Windows Analysis Report 945.dll
Overview
General Information
Detection
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "ovNAU+HRorLZmwnDvbYFDY7UA+FTIAnF2uJSQd0M+N3ep6CVEhoDrEXACstP09QHK7cBl9nMAaFI1as0K4aXOQKngdScIQbDa3MQ98Ce9MYRMvxGUI05fSIRRFzMYffOXQr97vVUUUPjsYgfkDWS2eKPxSe5dz/pF0mjA0T8ibOLzHmVMs4vVv+nwVAw0xpD", "c2_domain": ["outlook.com", "auredosite.club", "vuredosite.club"], "botnet": "8877", "server": "12", "serpent_key": "30218409ILPAJDUR", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 14 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 0_2_6E1F1996 | |
Source: | Code function: | 0_2_6E1F1A44 | |
Source: | Code function: | 0_2_6E1F23A5 |
Source: | Code function: | 0_2_6E1F2184 | |
Source: | Code function: | 0_2_6E2117B0 | |
Source: | Code function: | 0_2_6E224E00 | |
Source: | Code function: | 0_2_6E22BE61 | |
Source: | Code function: | 0_2_6E220DB8 | |
Source: | Code function: | 0_2_6E2205E5 | |
Source: | Code function: | 0_2_6E2288B7 | |
Source: | Code function: | 0_2_6E2309C8 | |
Source: | Code function: | 3_2_6E2117B0 | |
Source: | Code function: | 3_2_6E224E00 | |
Source: | Code function: | 3_2_6E22BE61 | |
Source: | Code function: | 3_2_6E220DB8 | |
Source: | Code function: | 3_2_6E2205E5 | |
Source: | Code function: | 3_2_6E2288B7 | |
Source: | Code function: | 3_2_6E2309C8 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_6E1F1BAC |
Source: | Static PE information: |
Source: | Code function: | 0_2_6E1F2129 | |
Source: | Code function: | 0_2_6E1F2183 | |
Source: | Code function: | 0_2_6E21DE1A | |
Source: | Code function: | 0_2_6E2232E8 | |
Source: | Code function: | 0_2_6E20103E | |
Source: | Code function: | 3_2_6E21DE1A | |
Source: | Code function: | 3_2_6E20328A | |
Source: | Code function: | 3_2_6E203270 | |
Source: | Code function: | 3_2_6E2232E8 | |
Source: | Code function: | 3_2_6E202AD9 | |
Source: | Code function: | 3_2_6E20103E |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 0_2_6E22AFAC |
Source: | Code function: | 0_2_6E22AFAC |
Source: | Code function: | 0_2_6E1F1BAC |
Source: | Code function: | 0_2_6E24E2D8 | |
Source: | Code function: | 0_2_6E24E207 | |
Source: | Code function: | 0_2_6E24DE0E | |
Source: | Code function: | 3_2_6E24E2D8 | |
Source: | Code function: | 3_2_6E24E207 | |
Source: | Code function: | 3_2_6E24DE0E |
Source: | Code function: | 0_2_6E223484 |
Source: | Code function: | 0_2_6E21FEBA | |
Source: | Code function: | 3_2_6E21FEBA |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E22EC14 | |
Source: | Code function: | 0_2_6E22EE88 | |
Source: | Code function: | 0_2_6E22EEC8 | |
Source: | Code function: | 0_2_6E22EF45 | |
Source: | Code function: | 0_2_6E22EFC8 | |
Source: | Code function: | 0_2_6E222C5A | |
Source: | Code function: | 0_2_6E222A26 | |
Source: | Code function: | 0_2_6E22F2E7 | |
Source: | Code function: | 0_2_6E22CB0D | |
Source: | Code function: | 0_2_6E22AB64 | |
Source: | Code function: | 0_2_6E22F394 | |
Source: | Code function: | 0_2_6E21E036 | |
Source: | Code function: | 0_2_6E22D10F | |
Source: | Code function: | 0_2_6E2229A0 | |
Source: | Code function: | 0_2_6E22F1BD | |
Source: | Code function: | 3_2_6E22EC14 | |
Source: | Code function: | 3_2_6E222C5A | |
Source: | Code function: | 3_2_6E22D10F | |
Source: | Code function: | 3_2_6E22EE88 | |
Source: | Code function: | 3_2_6E22EEC8 | |
Source: | Code function: | 3_2_6E22EF45 | |
Source: | Code function: | 3_2_6E22EFC8 | |
Source: | Code function: | 3_2_6E222A26 | |
Source: | Code function: | 3_2_6E22F2E7 | |
Source: | Code function: | 3_2_6E22CB0D | |
Source: | Code function: | 3_2_6E22AB64 | |
Source: | Code function: | 3_2_6E22F394 | |
Source: | Code function: | 3_2_6E21E036 | |
Source: | Code function: | 3_2_6E2229A0 | |
Source: | Code function: | 3_2_6E22F1BD |
Source: | Code function: | 0_2_6E1F1ADA |
Source: | Code function: | 0_2_6E1F1F0E |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection12 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Security Account Manager | Security Software Discovery3 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Rundll321 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery13 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Metadefender | Browse | ||
59% | ReversingLabs | Win32.Trojan.Ursnif |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
stivers-ricsovers.com | 3.65.154.208 | true | false | unknown | |
adpmbtj.com | 192.99.16.134 | true | false | unknown | |
ZRH-efz.ms-acdc.office.com | 52.97.201.242 | true | false | high | |
stats.l.doubleclick.net | 74.125.128.154 | true | false | high | |
redtube.com | 66.254.114.238 | true | false | high | |
vip0x055.ssl.rncdn5.com | 205.185.208.85 | true | false | unknown | |
vip0x04f.ssl.rncdn5.com | 205.185.208.79 | true | false | unknown | |
hubtraffic.com | 66.254.114.32 | true | false | high | |
outlook.com | 40.97.116.82 | true | false | high | |
ei-ph.rdtcdn.com.sds.rncdn7.com | 64.210.135.68 | true | false | unknown | |
ei.rdtcdn.com.sds.rncdn7.com | 64.210.135.70 | true | false | unknown | |
ads.trafficjunky.net | 66.254.114.38 | true | false | high | |
vuredosite.club | 37.120.222.6 | true | true | unknown | |
www.google.ch | 172.217.168.3 | true | false | high | |
vip0x08e.ssl.rncdn5.com | 205.185.208.142 | true | false | unknown | |
static.trafficjunky.com | unknown | unknown | false | high | |
www.adpmbtj.com | unknown | unknown | false | unknown | |
s2.static.cfgr3.com | unknown | unknown | false | unknown | |
www.redtube.com | unknown | unknown | false | high | |
di.rdtcdn.com | unknown | unknown | false | high | |
ei-ph.rdtcdn.com | unknown | unknown | false | high | |
cdn1d-static-shared.phncdn.com | unknown | unknown | false | high | |
outlook.office365.com | unknown | unknown | false | high | |
stats.g.doubleclick.net | unknown | unknown | false | high | |
ht.redtube.com | unknown | unknown | false | high | |
hw-cdn.trafficjunky.net | unknown | unknown | false | high | |
www.outlook.com | unknown | unknown | false | high | |
ei.rdtcdn.com | unknown | unknown | false | high | |
di-ph.rdtcdn.com | unknown | unknown | false | high | |
v.vfgte.com | unknown | unknown | false | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.97.201.242 | ZRH-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.128.194 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.232.194 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.186.114 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.98.168.178 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.97.116.82 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 448650 |
Start date: | 14.07.2021 |
Start time: | 15:45:12 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 8m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 945.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 28 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal80.troj.winDLL@18/7@34/7 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:47:08 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
52.97.201.242 | Get hash | malicious | Browse | ||
40.97.128.194 | Get hash | malicious | Browse |
| |
52.97.232.194 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ZRH-efz.ms-acdc.office.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
stats.l.doubleclick.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
stivers-ricsovers.com | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 50344 |
Entropy (8bit): | 2.007817288091259 |
Encrypted: | false |
SSDEEP: | 192:rZZeZu2TWetyf0NMPjPxPAYMP2TBVKAu4lIg:rPKFqewRPjPxPMP2TC4F |
MD5: | 72DFFC63D7B320FF56607CACBBF2D659 |
SHA1: | 9694D0EF54C82CAC4D3C55740C7C9298B725FE31 |
SHA-256: | 87260A3937BAA49E596D024895EE0EADC06DF10892C4CEFAEE87B8C557233A42 |
SHA-512: | B78566E638A0FA880AB105B031320A876761CDDE77F5F77762EA39FAB72C0354162E1CCEEE53864E89B37A097BA9F08E59D33C2F6AE288D6E235AA0F749E311A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27368 |
Entropy (8bit): | 1.839005711968297 |
Encrypted: | false |
SSDEEP: | 96:rWZtQd6jBSZjN2hWfMHigB96Juge/GxgB96Juge/g96ZA:rWZtQd6jkZjN2hWfMHigWlxgWuA |
MD5: | 6AB6BAE717B506BF99138EAD4712FD5D |
SHA1: | D968B18FA142DFAD6808349EE20F52AABF8A46F5 |
SHA-256: | B60F5051287D0F98A62928ABBD2B25CA46E8FACC716BCD585C41CBE70447C925 |
SHA-512: | CD3011896E2A9477020EEA8AA7A7C3241FE51AB12F6C011F0068BAFF675CFF1A72D104631751416CAB5B4A24D297B2ADC156F94B5B30A911810AFCD132EE4F07 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 27436 |
Entropy (8bit): | 1.8611245040893345 |
Encrypted: | false |
SSDEEP: | 96:rKZtQZ67BSijh2FW4MW+8BszVMkMPx8BszVMkMwszFCA:rKZtQZ67kijh2FW4MW+8Wzsx8WzezFCA |
MD5: | B45BE5E0689CA52E7AA317477CEAB2EB |
SHA1: | 0D308F7400E760E9053A8DC45D37FD4746C832A8 |
SHA-256: | C205717F2E113190755FCD2A714B8D891B4045EB9DB81ECB36868D55687B5033 |
SHA-512: | F3C842EA151F324A2E582FF32F71C8B9B6B2A202D6277F3BA389AD787E9199216849F8B86554B5918114E71F3A10148B87D8103A1114B058E420D34B3DDABE2E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 89 |
Entropy (8bit): | 4.45974266689267 |
Encrypted: | false |
SSDEEP: | 3:oVXUtJf0fBovpEH8JOGXnEtJf0fBovUSX+n:o9UtJsUiqEtJsUU7 |
MD5: | 5AF30AB03EEB684130F909A48D6C87EC |
SHA1: | E217A694B2C4E7EA04763EA6A99B9A577652016B |
SHA-256: | A743A35C1772ECEAA2F22B3765935A911CA50A23156F04EFC4FBFCC42F8B9F1A |
SHA-512: | 2813B7FE1FF192128C97894DB317964A66FCB38B7E330EA6A07456BD73BD7FBDF432E9BAA4311FDE3FE0A147DB756EDC53F1C64830D10949FDAE14E38AD52A97 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 13237 |
Entropy (8bit): | 0.5978024045945609 |
Encrypted: | false |
SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loMpF9loMr9lWMZofjBMjBMRyBMRTTTi:kBqoI7dhjBMjBMRyBMRvO |
MD5: | 288585C44B20EA24B2FD22E86C0AC593 |
SHA1: | D72E31BF7599CC277A793D645FECB07371B5E665 |
SHA-256: | DF52758571E4D35099BAA3057ACE9396DD2FEAA5D9B3EE51698BFF7531350701 |
SHA-512: | C277CDFDFDD901B86DAF202F718801A410E8B6B23FAFAF37282EDB242C8FFED45D31F59B77B899EB82AC0D8AC6464785A99CEAD24FADE5D13D29126DDC37B394 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39769 |
Entropy (8bit): | 0.5967894698585455 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+AGcdGM8BszVMkMC8BszVMkMm8BszVMkM3:kBqoxKAuqR+AGcdGM8WzH8Wzn8Wzs |
MD5: | 2D85FE4AF6F5C992507FB76E7BDA0792 |
SHA1: | A279DE73D9632650F4D76CF2FF77FD69FAA6EE06 |
SHA-256: | 90DCAC7CD40AD46F46C4EA799D12DA79C04C0D937AC1195862881314D51EC070 |
SHA-512: | 9E0774C8B71744D0329ECC51355627F3E3B650A8DFDF22470BB1FA39A9A7C312CA637DA93F334FDF2DC4F639C81D0E649B34B0A89019FF2562DD5A7092660B92 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\internet explorer\iexplore.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39633 |
Entropy (8bit): | 0.5703763819497271 |
Encrypted: | false |
SSDEEP: | 96:kBqoxKAuvScS+Z3lUX9gB96Juge/egB96Juge/+gB96Juge/3:kBqoxKAuqR+Z3lUX9gW7gW/gWk |
MD5: | 438BF405E16CD9C0230E87A245B3986D |
SHA1: | 3E253609827B74E371E078EE26FEA1E73D6DE489 |
SHA-256: | E36EBB25504C9233020CB6BBD89F01773C287628FE0BDF189F387E1DCC59E330 |
SHA-512: | C2BD4B2756B618C0EC6EC5FF881461B78C4EDEEC420699559D3773E444DC5CCC74D80B046A1CDBF830FFCFAB62355A40019A6EDAE1C05E4D3620451ED16F9B5A |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.657188224349107 |
TrID: |
|
File name: | 945.dll |
File size: | 381440 |
MD5: | 9453981ab8e71981bea907b3f2d11395 |
SHA1: | ca0f69ef71bf287bdd19a8a9811c1f0dd2ff50e6 |
SHA256: | fa97cd35d76337ff4a523ebdd7f879359a70432a14b7377f06df29c4679b3f70 |
SHA512: | 7c1dcf301adbda28a202f77d5898215ea7292ea3c1ccfa2bb8d2af97e417a1e11824c99c878694e972227d3f1038d63b5052d670b1aeb8226859a511245406c1 |
SSDEEP: | 6144:vC8nRa6tXFOspzA736NZVeC8i795fubASK9beZTX3l8Eo:J0SVOspFVWi7PWoBeZTX36 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........~@........................................D...................................................Rich............PE..L......S... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x102cd58 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x1000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5396CBB2 [Tue Jun 10 09:11:14 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 4c29865e356872ef0757b58734cbbb11 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F9BC4E898A7h |
call 00007F9BC4E94A8Fh |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F9BC4E898ACh |
add esp, 0Ch |
pop ebp |
retn 000Ch |
push 0000000Ch |
push 010591A8h |
call 00007F9BC4E8FDAEh |
xor eax, eax |
inc eax |
mov esi, dword ptr [ebp+0Ch] |
test esi, esi |
jne 00007F9BC4E898AEh |
cmp dword ptr [010F11A4h], esi |
je 00007F9BC4E8998Ah |
and dword ptr [ebp-04h], 00000000h |
cmp esi, 01h |
je 00007F9BC4E898A7h |
cmp esi, 02h |
jne 00007F9BC4E898D7h |
mov ecx, dword ptr [01052870h] |
test ecx, ecx |
je 00007F9BC4E898AEh |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call ecx |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007F9BC4E89957h |
push dword ptr [ebp+10h] |
push esi |
push dword ptr [ebp+08h] |
call 00007F9BC4E896B6h |
mov dword ptr [ebp-1Ch], eax |
test eax, eax |
je 00007F9BC4E89940h |
mov ebx, dword ptr [ebp+10h] |
push ebx |
push esi |
push dword ptr [ebp+08h] |
call 00007F9BC4E7E268h |
mov edi, eax |
mov dword ptr [ebp-1Ch], edi |
cmp esi, 01h |
jne 00007F9BC4E898CAh |
test edi, edi |
jne 00007F9BC4E898C6h |
push ebx |
push eax |
push dword ptr [ebp+08h] |
call 00007F9BC4E7E250h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call 00007F9BC4E8967Ch |
mov eax, dword ptr [01052870h] |
test eax, eax |
je 00007F9BC4E898A9h |
push ebx |
push edi |
push dword ptr [ebp+08h] |
call eax |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x597e0 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x59860 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xf4000 | 0x1e0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0xf5000 | 0x2b1c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x44220 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x57c58 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x44000 | 0x18c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x4211f | 0x42200 | False | 0.619808896503 | data | 6.63192382314 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x44000 | 0x16172 | 0x16200 | False | 0.578919491525 | data | 5.90225736165 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x5b000 | 0x980ec | 0x1c00 | False | 0.316824776786 | data | 3.9217328811 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0xf4000 | 0x1e0 | 0x200 | False | 0.529296875 | data | 4.724728912 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0xf5000 | 0x2b1c | 0x2c00 | False | 0.760919744318 | data | 6.67218651592 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_MANIFEST | 0xf4060 | 0x17d | XML 1.0 document text | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | CreateProcessA, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GetCurrentDirectoryA, SetSystemPowerState, SetConsoleCP, SetConsoleOutputCP, GetModuleHandleA, CreateFileW, ReadConsoleW, WriteConsoleW, SetStdHandle, OutputDebugStringW, LoadLibraryExW, GetTimeZoneInformation, GetModuleFileNameA, FormatMessageA, GetSystemTimeAsFileTime, GetProcessHeap, VirtualProtect, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, GetLastError, HeapFree, HeapAlloc, RaiseException, RtlUnwind, GetCommandLineA, GetCurrentThreadId, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, SetLastError, InitializeCriticalSectionAndSpinCount, Sleep, GetCurrentProcess, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetModuleHandleW, GetProcAddress, IsProcessorFeaturePresent, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ExitProcess, GetModuleHandleExW, HeapSize, GetStdHandle, WriteFile, GetModuleFileNameW, IsDebuggerPresent, IsValidCodePage, GetACP, GetOEMCP, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetEnvironmentStringsW, FreeEnvironmentStringsW, HeapReAlloc, CloseHandle, FlushFileBuffers, GetConsoleCP, GetConsoleMode, ReadFile, SetFilePointerEx, SetEnvironmentVariableA |
USER32.dll | GetWindowThreadProcessId, GetSysColorBrush, GetWindowRect, GetClientRect, GetForegroundWindow, CreatePopupMenu, DialogBoxIndirectParamA, CreateDialogIndirectParamA |
GDI32.dll | SetPixel, SelectObject, PatBlt, GetTextExtentPoint32A, StretchBlt |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
Clockcondition | 1 | 0x1021070 |
Dogwhen | 2 | 0x1021fa0 |
Sing | 3 | 0x1022080 |
Wholegray | 4 | 0x1022270 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
07/14/21-15:47:26.154158 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
07/14/21-15:48:10.427089 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49749 | 80 | 192.168.2.3 | 37.120.222.6 |
07/14/21-15:48:10.427089 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49749 | 80 | 192.168.2.3 | 37.120.222.6 |
07/14/21-15:48:10.738630 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49752 | 80 | 192.168.2.3 | 37.120.222.6 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 14, 2021 15:47:25.989392042 CEST | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:25.989968061 CEST | 49732 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.150331974 CEST | 80 | 49731 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.150696039 CEST | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.150943041 CEST | 80 | 49732 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.151027918 CEST | 49732 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.154158115 CEST | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.318327904 CEST | 80 | 49731 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.318474054 CEST | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.320472002 CEST | 49731 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.328516006 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.481333017 CEST | 80 | 49731 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.494771957 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.495333910 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.502996922 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.670855999 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.670883894 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.670903921 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.670977116 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.758119106 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.769977093 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.926234961 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.926341057 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.939838886 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:26.940000057 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.940577030 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:26.980247974 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:26.980273962 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:26.992584944 CEST | 443 | 49735 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:26.992638111 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:26.992702007 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:26.992758989 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:26.994007111 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:26.994034052 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.008249998 CEST | 443 | 49735 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.008328915 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.009030104 CEST | 443 | 49735 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.009100914 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.010123014 CEST | 443 | 49735 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.010147095 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.010179043 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.010200977 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.010204077 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.010247946 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.010283947 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.024437904 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.025389910 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.038981915 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.039047003 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.040153027 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.040429115 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.040499926 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.042076111 CEST | 49734 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.054507017 CEST | 443 | 49735 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.054573059 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:27.054687977 CEST | 443 | 49734 | 52.97.201.242 | 192.168.2.3 |
Jul 14, 2021 15:47:27.070327044 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.071512938 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.084609985 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.084723949 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.085218906 CEST | 443 | 49737 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.085330009 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.100254059 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.108099937 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.115005970 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.115029097 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.115086079 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.115086079 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.115111113 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.115128994 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.121824026 CEST | 443 | 49737 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.121891022 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.121932983 CEST | 443 | 49737 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.121949911 CEST | 443 | 49737 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.122030020 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.136324883 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.137356043 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.142796040 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.149606943 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.149624109 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.149713993 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.156028986 CEST | 443 | 49737 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.156106949 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.162636042 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.162653923 CEST | 443 | 49736 | 52.98.168.178 | 192.168.2.3 |
Jul 14, 2021 15:47:27.162719965 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.162760019 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:27.344629049 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.362498045 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.362720013 CEST | 49733 | 443 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:27.472296000 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.472443104 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.480575085 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.489728928 CEST | 443 | 49739 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.489845991 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.492162943 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.528579950 CEST | 443 | 49733 | 40.97.116.82 | 192.168.2.3 |
Jul 14, 2021 15:47:27.610167980 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.610224009 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.610243082 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.610280037 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.610312939 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.621855974 CEST | 443 | 49739 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.621876955 CEST | 443 | 49739 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.621890068 CEST | 443 | 49739 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.621989965 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.676908970 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.676973104 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.692152977 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.805732012 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.805771112 CEST | 443 | 49739 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.805836916 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.805869102 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.822774887 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.822900057 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.823189974 CEST | 49738 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:27.865708113 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.865712881 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.878146887 CEST | 443 | 49740 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.878179073 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.878413916 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.879163980 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.880019903 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.880135059 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.893385887 CEST | 443 | 49740 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893428087 CEST | 443 | 49740 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893445969 CEST | 443 | 49740 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893712044 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893740892 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893764973 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.893800974 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.893832922 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.895772934 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.895807981 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.905314922 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.905325890 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.905906916 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.918260098 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.918688059 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.918766022 CEST | 443 | 49740 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.918792963 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.921442032 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.921480894 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.921566010 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.921765089 CEST | 49741 | 443 | 192.168.2.3 | 52.97.232.194 |
Jul 14, 2021 15:47:27.933998108 CEST | 443 | 49741 | 52.97.232.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.950299025 CEST | 443 | 49738 | 40.97.128.194 | 192.168.2.3 |
Jul 14, 2021 15:47:27.968878984 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.968952894 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.981242895 CEST | 443 | 49742 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.981312990 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.981385946 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.981458902 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.982570887 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.982765913 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.995965004 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996010065 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996062040 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996067047 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.996077061 CEST | 443 | 49742 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996094942 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.996103048 CEST | 443 | 49742 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996126890 CEST | 443 | 49742 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:27.996139050 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.996156931 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:27.996195078 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.005089998 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.006068945 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.006774902 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.018382072 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:28.018570900 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:28.018647909 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.020140886 CEST | 443 | 49742 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:28.020221949 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.025572062 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:28.025607109 CEST | 443 | 49743 | 52.97.186.114 | 192.168.2.3 |
Jul 14, 2021 15:47:28.025651932 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.025672913 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:28.917479038 CEST | 49732 | 80 | 192.168.2.3 | 40.97.116.82 |
Jul 14, 2021 15:47:28.917793989 CEST | 49736 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:28.917851925 CEST | 49735 | 443 | 192.168.2.3 | 52.97.201.242 |
Jul 14, 2021 15:47:28.919277906 CEST | 49737 | 443 | 192.168.2.3 | 52.98.168.178 |
Jul 14, 2021 15:47:29.447514057 CEST | 49739 | 443 | 192.168.2.3 | 40.97.128.194 |
Jul 14, 2021 15:47:29.447717905 CEST | 49743 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:29.447787046 CEST | 49742 | 443 | 192.168.2.3 | 52.97.186.114 |
Jul 14, 2021 15:47:29.448146105 CEST | 49740 | 443 | 192.168.2.3 | 52.97.232.194 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 14, 2021 15:45:55.488998890 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:45:55.501785040 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:45:56.445756912 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:45:56.460350990 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:45:57.226844072 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:45:57.242974043 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:45:58.403458118 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:45:58.417110920 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:45:59.048475981 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:45:59.062093973 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:46:00.132510900 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:46:00.146876097 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:46:03.858011961 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:46:03.870150089 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:46:04.821085930 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:46:04.833889961 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:46:45.861063957 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:46:45.881283998 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:46:48.563987970 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:46:48.583336115 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:05.280278921 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:05.293802977 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:06.303096056 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:06.327312946 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:06.490039110 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:06.503245115 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:06.687244892 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:06.700505018 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:07.650053978 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:07.664172888 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:08.467902899 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:08.481935978 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:09.481250048 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:09.494187117 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:10.399305105 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:10.412659883 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:12.218470097 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:12.233186007 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:13.336014986 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:13.348953962 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:14.318495035 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:14.331463099 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:15.932454109 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:15.945157051 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:23.454758883 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:23.472738981 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:25.931644917 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:25.944113970 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:26.955091953 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:26.968219995 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:27.053947926 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:27.066414118 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:27.307626009 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:27.320375919 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:27.849246025 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:27.862534046 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:27.953054905 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:27.965689898 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:42.406006098 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:42.419842005 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:50.688385963 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:50.703099012 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:53.415575027 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:53.428577900 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:54.459445953 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:54.472902060 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:47:55.524586916 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:57.569026947 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:47:57.584511995 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:01.569389105 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:01.581948996 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:09.282047033 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:09.302505016 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:10.365509987 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:10.393398046 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:10.698997974 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:10.699883938 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:10.713897943 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:10.721282005 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:10.790649891 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:10.803733110 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.821281910 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.827414036 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.834091902 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.834767103 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.847233057 CEST | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.850749016 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.863822937 CEST | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.873614073 CEST | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.877441883 CEST | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.880283117 CEST | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.891727924 CEST | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.892944098 CEST | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.947179079 CEST | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.960560083 CEST | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:11.983000994 CEST | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.987709045 CEST | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:11.995903969 CEST | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.000539064 CEST | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.067157030 CEST | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.079461098 CEST | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.083242893 CEST | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.095902920 CEST | 63150 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.125993013 CEST | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.137020111 CEST | 53 | 63150 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.228458881 CEST | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.242551088 CEST | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.323012114 CEST | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.336105108 CEST | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.684083939 CEST | 53642 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.699738979 CEST | 53 | 53642 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.879894972 CEST | 55667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.893663883 CEST | 53 | 55667 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.907186985 CEST | 54833 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.942995071 CEST | 62476 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:12.956402063 CEST | 53 | 62476 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:12.987462044 CEST | 49705 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.014607906 CEST | 53 | 49705 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.028877020 CEST | 61477 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.032063007 CEST | 61633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.041376114 CEST | 53 | 61477 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.045175076 CEST | 53 | 61633 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.103856087 CEST | 55949 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.117070913 CEST | 53 | 55949 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.141252041 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.144398928 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.154074907 CEST | 53 | 57601 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.157198906 CEST | 53 | 49342 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.163647890 CEST | 53 | 54833 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.490489006 CEST | 56253 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.510392904 CEST | 53 | 56253 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.665746927 CEST | 49667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.678721905 CEST | 53 | 49667 | 8.8.8.8 | 192.168.2.3 |
Jul 14, 2021 15:48:13.952934027 CEST | 55439 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 14, 2021 15:48:13.966341019 CEST | 53 | 55439 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 14, 2021 15:47:25.931644917 CEST | 192.168.2.3 | 8.8.8.8 | 0xae44 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:47:26.955091953 CEST | 192.168.2.3 | 8.8.8.8 | 0xf6af | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:47:27.053947926 CEST | 192.168.2.3 | 8.8.8.8 | 0xcd84 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:47:27.307626009 CEST | 192.168.2.3 | 8.8.8.8 | 0x9da2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:47:27.849246025 CEST | 192.168.2.3 | 8.8.8.8 | 0xa15c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:47:27.953054905 CEST | 192.168.2.3 | 8.8.8.8 | 0x88c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:10.365509987 CEST | 192.168.2.3 | 8.8.8.8 | 0x1382 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:10.698997974 CEST | 192.168.2.3 | 8.8.8.8 | 0x246e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:10.699883938 CEST | 192.168.2.3 | 8.8.8.8 | 0x760d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:10.790649891 CEST | 192.168.2.3 | 8.8.8.8 | 0x28f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.821281910 CEST | 192.168.2.3 | 8.8.8.8 | 0x5a66 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.827414036 CEST | 192.168.2.3 | 8.8.8.8 | 0xf681 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.834091902 CEST | 192.168.2.3 | 8.8.8.8 | 0xb65c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.850749016 CEST | 192.168.2.3 | 8.8.8.8 | 0x65f2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.873614073 CEST | 192.168.2.3 | 8.8.8.8 | 0xaa8c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.877441883 CEST | 192.168.2.3 | 8.8.8.8 | 0xad42 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.880283117 CEST | 192.168.2.3 | 8.8.8.8 | 0x6d41 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.947179079 CEST | 192.168.2.3 | 8.8.8.8 | 0x7a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.983000994 CEST | 192.168.2.3 | 8.8.8.8 | 0xfad8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:11.987709045 CEST | 192.168.2.3 | 8.8.8.8 | 0x15e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.067157030 CEST | 192.168.2.3 | 8.8.8.8 | 0x9ffa | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.228458881 CEST | 192.168.2.3 | 8.8.8.8 | 0x330d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.684083939 CEST | 192.168.2.3 | 8.8.8.8 | 0x6311 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.879894972 CEST | 192.168.2.3 | 8.8.8.8 | 0x852 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.907186985 CEST | 192.168.2.3 | 8.8.8.8 | 0xb4b3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:12.987462044 CEST | 192.168.2.3 | 8.8.8.8 | 0xf5f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.028877020 CEST | 192.168.2.3 | 8.8.8.8 | 0xa57d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.032063007 CEST | 192.168.2.3 | 8.8.8.8 | 0xe7a8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.103856087 CEST | 192.168.2.3 | 8.8.8.8 | 0x6561 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.141252041 CEST | 192.168.2.3 | 8.8.8.8 | 0xd35 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.144398928 CEST | 192.168.2.3 | 8.8.8.8 | 0xa895 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.490489006 CEST | 192.168.2.3 | 8.8.8.8 | 0x1fb9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.665746927 CEST | 192.168.2.3 | 8.8.8.8 | 0x4639 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 14, 2021 15:48:13.952934027 CEST | 192.168.2.3 | 8.8.8.8 | 0x901b | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 14, 2021 15:47:06.327312946 CEST | 8.8.8.8 | 192.168.2.3 | 0xd187 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:25.944113970 CEST | 8.8.8.8 | 192.168.2.3 | 0xae44 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | ZRH-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | 52.97.201.242 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | 52.97.201.210 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | 52.97.186.146 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:26.968219995 CEST | 8.8.8.8 | 192.168.2.3 | 0xf6af | No error (0) | 52.97.186.114 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | ZRH-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | 52.98.168.178 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | 52.97.201.242 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | 52.97.201.226 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.066414118 CEST | 8.8.8.8 | 192.168.2.3 | 0xcd84 | No error (0) | 52.97.201.194 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.320375919 CEST | 8.8.8.8 | 192.168.2.3 | 0x9da2 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | ZRH-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | 52.97.232.194 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | 52.97.201.210 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | 52.97.232.210 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.862534046 CEST | 8.8.8.8 | 192.168.2.3 | 0xa15c | No error (0) | 52.98.163.18 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | ZRH-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | 52.97.186.114 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | 52.97.201.210 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | 52.97.201.226 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:47:27.965689898 CEST | 8.8.8.8 | 192.168.2.3 | 0x88c5 | No error (0) | 52.97.232.210 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.393398046 CEST | 8.8.8.8 | 192.168.2.3 | 0x1382 | No error (0) | 37.120.222.6 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.713897943 CEST | 8.8.8.8 | 192.168.2.3 | 0x760d | No error (0) | 37.120.222.6 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.721282005 CEST | 8.8.8.8 | 192.168.2.3 | 0x246e | No error (0) | redtube.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.721282005 CEST | 8.8.8.8 | 192.168.2.3 | 0x246e | No error (0) | 66.254.114.238 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.803733110 CEST | 8.8.8.8 | 192.168.2.3 | 0x28f8 | No error (0) | redtube.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:10.803733110 CEST | 8.8.8.8 | 192.168.2.3 | 0x28f8 | No error (0) | 66.254.114.238 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.834767103 CEST | 8.8.8.8 | 192.168.2.3 | 0x5a66 | No error (0) | vip0x08e.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.834767103 CEST | 8.8.8.8 | 192.168.2.3 | 0x5a66 | No error (0) | 205.185.208.142 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.847233057 CEST | 8.8.8.8 | 192.168.2.3 | 0xb65c | No error (0) | vip0x04f.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.847233057 CEST | 8.8.8.8 | 192.168.2.3 | 0xb65c | No error (0) | 205.185.208.79 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.863822937 CEST | 8.8.8.8 | 192.168.2.3 | 0x65f2 | No error (0) | cds.e9q5t8x5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.891727924 CEST | 8.8.8.8 | 192.168.2.3 | 0xad42 | No error (0) | cds.e9q5t8x5.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.892944098 CEST | 8.8.8.8 | 192.168.2.3 | 0x6d41 | No error (0) | vip0x04f.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.892944098 CEST | 8.8.8.8 | 192.168.2.3 | 0x6d41 | No error (0) | 205.185.208.79 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.960560083 CEST | 8.8.8.8 | 192.168.2.3 | 0x7a2 | No error (0) | hubtraffic.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.960560083 CEST | 8.8.8.8 | 192.168.2.3 | 0x7a2 | No error (0) | 66.254.114.32 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.995903969 CEST | 8.8.8.8 | 192.168.2.3 | 0xfad8 | No error (0) | vip0x04f.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:11.995903969 CEST | 8.8.8.8 | 192.168.2.3 | 0xfad8 | No error (0) | 205.185.208.79 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.000539064 CEST | 8.8.8.8 | 192.168.2.3 | 0x15e3 | No error (0) | hubtraffic.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.000539064 CEST | 8.8.8.8 | 192.168.2.3 | 0x15e3 | No error (0) | 66.254.114.32 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.079461098 CEST | 8.8.8.8 | 192.168.2.3 | 0xf681 | No error (0) | ei.rdtcdn.com.sds.rncdn7.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.079461098 CEST | 8.8.8.8 | 192.168.2.3 | 0xf681 | No error (0) | 64.210.135.70 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.079461098 CEST | 8.8.8.8 | 192.168.2.3 | 0xf681 | No error (0) | 64.210.135.72 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.079461098 CEST | 8.8.8.8 | 192.168.2.3 | 0xf681 | No error (0) | 64.210.135.68 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.083242893 CEST | 8.8.8.8 | 192.168.2.3 | 0x9ffa | No error (0) | vip0x04f.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.083242893 CEST | 8.8.8.8 | 192.168.2.3 | 0x9ffa | No error (0) | 205.185.208.79 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.125993013 CEST | 8.8.8.8 | 192.168.2.3 | 0xaa8c | No error (0) | ei.rdtcdn.com.sds.rncdn7.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.125993013 CEST | 8.8.8.8 | 192.168.2.3 | 0xaa8c | No error (0) | 64.210.135.72 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.125993013 CEST | 8.8.8.8 | 192.168.2.3 | 0xaa8c | No error (0) | 64.210.135.68 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.125993013 CEST | 8.8.8.8 | 192.168.2.3 | 0xaa8c | No error (0) | 64.210.135.70 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.242551088 CEST | 8.8.8.8 | 192.168.2.3 | 0x330d | No error (0) | vip0x08e.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.242551088 CEST | 8.8.8.8 | 192.168.2.3 | 0x330d | No error (0) | 205.185.208.142 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.699738979 CEST | 8.8.8.8 | 192.168.2.3 | 0x6311 | No error (0) | stats.l.doubleclick.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.699738979 CEST | 8.8.8.8 | 192.168.2.3 | 0x6311 | No error (0) | 74.125.128.154 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.699738979 CEST | 8.8.8.8 | 192.168.2.3 | 0x6311 | No error (0) | 74.125.128.156 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.699738979 CEST | 8.8.8.8 | 192.168.2.3 | 0x6311 | No error (0) | 74.125.128.157 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.699738979 CEST | 8.8.8.8 | 192.168.2.3 | 0x6311 | No error (0) | 74.125.128.155 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:12.893663883 CEST | 8.8.8.8 | 192.168.2.3 | 0x852 | No error (0) | cds.b8w3s7t8.hwcdn.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.014607906 CEST | 8.8.8.8 | 192.168.2.3 | 0xf5f8 | No error (0) | 172.217.168.3 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.041376114 CEST | 8.8.8.8 | 192.168.2.3 | 0xa57d | No error (0) | vip0x055.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.041376114 CEST | 8.8.8.8 | 192.168.2.3 | 0xa57d | No error (0) | 205.185.208.85 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.045175076 CEST | 8.8.8.8 | 192.168.2.3 | 0xe7a8 | No error (0) | 66.254.114.38 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | adpmbtj.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 192.99.16.134 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 192.99.16.68 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 142.4.219.200 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 192.99.16.137 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 192.99.16.114 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.117070913 CEST | 8.8.8.8 | 192.168.2.3 | 0x6561 | No error (0) | 192.99.16.132 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.154074907 CEST | 8.8.8.8 | 192.168.2.3 | 0xd35 | No error (0) | vip0x055.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.154074907 CEST | 8.8.8.8 | 192.168.2.3 | 0xd35 | No error (0) | 205.185.208.85 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.157198906 CEST | 8.8.8.8 | 192.168.2.3 | 0xa895 | No error (0) | 66.254.114.38 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.163647890 CEST | 8.8.8.8 | 192.168.2.3 | 0xb4b3 | No error (0) | ei-ph.rdtcdn.com.sds.rncdn7.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.163647890 CEST | 8.8.8.8 | 192.168.2.3 | 0xb4b3 | No error (0) | 64.210.135.68 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.163647890 CEST | 8.8.8.8 | 192.168.2.3 | 0xb4b3 | No error (0) | 64.210.135.70 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.163647890 CEST | 8.8.8.8 | 192.168.2.3 | 0xb4b3 | No error (0) | 64.210.135.72 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.510392904 CEST | 8.8.8.8 | 192.168.2.3 | 0x1fb9 | No error (0) | stivers-ricsovers.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.510392904 CEST | 8.8.8.8 | 192.168.2.3 | 0x1fb9 | No error (0) | 3.65.154.208 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.510392904 CEST | 8.8.8.8 | 192.168.2.3 | 0x1fb9 | No error (0) | 18.195.174.160 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.678721905 CEST | 8.8.8.8 | 192.168.2.3 | 0x4639 | No error (0) | vip0x08e.ssl.rncdn5.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.678721905 CEST | 8.8.8.8 | 192.168.2.3 | 0x4639 | No error (0) | 205.185.208.142 | A (IP address) | IN (0x0001) | ||
Jul 14, 2021 15:48:13.966341019 CEST | 8.8.8.8 | 192.168.2.3 | 0x901b | No error (0) | vip0x011.ssl.hwcdn.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49731 | 40.97.116.82 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jul 14, 2021 15:47:26.154158115 CEST | 1351 | OUT | |
Jul 14, 2021 15:47:26.318327904 CEST | 1351 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 15:46:03 |
Start date: | 14/07/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf40000 |
File size: | 116736 bytes |
MD5 hash: | 542795ADF7CC08EFCF675D65310596E8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 15:46:04 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xbd0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:46:04 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:46:04 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 15:46:09 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:46:13 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:46:19 |
Start date: | 14/07/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xaf0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:47:22 |
Start date: | 14/07/2021 |
Path: | C:\Program Files\internet explorer\iexplore.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff64d950000 |
File size: | 823560 bytes |
MD5 hash: | 6465CB92B25A7BC1DF8E01D8AC5E7596 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:47:23 |
Start date: | 14/07/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13d0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 15:47:25 |
Start date: | 14/07/2021 |
Path: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x13d0000 |
File size: | 822536 bytes |
MD5 hash: | 071277CC2E3DF41EEEA8013E2AB58D5A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2117B0, Relevance: 11.0, APIs: 7, Instructions: 527COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1996, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1A44, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1456, Relevance: 15.1, APIs: 10, Instructions: 98threadsleepsynchronizationCOMMON
C-Code - Quality: 79% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E213020, Relevance: 9.1, APIs: 6, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1D4B, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1717, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 111memoryCOMMON
C-Code - Quality: 90% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F15EA, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1020, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E225561, Relevance: 4.5, APIs: 3, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21A52E, Relevance: 4.5, APIs: 3, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21AC30, Relevance: 3.0, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E222A8A, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F16F1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1634, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E22F2E7, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F1F0E, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21FEBA, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2229A0, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E223484, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E1F2184, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E24DE0E, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E24E207, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E222EBD, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212490, Relevance: 10.8, APIs: 7, Instructions: 299COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E219B5B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E213220, Relevance: 9.1, APIs: 6, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E224A63, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2193DF, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2282CC, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212860, Relevance: 6.3, APIs: 4, Instructions: 253COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E218000, Relevance: 6.2, APIs: 4, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21EF8B, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E229842, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E226CFE, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21D309, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E213020, Relevance: 9.1, APIs: 6, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21A52E, Relevance: 4.5, APIs: 3, Instructions: 28COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21AC30, Relevance: 3.0, APIs: 2, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E222A8A, Relevance: 3.0, APIs: 2, Instructions: 16COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 6E22F2E7, Relevance: 6.1, APIs: 4, Instructions: 56COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E222EBD, Relevance: 18.1, APIs: 12, Instructions: 84COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212490, Relevance: 10.8, APIs: 7, Instructions: 299COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E219B5B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E213220, Relevance: 9.1, APIs: 6, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E224A63, Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2193DF, Relevance: 9.0, APIs: 6, Instructions: 38COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E2282CC, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E212860, Relevance: 6.3, APIs: 4, Instructions: 253COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E218000, Relevance: 6.2, APIs: 4, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21EF8B, Relevance: 6.1, APIs: 4, Instructions: 136COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E229842, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E226CFE, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E21D309, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |