Windows Analysis Report TRwrC.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: NanoCore |
---|
{"Version": "1.2.2.0", "Mutex": "e8dbb34a-f657-4ae4-ba56-6d78335a", "Group": "Minecraft SMP10PC", "Domain1": "domingos-50227.portmap.io", "Domain2": "domingos-50227.portmap.io", "Port": 50227, "KeyboardLogging": "Disable", "RunOnStartup": "Enable", "RequestElevation": "Enable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "8.8.8.8", "BackupDNSServer": "8.8.4.4"}
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 14 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
Click to see the 22 entries |
Sigma Overview |
---|
AV Detection: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
E-Banking Fraud: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Stealing of Sensitive Information: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Remote Access Functionality: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 5_2_00D2524A | |
Source: | Code function: | 5_2_02FC2FA8 | |
Source: | Code function: | 5_2_02FC23A0 | |
Source: | Code function: | 5_2_02FC3850 | |
Source: | Code function: | 5_2_02FC306F |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: | ||
Source: | Cryptographic APIs: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: | ||
Source: | High entropy of concatenated method names: |
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection1 | Masquerading2 | Input Capture11 | Security Software Discovery1 | Remote Services | Input Capture11 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Process Discovery1 | Remote Desktop Protocol | Archive Collected Data11 | Exfiltration Over Bluetooth | Remote Access Software1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Virtualization/Sandbox Evasion31 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Hidden Files and Directories1 | Cached Domain Credentials | System Information Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing12 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
80% | Virustotal | Browse | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | ||
100% | Joe Sandbox ML |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File | ||
100% | Avira | TR/Dropper.MSIL.Gen7 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
domingos-50227.portmap.io | unknown | unknown | true | unknown | |
clientconfig.passport.net | unknown | unknown | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 452192 |
Start date: | 21.07.2021 |
Start time: | 23:08:11 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | TRwrC.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@2/4@85/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
23:09:01 | API Interceptor | |
23:09:05 | Autostart |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\TRwrC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207360 |
Entropy (8bit): | 7.4462121180145955 |
Encrypted: | false |
SSDEEP: | 6144:wLV6Bta6dtJmakIM5EP5BqF9aK4qzdbmrcPSJ:wLV6BtpmkXBBq/aK4qzdgJ |
MD5: | EAA9755979D4EDEAC9C48FFB1F42551C |
SHA1: | 0BA5FC95F551F89648E0DDAE327E60FFA417712F |
SHA-256: | 6F6D5CFFC1E927811613347C2C10F9071434FEDDE5780114089981E494B573A7 |
SHA-512: | 37FC60D70C6E573EF2FF1CBDC984614E6ECECBEE34966FB11D21703B222A3D32D64F2D519B4617C2C33AB5AD81A60FCF65E8D39AB62C145A070657D94918BEDA |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\TRwrC.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 525 |
Entropy (8bit): | 5.2874233355119316 |
Encrypted: | false |
SSDEEP: | 12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T |
MD5: | 61CCF53571C9ABA6511D696CB0D32E45 |
SHA1: | A13A42A20EC14942F52DB20FB16A0A520F8183CE |
SHA-256: | 3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B |
SHA-512: | 90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\TRwrC.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:G8t:G8t |
MD5: | 17DF4C94B762C5452096EEE6EA66B7A2 |
SHA1: | B7A1FE5F514EBC025C887F1B6D5BA487571C4194 |
SHA-256: | D1188FFBAE4C49985758F21568E408700F8B7F43E769181C1477CA8C07571271 |
SHA-512: | 42704F70997DBF94EF892B010D03E517482237063B0188766F663181575AFA552B0B7C32BE2624A854A3E3344D089865D36A3EF3248D6E71DF8A0E7507DE768A |
Malicious: | true |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.4462121180145955 |
TrID: |
|
File name: | TRwrC.exe |
File size: | 207360 |
MD5: | eaa9755979d4edeac9c48ffb1f42551c |
SHA1: | 0ba5fc95f551f89648e0ddae327e60ffa417712f |
SHA256: | 6f6d5cffc1e927811613347c2c10f9071434fedde5780114089981e494b573a7 |
SHA512: | 37fc60d70c6e573ef2ff1cbdc984614e6ececbee34966fb11d21703b222a3d32d64f2d519b4617c2c33ab5ad81a60fcf65e8d39ab62c145a070657d94918beda |
SSDEEP: | 6144:wLV6Bta6dtJmakIM5EP5BqF9aK4qzdbmrcPSJ:wLV6BtpmkXBBq/aK4qzdgJ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....'.T.....................`........... ........@.. ..................................................................... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x41e792 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x54E927A1 [Sun Feb 22 00:49:37 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | v2.0.50727 |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
---|
Instruction |
---|
jmp dword ptr [00402000h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1e738 | 0x57 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x22000 | 0x15d98 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x20000 | 0xc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x2000 | 0x1c798 | 0x1c800 | False | 0.594503837719 | data | 6.59805919516 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.reloc | 0x20000 | 0xc | 0x200 | False | 0.044921875 | data | 0.101910425663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
.rsrc | 0x22000 | 0x15d98 | 0x15e00 | False | 0.999765625 | data | 7.99761824146 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_RCDATA | 0x22058 | 0x15d40 | TIM image, (47583,3509) |
Imports |
---|
DLL | Import |
---|---|
mscoree.dll | _CorExeMain |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 21, 2021 23:08:52.847302914 CEST | 49873 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:52.855791092 CEST | 53196 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:52.886224031 CEST | 53 | 53196 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:52.902782917 CEST | 53 | 49873 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:53.093976974 CEST | 56777 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:53.148514032 CEST | 53 | 56777 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:53.683872938 CEST | 58643 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:53.707981110 CEST | 53 | 58643 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:54.065855980 CEST | 60985 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:54.087191105 CEST | 53 | 60985 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:54.208895922 CEST | 50200 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:54.243390083 CEST | 53 | 50200 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:54.387362957 CEST | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:54.407809973 CEST | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:55.776803970 CEST | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:55.797533989 CEST | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:56.651081085 CEST | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:56.670444965 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:56.677609921 CEST | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:56.691862106 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:57.594063997 CEST | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:57.616206884 CEST | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:58.464626074 CEST | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:58.486408949 CEST | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:08:59.644980907 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:08:59.667809963 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:00.406368971 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:00.429897070 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:01.546796083 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:01.568749905 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:02.412148952 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:02.433403969 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:03.011032104 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:03.037568092 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:03.097588062 CEST | 60831 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:03.121460915 CEST | 53 | 60831 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:03.250005007 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:03.270798922 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:03.559530020 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:03.580380917 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:05.714845896 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:05.736140966 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:06.639785051 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:06.661683083 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:07.346379995 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:07.367633104 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:07.371016026 CEST | 51352 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:07.392586946 CEST | 53 | 51352 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:07.402482033 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:07.424400091 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:08.021852970 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:08.043077946 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:09.191437960 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:09.216686010 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:10.022411108 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:10.043226957 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:10.742333889 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:10.769736052 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:11.472805023 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:11.494216919 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:11.528441906 CEST | 53034 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:11.550044060 CEST | 53 | 53034 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:11.599323034 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:11.622447968 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:12.248806000 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:12.270991087 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:13.747412920 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:13.770509005 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:14.922339916 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:14.943660975 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:15.702580929 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:15.723352909 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:15.726527929 CEST | 56579 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:15.749783039 CEST | 53 | 56579 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:15.755559921 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:15.777122974 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:19.825299025 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:19.846515894 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:19.850053072 CEST | 63619 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:19.871386051 CEST | 53 | 63619 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:19.877332926 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:19.898648977 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:23.963464975 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:23.994505882 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:23.998766899 CEST | 64910 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:24.019367933 CEST | 53 | 64910 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:24.060472965 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:24.083601952 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:28.165015936 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:28.187236071 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:28.190262079 CEST | 56338 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:28.211791992 CEST | 53 | 56338 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:28.258061886 CEST | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:28.279025078 CEST | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:28.641820908 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:29.684156895 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:30.496121883 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:30.699744940 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:31.483283043 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:32.329732895 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:32.529369116 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:32.718816996 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:33.341167927 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:34.341768026 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:34.577634096 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:36.564687967 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:36.748841047 CEST | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:38.638210058 CEST | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:40.607577085 CEST | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:44.785906076 CEST | 55708 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:45.795742989 CEST | 55708 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:46.841794968 CEST | 55708 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:48.223098993 CEST | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:48.251316071 CEST | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:48.873285055 CEST | 55708 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:48.895234108 CEST | 53 | 55708 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:48.934243917 CEST | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:48.957051039 CEST | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:53.417315006 CEST | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:53.439857006 CEST | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:53.482561111 CEST | 58306 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:53.504436016 CEST | 53 | 58306 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:53.511677980 CEST | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:53.534105062 CEST | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:57.737369061 CEST | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:57.760548115 CEST | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:09:57.764597893 CEST | 63150 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:09:57.788250923 CEST | 53 | 63150 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:09:57.795141935 CEST | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:09:57.819818020 CEST | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:01.856786013 CEST | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:01.880403042 CEST | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:01.884063959 CEST | 53642 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:01.907223940 CEST | 53 | 53642 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:01.946635008 CEST | 55667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:01.968517065 CEST | 53 | 55667 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:06.039859056 CEST | 54833 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:06.060714006 CEST | 53 | 54833 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:06.091521978 CEST | 62476 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:06.111661911 CEST | 53 | 62476 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:06.130650997 CEST | 49705 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:06.155224085 CEST | 53 | 49705 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:10.255323887 CEST | 61477 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:10.276299953 CEST | 53 | 61477 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:10.283751011 CEST | 61633 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:10.306091070 CEST | 53 | 61633 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:10.318248987 CEST | 55949 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:10.339683056 CEST | 53 | 55949 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:14.377334118 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:15.391719103 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:16.423003912 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:16.908930063 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:17.953933954 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:18.428855896 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:18.957823038 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:21.001005888 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:22.443547964 CEST | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:25.048624992 CEST | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:26.612273932 CEST | 56253 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:27.654588938 CEST | 56253 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:28.764767885 CEST | 56253 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:30.994569063 CEST | 56253 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:35.037904024 CEST | 56253 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:35.066896915 CEST | 53 | 56253 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:35.256297112 CEST | 49667 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:35.285720110 CEST | 53 | 49667 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:39.367691040 CEST | 55439 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:39.393793106 CEST | 53 | 55439 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:39.399648905 CEST | 57069 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:39.424127102 CEST | 53 | 57069 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:39.491625071 CEST | 57659 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:39.517060041 CEST | 53 | 57659 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:43.567359924 CEST | 54717 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:43.593290091 CEST | 53 | 54717 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:43.597448111 CEST | 63975 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:43.623313904 CEST | 53 | 63975 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:43.663613081 CEST | 56639 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:43.688761950 CEST | 53 | 56639 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:47.740528107 CEST | 51856 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:47.767203093 CEST | 53 | 51856 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:47.771562099 CEST | 56546 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:47.799412012 CEST | 53 | 56546 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:47.808650017 CEST | 62152 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:47.833585024 CEST | 53 | 62152 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:51.890292883 CEST | 53470 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:51.921591997 CEST | 53 | 53470 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:51.961401939 CEST | 56446 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:51.991132021 CEST | 53 | 56446 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:51.999831915 CEST | 59631 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:52.025352955 CEST | 53 | 59631 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:56.074913979 CEST | 55515 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:56.101121902 CEST | 53 | 55515 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:10:56.105568886 CEST | 64547 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:10:56.131701946 CEST | 53 | 64547 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:10:56.140166044 CEST | 51759 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:10:56.173104048 CEST | 53 | 51759 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:00.387906075 CEST | 59207 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:00.412239075 CEST | 53 | 59207 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:00.415723085 CEST | 54269 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:11:00.441149950 CEST | 53 | 54269 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:11:00.449387074 CEST | 54856 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:00.476136923 CEST | 53 | 54856 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:04.524609089 CEST | 64140 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:04.550043106 CEST | 53 | 64140 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:04.587970972 CEST | 62271 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:11:04.612981081 CEST | 53 | 62271 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:11:04.622313976 CEST | 57404 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:04.648161888 CEST | 53 | 57404 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:07.106154919 CEST | 62997 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:07.153279066 CEST | 53 | 62997 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:07.803303003 CEST | 57712 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:07.856447935 CEST | 53 | 57712 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:08.679136992 CEST | 60065 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:08.704226017 CEST | 53 | 60065 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:08.705286980 CEST | 55068 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:11:08.731278896 CEST | 53 | 55068 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:11:08.734215975 CEST | 64700 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:08.759412050 CEST | 53 | 64700 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:12.772248030 CEST | 61998 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:12.802583933 CEST | 53 | 61998 | 8.8.8.8 | 192.168.2.3 |
Jul 21, 2021 23:11:12.803313971 CEST | 53724 | 53 | 192.168.2.3 | 8.8.4.4 |
Jul 21, 2021 23:11:12.833148956 CEST | 53 | 53724 | 8.8.4.4 | 192.168.2.3 |
Jul 21, 2021 23:11:12.838100910 CEST | 52328 | 53 | 192.168.2.3 | 8.8.8.8 |
Jul 21, 2021 23:11:12.866863966 CEST | 53 | 52328 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 21, 2021 23:08:53.093976974 CEST | 192.168.2.3 | 8.8.8.8 | 0xdfcf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:03.011032104 CEST | 192.168.2.3 | 8.8.8.8 | 0x69fa | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:03.097588062 CEST | 192.168.2.3 | 8.8.4.4 | 0x2425 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:03.250005007 CEST | 192.168.2.3 | 8.8.8.8 | 0x4c30 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.346379995 CEST | 192.168.2.3 | 8.8.8.8 | 0xc60b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.371016026 CEST | 192.168.2.3 | 8.8.4.4 | 0xbabe | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.402482033 CEST | 192.168.2.3 | 8.8.8.8 | 0xebb6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.472805023 CEST | 192.168.2.3 | 8.8.8.8 | 0xf314 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.528441906 CEST | 192.168.2.3 | 8.8.4.4 | 0x9d26 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.599323034 CEST | 192.168.2.3 | 8.8.8.8 | 0xb4ba | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.702580929 CEST | 192.168.2.3 | 8.8.8.8 | 0xb08a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.726527929 CEST | 192.168.2.3 | 8.8.4.4 | 0xbab | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.755559921 CEST | 192.168.2.3 | 8.8.8.8 | 0xb8c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.825299025 CEST | 192.168.2.3 | 8.8.8.8 | 0xa923 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.850053072 CEST | 192.168.2.3 | 8.8.4.4 | 0x4404 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.877332926 CEST | 192.168.2.3 | 8.8.8.8 | 0x7228 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:23.963464975 CEST | 192.168.2.3 | 8.8.8.8 | 0x800b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:23.998766899 CEST | 192.168.2.3 | 8.8.4.4 | 0x6e27 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:24.060472965 CEST | 192.168.2.3 | 8.8.8.8 | 0x3a10 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.165015936 CEST | 192.168.2.3 | 8.8.8.8 | 0x2761 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.190262079 CEST | 192.168.2.3 | 8.8.4.4 | 0x1371 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.258061886 CEST | 192.168.2.3 | 8.8.8.8 | 0x8b80 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:32.329732895 CEST | 192.168.2.3 | 8.8.8.8 | 0xf2fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:33.341167927 CEST | 192.168.2.3 | 8.8.8.8 | 0xf2fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:34.341768026 CEST | 192.168.2.3 | 8.8.8.8 | 0xf2fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:36.564687967 CEST | 192.168.2.3 | 8.8.8.8 | 0xf2fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:40.607577085 CEST | 192.168.2.3 | 8.8.8.8 | 0xf2fb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:44.785906076 CEST | 192.168.2.3 | 8.8.4.4 | 0x3910 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:45.795742989 CEST | 192.168.2.3 | 8.8.4.4 | 0x3910 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:46.841794968 CEST | 192.168.2.3 | 8.8.4.4 | 0x3910 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:48.873285055 CEST | 192.168.2.3 | 8.8.4.4 | 0x3910 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:48.934243917 CEST | 192.168.2.3 | 8.8.8.8 | 0x5a51 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.417315006 CEST | 192.168.2.3 | 8.8.8.8 | 0xe61d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.482561111 CEST | 192.168.2.3 | 8.8.4.4 | 0x4528 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.511677980 CEST | 192.168.2.3 | 8.8.8.8 | 0xc8de | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.737369061 CEST | 192.168.2.3 | 8.8.8.8 | 0x5b01 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.764597893 CEST | 192.168.2.3 | 8.8.4.4 | 0x19e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.795141935 CEST | 192.168.2.3 | 8.8.8.8 | 0x7942 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.856786013 CEST | 192.168.2.3 | 8.8.8.8 | 0x1491 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.884063959 CEST | 192.168.2.3 | 8.8.4.4 | 0xabf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.946635008 CEST | 192.168.2.3 | 8.8.8.8 | 0x3e8c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.039859056 CEST | 192.168.2.3 | 8.8.8.8 | 0x7f38 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.091521978 CEST | 192.168.2.3 | 8.8.4.4 | 0x6e91 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.130650997 CEST | 192.168.2.3 | 8.8.8.8 | 0x5c91 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.255323887 CEST | 192.168.2.3 | 8.8.8.8 | 0x5bfc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.283751011 CEST | 192.168.2.3 | 8.8.4.4 | 0x6edd | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.318248987 CEST | 192.168.2.3 | 8.8.8.8 | 0x7e4f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:14.377334118 CEST | 192.168.2.3 | 8.8.8.8 | 0xe54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:15.391719103 CEST | 192.168.2.3 | 8.8.8.8 | 0xe54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:16.423003912 CEST | 192.168.2.3 | 8.8.8.8 | 0xe54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:18.428855896 CEST | 192.168.2.3 | 8.8.8.8 | 0xe54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:22.443547964 CEST | 192.168.2.3 | 8.8.8.8 | 0xe54 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:26.612273932 CEST | 192.168.2.3 | 8.8.4.4 | 0x1112 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:27.654588938 CEST | 192.168.2.3 | 8.8.4.4 | 0x1112 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:28.764767885 CEST | 192.168.2.3 | 8.8.4.4 | 0x1112 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:30.994569063 CEST | 192.168.2.3 | 8.8.4.4 | 0x1112 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:35.037904024 CEST | 192.168.2.3 | 8.8.4.4 | 0x1112 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:35.256297112 CEST | 192.168.2.3 | 8.8.8.8 | 0x7713 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.367691040 CEST | 192.168.2.3 | 8.8.8.8 | 0x1ea7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.399648905 CEST | 192.168.2.3 | 8.8.4.4 | 0x108c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.491625071 CEST | 192.168.2.3 | 8.8.8.8 | 0xec2f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.567359924 CEST | 192.168.2.3 | 8.8.8.8 | 0x10c3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.597448111 CEST | 192.168.2.3 | 8.8.4.4 | 0x8a08 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.663613081 CEST | 192.168.2.3 | 8.8.8.8 | 0x3f28 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.740528107 CEST | 192.168.2.3 | 8.8.8.8 | 0xbb44 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.771562099 CEST | 192.168.2.3 | 8.8.4.4 | 0x36de | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.808650017 CEST | 192.168.2.3 | 8.8.8.8 | 0x4651 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:51.890292883 CEST | 192.168.2.3 | 8.8.8.8 | 0x1e9c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:51.961401939 CEST | 192.168.2.3 | 8.8.4.4 | 0x2ee5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:51.999831915 CEST | 192.168.2.3 | 8.8.8.8 | 0xf023 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.074913979 CEST | 192.168.2.3 | 8.8.8.8 | 0x8915 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.105568886 CEST | 192.168.2.3 | 8.8.4.4 | 0xa297 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.140166044 CEST | 192.168.2.3 | 8.8.8.8 | 0x1bbf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.387906075 CEST | 192.168.2.3 | 8.8.8.8 | 0x7fb6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.415723085 CEST | 192.168.2.3 | 8.8.4.4 | 0xdbfb | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.449387074 CEST | 192.168.2.3 | 8.8.8.8 | 0x52c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.524609089 CEST | 192.168.2.3 | 8.8.8.8 | 0xda29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.587970972 CEST | 192.168.2.3 | 8.8.4.4 | 0xf82d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.622313976 CEST | 192.168.2.3 | 8.8.8.8 | 0xc664 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.679136992 CEST | 192.168.2.3 | 8.8.8.8 | 0xfa5d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.705286980 CEST | 192.168.2.3 | 8.8.4.4 | 0x4447 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.734215975 CEST | 192.168.2.3 | 8.8.8.8 | 0xb0e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.772248030 CEST | 192.168.2.3 | 8.8.8.8 | 0x41ac | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.803313971 CEST | 192.168.2.3 | 8.8.4.4 | 0xb4e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.838100910 CEST | 192.168.2.3 | 8.8.8.8 | 0x8f5e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 21, 2021 23:08:52.902782917 CEST | 8.8.8.8 | 192.168.2.3 | 0x9cb | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 21, 2021 23:08:53.148514032 CEST | 8.8.8.8 | 192.168.2.3 | 0xdfcf | No error (0) | authgfx.msa.akadns6.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 21, 2021 23:09:03.037568092 CEST | 8.8.8.8 | 192.168.2.3 | 0x69fa | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:03.121460915 CEST | 8.8.4.4 | 192.168.2.3 | 0x2425 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:03.270798922 CEST | 8.8.8.8 | 192.168.2.3 | 0x4c30 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.367633104 CEST | 8.8.8.8 | 192.168.2.3 | 0xc60b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.392586946 CEST | 8.8.4.4 | 192.168.2.3 | 0xbabe | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:07.424400091 CEST | 8.8.8.8 | 192.168.2.3 | 0xebb6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.494216919 CEST | 8.8.8.8 | 192.168.2.3 | 0xf314 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.550044060 CEST | 8.8.4.4 | 192.168.2.3 | 0x9d26 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:11.622447968 CEST | 8.8.8.8 | 192.168.2.3 | 0xb4ba | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.723352909 CEST | 8.8.8.8 | 192.168.2.3 | 0xb08a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.749783039 CEST | 8.8.4.4 | 192.168.2.3 | 0xbab | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:15.777122974 CEST | 8.8.8.8 | 192.168.2.3 | 0xb8c1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.846515894 CEST | 8.8.8.8 | 192.168.2.3 | 0xa923 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.871386051 CEST | 8.8.4.4 | 192.168.2.3 | 0x4404 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:19.898648977 CEST | 8.8.8.8 | 192.168.2.3 | 0x7228 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:23.994505882 CEST | 8.8.8.8 | 192.168.2.3 | 0x800b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:24.019367933 CEST | 8.8.4.4 | 192.168.2.3 | 0x6e27 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:24.083601952 CEST | 8.8.8.8 | 192.168.2.3 | 0x3a10 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.187236071 CEST | 8.8.8.8 | 192.168.2.3 | 0x2761 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.211791992 CEST | 8.8.4.4 | 192.168.2.3 | 0x1371 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:28.279025078 CEST | 8.8.8.8 | 192.168.2.3 | 0x8b80 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:48.895234108 CEST | 8.8.4.4 | 192.168.2.3 | 0x3910 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:48.957051039 CEST | 8.8.8.8 | 192.168.2.3 | 0x5a51 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.439857006 CEST | 8.8.8.8 | 192.168.2.3 | 0xe61d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.504436016 CEST | 8.8.4.4 | 192.168.2.3 | 0x4528 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:53.534105062 CEST | 8.8.8.8 | 192.168.2.3 | 0xc8de | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.760548115 CEST | 8.8.8.8 | 192.168.2.3 | 0x5b01 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.788250923 CEST | 8.8.4.4 | 192.168.2.3 | 0x19e5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:09:57.819818020 CEST | 8.8.8.8 | 192.168.2.3 | 0x7942 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.880403042 CEST | 8.8.8.8 | 192.168.2.3 | 0x1491 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.907223940 CEST | 8.8.4.4 | 192.168.2.3 | 0xabf | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:01.968517065 CEST | 8.8.8.8 | 192.168.2.3 | 0x3e8c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.060714006 CEST | 8.8.8.8 | 192.168.2.3 | 0x7f38 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.111661911 CEST | 8.8.4.4 | 192.168.2.3 | 0x6e91 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:06.155224085 CEST | 8.8.8.8 | 192.168.2.3 | 0x5c91 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.276299953 CEST | 8.8.8.8 | 192.168.2.3 | 0x5bfc | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.306091070 CEST | 8.8.4.4 | 192.168.2.3 | 0x6edd | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:10.339683056 CEST | 8.8.8.8 | 192.168.2.3 | 0x7e4f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:35.066896915 CEST | 8.8.4.4 | 192.168.2.3 | 0x1112 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:35.285720110 CEST | 8.8.8.8 | 192.168.2.3 | 0x7713 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.393793106 CEST | 8.8.8.8 | 192.168.2.3 | 0x1ea7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.424127102 CEST | 8.8.4.4 | 192.168.2.3 | 0x108c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:39.517060041 CEST | 8.8.8.8 | 192.168.2.3 | 0xec2f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.593290091 CEST | 8.8.8.8 | 192.168.2.3 | 0x10c3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.623313904 CEST | 8.8.4.4 | 192.168.2.3 | 0x8a08 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:43.688761950 CEST | 8.8.8.8 | 192.168.2.3 | 0x3f28 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.767203093 CEST | 8.8.8.8 | 192.168.2.3 | 0xbb44 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.799412012 CEST | 8.8.4.4 | 192.168.2.3 | 0x36de | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:47.833585024 CEST | 8.8.8.8 | 192.168.2.3 | 0x4651 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:51.921591997 CEST | 8.8.8.8 | 192.168.2.3 | 0x1e9c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:51.991132021 CEST | 8.8.4.4 | 192.168.2.3 | 0x2ee5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:52.025352955 CEST | 8.8.8.8 | 192.168.2.3 | 0xf023 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.101121902 CEST | 8.8.8.8 | 192.168.2.3 | 0x8915 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.131701946 CEST | 8.8.4.4 | 192.168.2.3 | 0xa297 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:10:56.173104048 CEST | 8.8.8.8 | 192.168.2.3 | 0x1bbf | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.412239075 CEST | 8.8.8.8 | 192.168.2.3 | 0x7fb6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.441149950 CEST | 8.8.4.4 | 192.168.2.3 | 0xdbfb | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:00.476136923 CEST | 8.8.8.8 | 192.168.2.3 | 0x52c7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.550043106 CEST | 8.8.8.8 | 192.168.2.3 | 0xda29 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.612981081 CEST | 8.8.4.4 | 192.168.2.3 | 0xf82d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:04.648161888 CEST | 8.8.8.8 | 192.168.2.3 | 0xc664 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.704226017 CEST | 8.8.8.8 | 192.168.2.3 | 0xfa5d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.731278896 CEST | 8.8.4.4 | 192.168.2.3 | 0x4447 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:08.759412050 CEST | 8.8.8.8 | 192.168.2.3 | 0xb0e8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.802583933 CEST | 8.8.8.8 | 192.168.2.3 | 0x41ac | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.833148956 CEST | 8.8.4.4 | 192.168.2.3 | 0xb4e5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 21, 2021 23:11:12.866863966 CEST | 8.8.8.8 | 192.168.2.3 | 0x8f5e | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 23:09:00 |
Start date: | 21/07/2021 |
Path: | C:\Users\user\Desktop\TRwrC.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x460000 |
File size: | 207360 bytes |
MD5 hash: | EAA9755979D4EDEAC9C48FFB1F42551C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 23:09:13 |
Start date: | 21/07/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd20000 |
File size: | 207360 bytes |
MD5 hash: | EAA9755979D4EDEAC9C48FFB1F42551C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Antivirus matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 02FC3850, Relevance: 2.0, Strings: 1, Instructions: 759COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC23A0, Relevance: .5, Instructions: 505COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2FA8, Relevance: .2, Instructions: 239COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC09A5, Relevance: 5.2, Strings: 4, Instructions: 174COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC02E8, Relevance: 2.7, Strings: 2, Instructions: 223COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2D58, Relevance: 2.6, Strings: 2, Instructions: 134COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC12A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142AF50, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0142BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC1458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC1291, Relevance: 1.4, Strings: 1, Instructions: 101COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC21F8, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0681, Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0BC0, Relevance: .1, Instructions: 133COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2BF8, Relevance: .1, Instructions: 132COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC02D9, Relevance: .1, Instructions: 105COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC20D0, Relevance: .1, Instructions: 100COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0006, Relevance: .1, Instructions: 94COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC21E8, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC25DE, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC4190, Relevance: .1, Instructions: 69COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC4180, Relevance: .1, Instructions: 65COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0308087C, Relevance: .1, Instructions: 59COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0308084C, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2390, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03080820, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC11DF, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC05B9, Relevance: .1, Instructions: 51COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC1209, Relevance: .0, Instructions: 48COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030805CF, Relevance: .0, Instructions: 46COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC05C8, Relevance: .0, Instructions: 45COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC1218, Relevance: .0, Instructions: 42COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030805A0, Relevance: .0, Instructions: 34COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0918, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0908, Relevance: .0, Instructions: 33COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 03080938, Relevance: .0, Instructions: 31COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 030805F6, Relevance: .0, Instructions: 27COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC02A1, Relevance: .0, Instructions: 19COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC016F, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0650, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2D20, Relevance: .0, Instructions: 18COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014223F4, Relevance: .0, Instructions: 15COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 014223BC, Relevance: .0, Instructions: 14COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0180, Relevance: .0, Instructions: 12COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0660, Relevance: .0, Instructions: 10COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC2EC0, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00D2524A, Relevance: .6, Instructions: 585COMMON
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC306F, Relevance: .2, Instructions: 179COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02FC0D93, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |