Windows Analysis Report 5.dll
Overview
General Information
Detection
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "ovNAU+HRorLZmwnDvbYFDY7UA+FTIAnF2uJSQd0M+N3ep6CVEhoDrEXACstP09QHK7cBl9nMAaFI1as0K4aXOQKngdScIQbDa3MQ98Ce9MYRMvxGUI05fSIRRFzMYffOXQr97vVUUUPjsYgfkDWS2eKPxSe5dz/pF0mjA0T8ibOLzHmVMs4vVv+nwVAw0xpD", "c2_domain": ["outlook.com", "auredosite.club", "vuredosite.club"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 15 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6DDC1A44 | |
Source: | Code function: | 0_2_6DDC1996 | |
Source: | Code function: | 0_2_6DDC23A5 | |
Source: | Code function: | 3_2_02A75A27 | |
Source: | Code function: | 3_2_02A7B1A5 |
Source: | Code function: | 0_2_6DDC2184 | |
Source: | Code function: | 0_2_6DDE17B0 | |
Source: | Code function: | 0_2_6DDF05E5 | |
Source: | Code function: | 0_2_6DDF0DB8 | |
Source: | Code function: | 0_2_6DDFBE61 | |
Source: | Code function: | 0_2_6DDF4E00 | |
Source: | Code function: | 0_2_6DE009C8 | |
Source: | Code function: | 0_2_6DDF88B7 | |
Source: | Code function: | 3_2_02A7888E | |
Source: | Code function: | 3_2_02A73EE1 | |
Source: | Code function: | 3_2_02A7AF80 | |
Source: | Code function: | 3_2_6DDE17B0 | |
Source: | Code function: | 3_2_6DDF05E5 | |
Source: | Code function: | 3_2_6DDF0DB8 | |
Source: | Code function: | 3_2_6DDFBE61 | |
Source: | Code function: | 3_2_6DDF4E00 | |
Source: | Code function: | 3_2_6DE009C8 | |
Source: | Code function: | 3_2_6DDF88B7 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 3_2_02A7A65C |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Virustotal: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | 0_2_6DDC1BAC |
Source: | Code function: | 0_2_6DDC2183 | |
Source: | Code function: | 0_2_6DDC2129 | |
Source: | Code function: | 0_2_6DDEDE1A | |
Source: | Code function: | 0_2_6DDF32E8 | |
Source: | Code function: | 0_2_6DE1C3B1 | |
Source: | Code function: | 0_2_6DE1C3B1 | |
Source: | Code function: | 3_2_02A7E0C8 | |
Source: | Code function: | 3_2_02A7E47A | |
Source: | Code function: | 3_2_02A7ABC9 | |
Source: | Code function: | 3_2_02A7E164 | |
Source: | Code function: | 3_2_02A7AF7F | |
Source: | Code function: | 3_2_6DDEDE1A | |
Source: | Code function: | 3_2_6DDF32E8 | |
Source: | Code function: | 3_2_6DE1C3B1 | |
Source: | Code function: | 3_2_6DE1C3B1 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_6DDFAFAC |
Source: | Code function: | 0_2_6DDFAFAC |
Source: | Code function: | 0_2_6DDC1BAC |
Source: | Code function: | 0_2_6DE1E2D8 | |
Source: | Code function: | 0_2_6DE1E207 | |
Source: | Code function: | 0_2_6DE1DE0E | |
Source: | Code function: | 3_2_6DE1E2D8 | |
Source: | Code function: | 3_2_6DE1E207 | |
Source: | Code function: | 3_2_6DE1DE0E |
Source: | Code function: | 0_2_6DDF3484 |
Source: | Code function: | 0_2_6DDEFEBA | |
Source: | Code function: | 3_2_6DDEFEBA |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 3_2_02A79135 |
Source: | Code function: | 0_2_6DDFEC14 | |
Source: | Code function: | 0_2_6DDF2C5A | |
Source: | Code function: | 0_2_6DDFF468 | |
Source: | Code function: | 0_2_6DDFEF45 | |
Source: | Code function: | 0_2_6DDFEEC8 | |
Source: | Code function: | 0_2_6DDFEE88 | |
Source: | Code function: | 0_2_6DDF29A0 | |
Source: | Code function: | 0_2_6DDEE036 | |
Source: | Code function: | 0_2_6DDFAB64 | |
Source: | Code function: | 0_2_6DDFF2E7 | |
Source: | Code function: | 0_2_6DDF2A26 | |
Source: | Code function: | 3_2_6DDF2C5A | |
Source: | Code function: | 3_2_6DDFEC14 | |
Source: | Code function: | 3_2_6DDFD10F | |
Source: | Code function: | 3_2_6DDFF468 | |
Source: | Code function: | 3_2_6DDFEFC8 | |
Source: | Code function: | 3_2_6DDFEF45 | |
Source: | Code function: | 3_2_6DDFEEC8 | |
Source: | Code function: | 3_2_6DDFEE88 | |
Source: | Code function: | 3_2_6DDFF1BD | |
Source: | Code function: | 3_2_6DDF29A0 | |
Source: | Code function: | 3_2_6DDEE036 | |
Source: | Code function: | 3_2_6DDFF394 | |
Source: | Code function: | 3_2_6DDFAB64 | |
Source: | Code function: | 3_2_6DDFCB0D | |
Source: | Code function: | 3_2_6DDFF2E7 | |
Source: | Code function: | 3_2_6DDF2A26 |
Source: | Code function: | 0_2_6DDC1ADA |
Source: | Code function: | 3_2_02A79135 |
Source: | Code function: | 0_2_6DDC1F0E |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection12 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Security Account Manager | Security Software Discovery3 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information21 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Rundll321 | LSA Secrets | Account Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing1 | Cached Domain Credentials | System Owner/User Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | File and Directory Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | System Information Discovery23 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
outlook.com | 40.97.116.82 | true | false | high | |
HHN-efz.ms-acdc.office.com | 40.101.137.98 | true | false | high | |
FRA-efz.ms-acdc.office.com | 52.97.152.210 | true | false | high | |
www.outlook.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
40.101.137.98 | HHN-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.152.210 | FRA-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.144.2 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.233.2 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.116.82 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 445164 |
Start date: | 07.07.2021 |
Start time: | 10:40:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 5.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 31 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.troj.winDLL@18/7@6/5 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:42:35 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
52.97.152.210 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
52.97.144.2 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
52.97.233.2 | Get hash | malicious | Browse | ||
40.97.116.82 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HHN-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50344 |
Entropy (8bit): | 2.003853863777815 |
Encrypted: | false |
SSDEEP: | 96:ryZlZW2OWEtfbfOq5KMvhqUhQAoxhHS7c3MVs7c8w7Uksw7UONvjaUntvHaaI1v8:ryZlZW2OWEtDfONMgbzJMj/N1tw/o7og |
MD5: | 1B2C08B04283EF2331ACDE91B8BBCB4D |
SHA1: | 43A807C8569A26885E912103F9D6D63547638D07 |
SHA-256: | 77E5A7867B6DA6BC138D8896ACB6DE61361F526F8CA51CE601A9E68DC95E6992 |
SHA-512: | 9FA7CD627AAEC7EF1B91992798BE68E7E8FA91E5D9390CD925E2E8457F3EF83B37C7EFCD81CDF11BA26FFBEE205828C74B771815C9A970451DC2178837BE0C59 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27384 |
Entropy (8bit): | 1.848069425899241 |
Encrypted: | false |
SSDEEP: | 96:rBZqQ+6sBSdj32DWuMyywBSlHGd9sRwBSlHGd9gSlZA:rBZqQ+6skdj32DWuMyyw2HK+Rw2HKLZA |
MD5: | ABBBABDCEF013C7360EF262DA94D0BB1 |
SHA1: | 7886E7C0D416567109ED45A58EB4C63AEC4DA13D |
SHA-256: | 5F82BCE7575218FED78D6771274A7CE3F2F9450019B37CA1A44043E2DE1B67AD |
SHA-512: | 8291D7D23C35B5B0F5B6A61C70D230968DBD70E0E1700EBC282F4B3F5291DBC87FEB2363F03A2E152C70AC4ADF2691F1F493798A41BB960CD8A6D3EF3CC31B24 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27376 |
Entropy (8bit): | 1.8498140810925014 |
Encrypted: | false |
SSDEEP: | 96:rnZfQj6tBSHjp2BWBMXa6lBlfcFXgxlBlfcFXAl4A:rnZfQj6tkHjp2BWBMXa6lzfHxlzfb4A |
MD5: | E314AEEF8885724C4F91A74CBF288AAE |
SHA1: | C299E34AFACD5E67A2748443AE4F3D71D1213174 |
SHA-256: | 3DC9BB6E88346FF7285AA2B7BE18C8FA94331C42DD48253FBC3436DFB8BF4F00 |
SHA-512: | 5F8250CF15954ABC4BB60ACB1ACF7952D010260D8235530CE4EFD02F30391E33C9E2F50CB2997E1F86CD442A7F660D2FF01C482CEF93D11C50606E1598ECECB9 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | modified |
Size (bytes): | 89 |
Entropy (8bit): | 4.429518442893874 |
Encrypted: | false |
SSDEEP: | 3:oVXUdUbXIyB8JOGXnEdUbXIy6j+n:o9UVQqEVi |
MD5: | 7551EDFC2A095038308DE03A979AEA3B |
SHA1: | 28A3E4408ABBD841E14B80C82D712894D7480A73 |
SHA-256: | FD0B2F23730CC3AAAFEB969CE5AFF07BAD4CA1EDA987671346FE6513CB7AFDD6 |
SHA-512: | 96F41AF45753FAFA2DAA35022B02841153EE8C98894ED530A8F16C72B5FC7774FDEF2C0A8211843F4059E613087DB806F685CE058F6B9C782AAB30614607EA12 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39649 |
Entropy (8bit): | 0.5767042893555584 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+NTRwzRlBlfcFX2lBlfcFX+lBlfcFX3:kBqoxKAuqR+NTRwzRlzfrlzf3lzf8 |
MD5: | 5E4E8D633EEC37451CA584FB977CD2A3 |
SHA1: | F2FDC159F116F1F666876081CD57C21FF4D6F629 |
SHA-256: | 54912DA24BE3C7F0278AFF9A7FA3748F20BB70B7A444BB6D36219E8F5BAF910E |
SHA-512: | 7E54E62E35EB7DF22657B5BD7374BF2634C9C0DBFFD8497175740591CB19AE20193A72555931D96A1B958AC9333606CE6D4A9264F4B10EC2A5DB786A015AF97C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13237 |
Entropy (8bit): | 0.6015770581866133 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9lo59loZ9lWN5iG5PA:kBqoIC8N5iG5PA |
MD5: | 48DB8549900DAE5BC2552D048ED02C3F |
SHA1: | 6C535A402C05BF8FEFC3500973D9F4393FC67277 |
SHA-256: | 3DB755B3A9C5F18FE0694056E963504C59603244F11C801A72991E62CA219BC6 |
SHA-512: | 0792497457374046404D96816FCA01748D62D3CC87FA6E5AC22B3593D55E707E89A2EE3FEA72DC7C07A6ED6D27944FF062C781B334E06C7A871A88AFBF418890 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39665 |
Entropy (8bit): | 0.576637477758457 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+uoCLYewBSlHGd9uwBSlHGd9+wBSlHGd93:kBqoxKAuqR+uoCLYew2HK0w2HK0w2HK1 |
MD5: | 3252CDAF94741DE42A0C2C0887F7B2AA |
SHA1: | 917057587119E9A2610A30B1F1538C94B99E6179 |
SHA-256: | DBDD2E68C5A55AD1E178E0860709F5D0AB2205E30D8D0FF184B95D39DD820087 |
SHA-512: | 15321A223617B5C9296F57B79AAF13884F8427488F380BE084BA9A19BF9EBA0C4B0518D6D9F4D0B3EEE6C3FD31795D593F8DBD107ADB8C865CABA1F13C9B1887 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.907972335888756 |
TrID: |
|
File name: | 5.dll |
File size: | 227342 |
MD5: | fceb6a51be4205d11be1491f6e263cae |
SHA1: | 0abb60d37fac49912172c5385ff58e049520eb53 |
SHA256: | c521dd937ce9b2e8bda2fa915bae5b5be0e150a8b82e3b2bfb1cdbc60a8326c4 |
SHA512: | 0dd278f5499a28f3ae536fd1870cbedbfb1da34f07d9210f09b86c5167d04be4f0eb1ffbcb922d3b01afe83cf9cd9f620e5c4abf0a27a569c954e6d7cc9451e7 |
SSDEEP: | 3072:Ndmt0uTpBxy1mXhKvuE3GThWccntEvAJjHPLpvLHMwsJyV/vl5PX8J/g9vN:N85ykhKWE3UhwmMjjpvjMwskD5f8JsvN |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~@........................................D...................................................Rich............PE..L......S... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x10facd0 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5396CBB2 [Tue Jun 10 09:11:14 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | ea5307b4a63215686c0cdc83cff5fcba |
Entrypoint Preview |
---|
Instruction |
---|
cmp byte ptr [esp+08h], 00000001h |
jne 00007FA454D122CFh |
pushad |
mov esi, 010C4000h |
lea edi, dword ptr [esi-000C3000h] |
push edi |
jmp 00007FA454D12102h |
nop |
nop |
nop |
nop |
nop |
nop |
mov al, byte ptr [esi] |
inc esi |
mov byte ptr [edi], al |
inc edi |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FA454D120DFh |
mov eax, 00000001h |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
add ebx, ebx |
jnc 00007FA454D120FDh |
jne 00007FA454D1211Ah |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FA454D12111h |
dec eax |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
jmp 00007FA454D120C6h |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
jmp 00007FA454D12144h |
xor ecx, ecx |
sub eax, 03h |
jc 00007FA454D12103h |
shl eax, 08h |
mov al, byte ptr [esi] |
inc esi |
xor eax, FFFFFFFFh |
je 00007FA454D12167h |
sar eax, 1 |
mov ebp, eax |
jmp 00007FA454D120FDh |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FA454D120BEh |
inc ecx |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007FA454D120B0h |
add ebx, ebx |
jne 00007FA454D120F9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
add ebx, ebx |
jnc 00007FA454D120E1h |
jne 00007FA454D120FBh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jnc 00007FA454D120D6h |
add ecx, 02h |
cmp ebp, 00000000h |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xfb2b4 | 0x80 | .rsrc |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xfb1dc | 0xd8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xfb000 | 0x1dc | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xfb334 | 0x10 | .rsrc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xfaebc | 0x48 | UPX1 |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0xc3000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
UPX1 | 0xc4000 | 0x37000 | 0x37000 | False | 0.987744140625 | data | 7.91565633635 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xfb000 | 0x1000 | 0x400 | False | 0.490234375 | data | 4.47756536718 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0xfb05c | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
GDI32.dll | PatBlt |
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect |
USER32.dll | GetWindowRect |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Clockcondition | 1 | 0x1021070 |
Dogwhen | 2 | 0x1021fa0 |
Sing | 3 | 0x1022080 |
Wholegray | 4 | 0x1022270 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/07/21-10:42:51.274973 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
07/07/21-10:42:51.274973 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 7, 2021 10:42:51.090818882 CEST | 49720 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.090912104 CEST | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.272027016 CEST | 80 | 49721 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:51.272280931 CEST | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.272367954 CEST | 80 | 49720 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:51.272512913 CEST | 49720 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.274972916 CEST | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.455990076 CEST | 80 | 49721 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:51.456219912 CEST | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.456922054 CEST | 49721 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.494256020 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.636159897 CEST | 80 | 49721 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:51.676846981 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:51.680841923 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:51.827325106 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.014647961 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:52.014681101 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:52.014705896 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:52.014846087 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.014877081 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.081208944 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.093198061 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.265033007 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:52.265264988 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.278367996 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:52.278536081 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.376544952 CEST | 49722 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:52.559003115 CEST | 443 | 49722 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:53.386189938 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.387068033 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.435702085 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.435808897 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.436583996 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.436794996 CEST | 443 | 49724 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.436893940 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.437544107 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.486001015 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.486032963 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.486056089 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.486118078 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.486159086 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.497411013 CEST | 443 | 49724 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.497447968 CEST | 443 | 49724 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.497472048 CEST | 443 | 49724 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.497551918 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.497587919 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.499181032 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.499806881 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.506491899 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.546751022 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.547455072 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.547595978 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.549876928 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.549968958 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.550431967 CEST | 49723 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.554781914 CEST | 443 | 49724 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:53.555263996 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:53.597332954 CEST | 443 | 49723 | 40.101.137.98 | 192.168.2.5 |
Jul 7, 2021 10:42:54.063404083 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.063575029 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.110462904 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.110488892 CEST | 443 | 49726 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.110635042 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.112159014 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.115689993 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.116274118 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.163465977 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163490057 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163506031 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163583040 CEST | 443 | 49726 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163592100 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.163613081 CEST | 443 | 49726 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163621902 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.163638115 CEST | 443 | 49726 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.163681030 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.163696051 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.547020912 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.547854900 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.569293022 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.600734949 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.601027966 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.601119995 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.619752884 CEST | 443 | 49726 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.619885921 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:54.623085976 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.623105049 CEST | 443 | 49725 | 52.97.233.2 | 192.168.2.5 |
Jul 7, 2021 10:42:54.623250961 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:56.625698090 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.648083925 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.718204975 CEST | 49720 | 80 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.718823910 CEST | 49724 | 443 | 192.168.2.5 | 40.101.137.98 |
Jul 7, 2021 10:42:56.718935013 CEST | 49726 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:56.719031096 CEST | 49725 | 443 | 192.168.2.5 | 52.97.233.2 |
Jul 7, 2021 10:42:56.804682970 CEST | 443 | 49727 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:56.804963112 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.827092886 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:56.827358007 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.850275040 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:56.850389004 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.031389952 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031430006 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031450033 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031572104 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.031594992 CEST | 443 | 49727 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031615019 CEST | 443 | 49727 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031630993 CEST | 443 | 49727 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.031656027 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.031779051 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.070467949 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.070512056 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.078717947 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.250322104 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.250416040 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.250737906 CEST | 443 | 49727 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.250828028 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.259902954 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.260294914 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.260329962 CEST | 49728 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:57.327436924 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.327761889 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.372603893 CEST | 443 | 49729 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.372710943 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.372710943 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.372786999 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.373833895 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.373913050 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.420603991 CEST | 443 | 49729 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.420639992 CEST | 443 | 49729 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.420808077 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.420820951 CEST | 443 | 49729 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.420826912 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.420969009 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.421335936 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.421390057 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.421423912 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.423101902 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.423132896 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.434680939 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.434770107 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.435750008 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.439167976 CEST | 443 | 49728 | 40.97.116.82 | 192.168.2.5 |
Jul 7, 2021 10:42:57.480983973 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.481021881 CEST | 443 | 49729 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.481040955 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.481177092 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.481224060 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.483671904 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.483808994 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.484093904 CEST | 49730 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:57.529190063 CEST | 443 | 49730 | 52.97.152.210 | 192.168.2.5 |
Jul 7, 2021 10:42:57.579144001 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.579444885 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.624507904 CEST | 443 | 49731 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.624553919 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.624711037 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.625358105 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.626530886 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.626655102 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.672415018 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.672446012 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.672461033 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.672542095 CEST | 443 | 49731 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.672554016 CEST | 443 | 49731 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.672565937 CEST | 443 | 49731 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.680099964 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.680151939 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.695789099 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.696211100 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.696568966 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.741426945 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.741890907 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.742218018 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.742263079 CEST | 443 | 49731 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.742338896 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:57.750545025 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.750580072 CEST | 443 | 49732 | 52.97.144.2 | 192.168.2.5 |
Jul 7, 2021 10:42:57.750969887 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:58.934267044 CEST | 49727 | 443 | 192.168.2.5 | 40.97.116.82 |
Jul 7, 2021 10:42:58.934361935 CEST | 49729 | 443 | 192.168.2.5 | 52.97.152.210 |
Jul 7, 2021 10:42:58.934520960 CEST | 49732 | 443 | 192.168.2.5 | 52.97.144.2 |
Jul 7, 2021 10:42:58.934555054 CEST | 49731 | 443 | 192.168.2.5 | 52.97.144.2 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 7, 2021 10:41:06.493637085 CEST | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:06.543250084 CEST | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:07.554013014 CEST | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:07.600009918 CEST | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:07.859673023 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:07.922938108 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:08.033090115 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:08.084286928 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:08.444116116 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:08.490957022 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:10.187633991 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:10.235408068 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:11.916913033 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:11.969238043 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:13.034820080 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:13.083679914 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:14.300179005 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:14.347477913 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:50.303306103 CEST | 59736 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:50.305263042 CEST | 51058 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:50.305418968 CEST | 52636 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:50.350764036 CEST | 53 | 59736 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:50.353497028 CEST | 53 | 52636 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:50.354608059 CEST | 53 | 51058 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:41:50.467432022 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:41:50.518011093 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:22.293884039 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:22.340636969 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:23.517817974 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:23.566267014 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:24.820453882 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:24.867818117 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:25.943399906 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:25.991075039 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:32.901308060 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:32.978351116 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:48.833185911 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:48.882189989 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:51.021521091 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:51.070379019 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:53.333837032 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:53.382605076 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:54.000277042 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:54.047828913 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:56.563894987 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:56.612906933 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:57.276827097 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:57.325242996 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:42:57.526649952 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:42:57.574337959 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:05.758491039 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:05.814879894 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:14.342447042 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:14.395380974 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:18.729798079 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:18.776760101 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:19.727202892 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:19.774288893 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:20.740657091 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:20.787770033 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:22.740407944 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:22.787152052 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Jul 7, 2021 10:43:26.756454945 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Jul 7, 2021 10:43:26.803472996 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 7, 2021 10:42:51.021521091 CEST | 192.168.2.5 | 8.8.8.8 | 0xed2a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 7, 2021 10:42:53.333837032 CEST | 192.168.2.5 | 8.8.8.8 | 0x696b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 7, 2021 10:42:54.000277042 CEST | 192.168.2.5 | 8.8.8.8 | 0xf187 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 7, 2021 10:42:56.563894987 CEST | 192.168.2.5 | 8.8.8.8 | 0x2e0a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 7, 2021 10:42:57.276827097 CEST | 192.168.2.5 | 8.8.8.8 | 0x6302 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 7, 2021 10:42:57.526649952 CEST | 192.168.2.5 | 8.8.8.8 | 0x49fa | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:51.070379019 CEST | 8.8.8.8 | 192.168.2.5 | 0xed2a | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | 40.101.137.98 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | 52.98.175.18 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | 52.97.233.34 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:53.382605076 CEST | 8.8.8.8 | 192.168.2.5 | 0x696b | No error (0) | 52.97.150.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | 52.97.233.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | 52.98.171.242 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | 52.98.151.226 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:54.047828913 CEST | 8.8.8.8 | 192.168.2.5 | 0xf187 | No error (0) | 52.98.152.162 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:56.612906933 CEST | 8.8.8.8 | 192.168.2.5 | 0x2e0a | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | 52.97.152.210 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | 40.101.19.146 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.325242996 CEST | 8.8.8.8 | 192.168.2.5 | 0x6302 | No error (0) | 40.101.83.194 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | 52.97.144.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | 52.97.163.2 | A (IP address) | IN (0x0001) | ||
Jul 7, 2021 10:42:57.574337959 CEST | 8.8.8.8 | 192.168.2.5 | 0x49fa | No error (0) | 52.97.188.66 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49721 | 40.97.116.82 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jul 7, 2021 10:42:51.274972916 CEST | 1487 | OUT | |
Jul 7, 2021 10:42:51.455990076 CEST | 1488 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 10:41:12 |
Start date: | 07/07/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1170000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:41:12 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x150000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:41:13 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:41:13 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 10:41:17 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:41:23 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:41:28 |
Start date: | 07/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x960000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:42:47 |
Start date: | 07/07/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff762e70000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:42:48 |
Start date: | 07/07/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 10:42:53 |
Start date: | 07/07/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE17B0, Relevance: 11.0, APIs: 7, Instructions: 527COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1996, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1A44, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1456, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1D4B, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DEBABF7, Relevance: 6.3, APIs: 4, Instructions: 308COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1717, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC15EA, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1020, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEA52E, Relevance: 4.5, APIs: 3, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEAC30, Relevance: 3.0, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF2A8A, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC16F1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1634, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC1F0E, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEFEBA, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF29A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF2A26, Relevance: 1.5, APIs: 1, Instructions: 18COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF3484, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDC2184, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DE1DE0E, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DE1E207, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF2EBD, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE2490, Relevance: 10.8, APIs: 7, Instructions: 299COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF4A63, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE93DF, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF82CC, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE2860, Relevance: 6.3, APIs: 4, Instructions: 253COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE8000, Relevance: 6.2, APIs: 4, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE9512, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEEF8B, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF9842, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF6CFE, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDED309, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE17B0, Relevance: 11.0, APIs: 7, Instructions: 527COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7AC55, Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 209libraryCOMMON
C-Code - Quality: 51% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A71A08, Relevance: 10.6, APIs: 7, Instructions: 75COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 74% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A762DA, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 145stringCOMMON
C-Code - Quality: 22% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DEBABF7, Relevance: 6.3, APIs: 4, Instructions: 308COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 78% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7486F, Relevance: 6.1, APIs: 4, Instructions: 59COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A78D14, Relevance: 4.6, APIs: 3, Instructions: 94memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7A376, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEA52E, Relevance: 4.5, APIs: 3, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A71526, Relevance: 3.8, APIs: 3, Instructions: 81COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7219B, Relevance: 3.1, APIs: 2, Instructions: 112COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A758DB, Relevance: 3.0, APIs: 2, Instructions: 40COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A74ECA, Relevance: 3.0, APIs: 2, Instructions: 26COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEAC30, Relevance: 3.0, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF2A8A, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A748F1, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
C-Code - Quality: 34% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7A71F, Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A75356, Relevance: 1.3, APIs: 1, Instructions: 43memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A71AE2, Relevance: 1.3, APIs: 1, Instructions: 36sleepCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A74A09, Relevance: 1.3, APIs: 1, Instructions: 23COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 95% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF2EBD, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 27% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE2490, Relevance: 10.8, APIs: 7, Instructions: 299COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A78EA1, Relevance: 10.6, APIs: 7, Instructions: 109librarymemoryloaderCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A71BB6, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68stringCOMMON
C-Code - Quality: 63% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF4A63, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE93DF, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7853F, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 167stringCOMMON
C-Code - Quality: 88% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7A199, Relevance: 7.6, APIs: 5, Instructions: 83COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF82CC, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A73DE9, Relevance: 7.5, APIs: 5, Instructions: 45COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A73E69, Relevance: 7.5, APIs: 5, Instructions: 37COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE2860, Relevance: 6.3, APIs: 4, Instructions: 253COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE8000, Relevance: 6.2, APIs: 4, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 46% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDE9512, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDEEF8B, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A753C6, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
C-Code - Quality: 85% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A715FF, Relevance: 6.1, APIs: 4, Instructions: 124COMMON
C-Code - Quality: 42% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF9842, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 38% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A736B1, Relevance: 6.1, APIs: 4, Instructions: 87sleepCOMMON
C-Code - Quality: 40% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDF6CFE, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6DDED309, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A76840, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A71B42, Relevance: 6.0, APIs: 4, Instructions: 29memoryCOMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A75AF1, Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A745C6, Relevance: 5.0, APIs: 4, Instructions: 39stringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02A7361A, Relevance: 5.0, APIs: 4, Instructions: 27stringCOMMON
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |