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:22.525882959 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:24.640371084 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:24.698862076 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:25.809796095 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:25.861172915 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:27.049117088 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:27.108880997 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:29.375875950 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:29.424745083 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:30.364536047 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:30.385035992 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:30.413180113 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:30.447622061 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:30.989578962 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:31.043862104 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:31.368581057 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:31.383613110 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:31.425750017 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:31.440797091 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:31.591546059 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:31.643131018 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:32.368006945 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:32.425437927 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:33.399226904 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:33.461559057 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:34.043478012 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:34.093580961 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:34.522460938 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:34.575052977 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:35.385934114 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:35.434685946 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:37.181510925 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:37.230051994 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:37.415240049 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:37.466852903 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:38.524638891 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:38.535578966 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:38.581976891 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:38.585910082 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:39.714648962 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:39.763519049 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:46.156208992 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:46.216053009 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:46.322170019 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:46.380882025 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Feb 23, 2021 17:29:46.934137106 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 23, 2021 17:29:46.985575914 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 17:29:00.745847940 CET | 192.168.2.3 | 8.8.8.8 | 0x9a17 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 17:29:00.806098938 CET | 8.8.8.8 | 192.168.2.3 | 0x9a17 | No error (0) | xf-gdprvalidate-de-368230675.eu-west-1.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Feb 23, 2021 17:29:00.806098938 CET | 8.8.8.8 | 192.168.2.3 | 0x9a17 | No error (0) | 54.228.229.1 | A (IP address) | IN (0x0001) | ||
Feb 23, 2021 17:29:00.806098938 CET | 8.8.8.8 | 192.168.2.3 | 0x9a17 | No error (0) | 176.34.109.196 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49703 | 54.228.229.1 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 17:29:00.880124092 CET | 919 | OUT | |
Feb 23, 2021 17:29:00.947949886 CET | 919 | IN | |
Feb 23, 2021 17:29:01.152014971 CET | 920 | OUT | |
Feb 23, 2021 17:29:01.220123053 CET | 920 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 17:28:58 |
Start date: | 23/02/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724f40000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
General |
---|
Start time: | 17:28:59 |
Start date: | 23/02/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xc0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | low |
Disassembly |
---|