Windows Analysis Report ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Remcos |
---|
{"Version": "3.1.5 Pro", "Host:Port:Password": "ongod4ever.ddns.net:5652:0", "Assigned name": "ABLE GOD", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Disable", "Install path": "AppData", "Copy file": "remcos.exe", "Startup value": "Remcos", "Hide file": "Disable", "Mutex": "Remcos-8VTGWT", "Keylog flag": "0", "Keylog path": "AppData", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "notepad;solitaire;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio path": "AppData", "Audio folder": "MicRecords", "Connect delay": "0", "Copy folder": "Remcos", "Keylog folder": "remcos", "Keylog file max size": "20000"}
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Methodology_Contains_Shortcut_OtherURIhandlers | Detects possible shortcut usage for .URL persistence | @itsreallynick (Nick Carr) |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
Click to see the 10 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
REMCOS_RAT_variants | unknown | unknown |
| |
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
Click to see the 19 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Code function: | 5_2_004170AC | |
Source: | Code function: | 5_2_00406176 | |
Source: | Code function: | 22_2_004170AC | |
Source: | Code function: | 22_2_00406176 | |
Source: | Code function: | 22_2_0040A3AF | |
Source: | Code function: | 22_2_0040A5CA | |
Source: | Code function: | 22_2_004456A9 | |
Source: | Code function: | 22_2_004077EE |
Source: | Code function: | 22_2_00406930 |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 22_2_0041242F |
Source: | Code function: | 22_2_004126A5 |
Source: | Code function: | 22_2_004089BC |
Source: | Code function: | 22_2_004126A5 |
E-Banking Fraud: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 22_2_00412598 |
Source: | Code function: | 5_2_0042E02D | |
Source: | Code function: | 5_2_004330D1 | |
Source: | Code function: | 5_2_0043424F | |
Source: | Code function: | 5_2_0042220F | |
Source: | Code function: | 5_2_0041A3F8 | |
Source: | Code function: | 22_2_0042E02D | |
Source: | Code function: | 22_2_004330D1 | |
Source: | Code function: | 22_2_0043424F | |
Source: | Code function: | 22_2_0042220F | |
Source: | Code function: | 22_2_0041A3F8 | |
Source: | Code function: | 22_2_004304DB | |
Source: | Code function: | 22_2_0044C56A | |
Source: | Code function: | 22_2_004335CD | |
Source: | Code function: | 22_2_0043E6E0 | |
Source: | Code function: | 22_2_0044A725 | |
Source: | Code function: | 22_2_004378EC | |
Source: | Code function: | 22_2_004228AD | |
Source: | Code function: | 22_2_004339E5 | |
Source: | Code function: | 22_2_004229F0 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 5_2_004132F7 | |
Source: | Code function: | 22_2_004132F7 |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 5_2_0040D1AD |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Code function: | 22_2_0040D41E |
Source: | Process created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | Code function: | 22_2_0045843E | |
Source: | Code function: | 22_2_0042F4B9 | |
Source: | Code function: | 22_2_00450936 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 5_2_0040D072 |
Source: | Static PE information: |
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Icon mismatch, binary includes an icon from a different legit application in order to fool users | Show sources |
Source: | Icon embedded in binary file: |
Source: | Code function: | 5_2_0040D072 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Delayed program exit found | Show sources |
Source: | Code function: | 5_2_0040D455 | |
Source: | Code function: | 22_2_0040D455 |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 5_2_004170AC | |
Source: | Code function: | 5_2_00406176 | |
Source: | Code function: | 22_2_004170AC | |
Source: | Code function: | 22_2_00406176 | |
Source: | Code function: | 22_2_0040A3AF | |
Source: | Code function: | 22_2_0040A5CA | |
Source: | Code function: | 22_2_004456A9 | |
Source: | Code function: | 22_2_004077EE |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 22_2_00406930 |
Source: | Code function: | 5_2_0042F07F |
Source: | Code function: | 5_2_0040D072 |
Source: | Code function: | 22_2_0044697D |
Source: | Code function: | 22_2_0043B789 |
Source: | Code function: | 5_2_0042F1CD | |
Source: | Code function: | 5_2_0042F07F | |
Source: | Code function: | 5_2_004360A3 | |
Source: | Code function: | 22_2_0042F1CD | |
Source: | Code function: | 22_2_0042F07F | |
Source: | Code function: | 22_2_004360A3 | |
Source: | Code function: | 22_2_0042F62C |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Creates a thread in another existing process (thread injection) | Show sources |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Code function: | 22_2_0040F4B7 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 22_2_00414923 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 5_2_00441069 | |
Source: | Code function: | 5_2_00449143 | |
Source: | Code function: | 5_2_0044926C | |
Source: | Code function: | 5_2_00449373 | |
Source: | Code function: | 22_2_00441069 | |
Source: | Code function: | 22_2_00449143 | |
Source: | Code function: | 22_2_0044926C | |
Source: | Code function: | 22_2_00449373 | |
Source: | Code function: | 22_2_00449440 | |
Source: | Code function: | 22_2_0040D585 |
Source: | Code function: | 5_2_0042F2AB |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 5_2_004410D3 |
Source: | Code function: | 22_2_0044190C |
Source: | Code function: | 5_2_004166F6 |
Stealing of Sensitive Information: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Contains functionality to steal Firefox passwords or cookies | Show sources |
Source: | Code function: | 22_2_0040A3AF | |
Source: | Code function: | 22_2_0040A3AF |
Contains functionality to steal Chrome passwords or cookies | Show sources |
Source: | Code function: | 5_2_0040A291 | |
Source: | Code function: | 22_2_0040A291 |
Remote Access Functionality: |
---|
Yara detected Remcos RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Detected Remcos RAT | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 22_2_0040559D |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Application Shimming1 | Application Shimming1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping1 | System Time Discovery2 | Remote Services | Archive Collected Data11 | Exfiltration Over Other Network Medium | Ingress Tool Transfer1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | System Shutdown/Reboot1 |
Default Accounts | Native API1 | Registry Run Keys / Startup Folder1 | Access Token Manipulation1 | Scripting1 | Input Capture11 | Account Discovery1 | Remote Desktop Protocol | Input Capture11 | Exfiltration Over Bluetooth | Encrypted Channel1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | Command and Scripting Interpreter1 | Logon Script (Windows) | Process Injection322 | Obfuscated Files or Information2 | Credentials In Files2 | File and Directory Discovery2 | SMB/Windows Admin Shares | Clipboard Data2 | Automated Exfiltration | Non-Standard Port1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Registry Run Keys / Startup Folder1 | Masquerading11 | NTDS | System Information Discovery33 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Remote Access Software1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Modify Registry1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Non-Application Layer Protocol1 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Virtualization/Sandbox Evasion21 | Cached Domain Credentials | Security Software Discovery12 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Application Layer Protocol21 | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Access Token Manipulation1 | DCSync | Virtualization/Sandbox Evasion21 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Process Injection322 | Proc Filesystem | Process Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | Remote System Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
26% | Virustotal | Browse | ||
24% | ReversingLabs | Win32.Backdoor.Remcos |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | ReversingLabs | Win32.Backdoor.Remcos |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1141389 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1141389 | Download File | ||
100% | Avira | HEUR/AGEN.1141389 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
ongod4ever.ddns.net | 185.140.53.15 | true | false | high | |
onedrive.live.com | unknown | unknown | false | high | |
bl30uw.sn.files.1drv.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 491719 |
Start date: | 27.09.2021 |
Start time: | 20:38:59 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 28 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@23/10@49/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
20:39:58 | API Interceptor | |
20:40:22 | Autostart | |
20:40:30 | Autostart | |
20:40:34 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 155 |
Entropy (8bit): | 4.687076340713226 |
Encrypted: | false |
SSDEEP: | 3:LjT5LJJFIf9oM3KN6QNb3DM9bWQqA5SkrF2VCceGAFddGeWLCXlRA3+OR:rz81R3KnMMQ75ieGgdEYlRA/R |
MD5: | 213C60ADF1C9EF88DC3C9B2D579959D2 |
SHA1: | E4D2AD7B22B1A8B5B1F7A702B303C7364B0EE021 |
SHA-256: | 37C59C8398279916CFCE45F8C5E3431058248F5E3BEF4D9F5C0F44A7D564F82E |
SHA-512: | FE897D9CAA306B0E761B2FD61BB5DC32A53BFAAD1CE767C6860AF4E3AD59C8F3257228A6E1072DAB0F990CB51C59C648084BA419AC6BC5C0A99BDFFA569217B7 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1009152 |
Entropy (8bit): | 6.9988393829759294 |
Encrypted: | false |
SSDEEP: | 24576:L5A8SqIkJpbDpQc6ScVHdPaHxA7VhLRYF:Lr5ZoHdPaRyzKF |
MD5: | 3808D4A11CBEE20896CCA28F9A3BCB9B |
SHA1: | B3A533D6E00ACE2EC0612C9AF66C6DD69C5180B3 |
SHA-256: | 53C2E53D33F80E88B16CCE06621F99680E0E5F387315CB81AF97CEE58080165A |
SHA-512: | 980425EFD3D01A3C5ADBBD3873D819AF60C1E62A9B32149B01F1C1E6DE338D068B53C18AD4645C66E8C13DB8F21440F2E0C01B27E3B1E4AF55D19474EC83A5FD |
Malicious: | true |
Antivirus: |
|
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 96 |
Entropy (8bit): | 4.740775825389126 |
Encrypted: | false |
SSDEEP: | 3:HRAbABGQYmTWAX+rSF55i0XMfiyGAywSsGKd6ov:HRYFVmTWDyzFlsbDv |
MD5: | 5E9FED8C24BB01153751DF696536E82A |
SHA1: | D23E4B05254E62153D6F0158F4F869AB00C5DF15 |
SHA-256: | 08BC6F401999D30F1EB81AD3C9CB0EB01063CF858C9818F238ED233833947AE8 |
SHA-512: | 4920341592295B38653FD6DD227F99625A1E62C3E1E9CE014F506C724319528A6E45829C21B62A5674FF47BB3BD1B62FD2DB9A24583208DC7659E4B88A8BB7FD |
Malicious: | false |
Yara Hits: |
|
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34 |
Entropy (8bit): | 4.314972767530033 |
Encrypted: | false |
SSDEEP: | 3:LjTnaHF5wlM:rnaHSM |
MD5: | 4068C9F69FCD8A171C67F81D4A952A54 |
SHA1: | 4D2536A8C28CDCC17465E20D6693FB9E8E713B36 |
SHA-256: | 24222300C78180B50ED1F8361BA63CB27316EC994C1C9079708A51B4A1A9D810 |
SHA-512: | A64F9319ACC51FFFD0491C74DCD9C9084C2783B82F95727E4BFE387A8528C6DCF68F11418E88F1E133D115DAF907549C86DD7AD866B2A7938ADD5225FBB2811D |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 250 |
Entropy (8bit): | 4.865356627324657 |
Encrypted: | false |
SSDEEP: | 6:rgnMXd1CQnMXd1COm8hnaHNHIXUnMXd1CoD9c1uOw1H1gOvOBAn:rgamIHIXUaXe1uOeVqy |
MD5: | EAF8D967454C3BBDDBF2E05A421411F8 |
SHA1: | 6170880409B24DE75C2DC3D56A506FBFF7F6622C |
SHA-256: | F35F2658455A2E40F151549A7D6465A836C33FA9109E67623916F889849EAC56 |
SHA-512: | FE5BE5C673E99F70C93019D01ABB0A29DD2ECF25B2D895190FF551F020C28E7D8F99F65007F440F0F76C5BCAC343B2A179A94D190C938EA3B9E1197890A412E9 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9 |
Entropy (8bit): | 3.169925001442312 |
Encrypted: | false |
SSDEEP: | 3:1xn:Hn |
MD5: | 4D2B6925406544EEF7111380E2243791 |
SHA1: | A32A8FA6F2E46D8E86FA92BEA3B8D45EB168BD04 |
SHA-256: | 09A841DC20255A929B3CCFA47B08B8E47ADD965FF3070E8DAB1DBD050D73E97F |
SHA-512: | EFDD6C90C7EAA5D05FDD079A61B969837B350CB20AECC7CF24533636956A939B8A289B2C3BB4A7AC21BBACF818E394A13D8661427EACFC0F21C46D5855DFFEDF |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53 |
Entropy (8bit): | 4.263285494083192 |
Encrypted: | false |
SSDEEP: | 3:LjT9fnMXdemzCK0vn:rZnMXd1CV |
MD5: | 8ADA51400B7915DE2124BAAF75E3414C |
SHA1: | 1A7B9DB12184AB7FD7FCE1C383F9670A00ADB081 |
SHA-256: | 45AA3957C29865260A78F03EEF18AE9AEBDBF7BEA751ECC88BE4A799F2BB46C7 |
SHA-512: | 9AFC138157A4565294CA49942579CDB6F5D8084E56F9354738DE62B585F4C0FA3E7F2CBC9541827F2084E3FF36C46EED29B46F5DD2444062FFCD05C599992E68 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\Public\Libraries\Iqzenco\Iqzenco.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 873984 |
Entropy (8bit): | 7.9969159829391385 |
Encrypted: | true |
SSDEEP: | 24576:WkRi6BScPafSfJKPyZ/Sba3koow5ba33m6YwEcds:WobBLafgJKPyZ/MpoaW6YP |
MD5: | 6CFF8FAF4A45291638E775B0EB1DF24D |
SHA1: | 472E6F7B86A62F191AD8A231CE58F356A046A2F7 |
SHA-256: | 195306105A3F635EA75E8D8E02987BB106B62C75AA1A6F4914A287E8DB424631 |
SHA-512: | F23B002AC8D7060D065B7DAFA6AD39C07ED5AD5CE20394B88CCB65B7EBD74EA31EBC4710F853FF6DAA2926CC747AF797FBE3E8E01A79DDDD169E7AB9E9978308 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 873984 |
Entropy (8bit): | 7.9969159829391385 |
Encrypted: | true |
SSDEEP: | 24576:WkRi6BScPafSfJKPyZ/Sba3koow5ba33m6YwEcds:WobBLafgJKPyZ/MpoaW6YP |
MD5: | 6CFF8FAF4A45291638E775B0EB1DF24D |
SHA1: | 472E6F7B86A62F191AD8A231CE58F356A046A2F7 |
SHA-256: | 195306105A3F635EA75E8D8E02987BB106B62C75AA1A6F4914A287E8DB424631 |
SHA-512: | F23B002AC8D7060D065B7DAFA6AD39C07ED5AD5CE20394B88CCB65B7EBD74EA31EBC4710F853FF6DAA2926CC747AF797FBE3E8E01A79DDDD169E7AB9E9978308 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Process: | C:\Users\Public\Libraries\Iqzenco\Iqzenco.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 873984 |
Entropy (8bit): | 7.9969159829391385 |
Encrypted: | true |
SSDEEP: | 24576:WkRi6BScPafSfJKPyZ/Sba3koow5ba33m6YwEcds:WobBLafgJKPyZ/MpoaW6YP |
MD5: | 6CFF8FAF4A45291638E775B0EB1DF24D |
SHA1: | 472E6F7B86A62F191AD8A231CE58F356A046A2F7 |
SHA-256: | 195306105A3F635EA75E8D8E02987BB106B62C75AA1A6F4914A287E8DB424631 |
SHA-512: | F23B002AC8D7060D065B7DAFA6AD39C07ED5AD5CE20394B88CCB65B7EBD74EA31EBC4710F853FF6DAA2926CC747AF797FBE3E8E01A79DDDD169E7AB9E9978308 |
Malicious: | false |
Reputation: | unknown |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.9988393829759294 |
TrID: |
|
File name: | ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
File size: | 1009152 |
MD5: | 3808d4a11cbee20896cca28f9a3bcb9b |
SHA1: | b3a533d6e00ace2ec0612c9af66c6dd69c5180b3 |
SHA256: | 53c2e53d33f80e88b16cce06621f99680e0e5f387315cb81af97cee58080165a |
SHA512: | 980425efd3d01a3c5adbbd3873d819af60c1e62a9b32149b01f1c1e6de338d068b53c18ad4645c66e8c13db8f21440f2e0c01b27e3b1e4af55d19474ec83a5fd |
SSDEEP: | 24576:L5A8SqIkJpbDpQc6ScVHdPaHxA7VhLRYF:Lr5ZoHdPaRyzKF |
File Content Preview: | MZ......................@...............................................!..L.!..This program must be run under Win32..$7....................................................................................................................................... |
File Icon |
---|
Icon Hash: | d2e6c45663c86871 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x477a08 |
Entrypoint Section: | ...... |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI |
DLL Characteristics: | |
Time Stamp: | 0x2A2E5E19 [Thu Jun 4 18:16:57 1992 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 7485e319df85e87afca01bdc77d12961 |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
add esp, FFFFFFF0h |
mov eax, 00476B38h |
call 00007F8F78AFEEADh |
mov eax, dword ptr [0047A460h] |
mov eax, dword ptr [eax] |
call 00007F8F78B53339h |
mov ecx, dword ptr [0047A270h] |
mov eax, dword ptr [0047A460h] |
mov eax, dword ptr [eax] |
mov edx, dword ptr [0047656Ch] |
call 00007F8F78B53339h |
mov eax, dword ptr [0047A460h] |
mov eax, dword ptr [eax] |
call 00007F8F78B533ADh |
call 00007F8F78AFCD1Ch |
lea eax, dword ptr [eax+00h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7f000 | 0x28e6 | ...... |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8c000 | 0x72fc2 | ..... |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x84000 | 0x7230 | ...... |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x83018 | 0x18 | ...... |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x83000 | 0x18 | ...... |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7f7ac | 0x658 | ...... |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
..... | 0x1000 | 0x75dc0 | 0x75e00 | False | 0.529974151644 | data | 6.5690645697 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
...... | 0x77000 | 0xa50 | 0xc00 | False | 0.535807291667 | data | 5.68654279388 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
..... | 0x78000 | 0x2604 | 0x2800 | False | 0.41875 | data | 4.27539272227 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.... | 0x7b000 | 0x38d8 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
...... | 0x7f000 | 0x28e6 | 0x2a00 | False | 0.317057291667 | data | 5.12299679952 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.... | 0x82000 | 0x34 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
...... | 0x83000 | 0x30 | 0x200 | False | 0.1015625 | data | 0.606751191078 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
...... | 0x84000 | 0x7230 | 0x7400 | False | 0.623013200431 | data | 6.65937740819 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
..... | 0x8c000 | 0x72fc2 | 0x73000 | False | 0.558258322011 | data | 6.93563526848 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
TMAP | 0x8caf4 | 0x197eb | ASCII text, with very long lines, with CRLF line terminators | English | United States |
RT_CURSOR | 0xa62e0 | 0x134 | data | English | United States |
RT_CURSOR | 0xa6414 | 0x134 | data | English | United States |
RT_CURSOR | 0xa6548 | 0x134 | data | English | United States |
RT_CURSOR | 0xa667c | 0x134 | data | English | United States |
RT_CURSOR | 0xa67b0 | 0x134 | data | English | United States |
RT_CURSOR | 0xa68e4 | 0x134 | data | English | United States |
RT_CURSOR | 0xa6a18 | 0x134 | data | English | United States |
RT_BITMAP | 0xa6b4c | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa6d1c | 0x1e4 | data | English | United States |
RT_BITMAP | 0xa6f00 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa70d0 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa72a0 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa7470 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa7640 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa7810 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa79e0 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa7bb0 | 0x1d0 | data | English | United States |
RT_BITMAP | 0xa7d80 | 0x506e0 | data | English | United States |
RT_BITMAP | 0xf8460 | 0xe8 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf8548 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf89b0 | 0x988 | data | English | United States |
RT_ICON | 0xf9338 | 0x10a8 | data | English | United States |
RT_ICON | 0xfa3e0 | 0x25a8 | data | English | United States |
RT_DIALOG | 0xfc988 | 0x52 | data | ||
RT_DIALOG | 0xfc9dc | 0x52 | data | ||
RT_STRING | 0xfca30 | 0x148 | data | ||
RT_STRING | 0xfcb78 | 0x390 | data | ||
RT_STRING | 0xfcf08 | 0x1a4 | data | ||
RT_STRING | 0xfd0ac | 0xc8 | data | ||
RT_STRING | 0xfd174 | 0x118 | data | ||
RT_STRING | 0xfd28c | 0x39c | data | ||
RT_STRING | 0xfd628 | 0x390 | data | ||
RT_STRING | 0xfd9b8 | 0x370 | data | ||
RT_STRING | 0xfdd28 | 0x3cc | data | ||
RT_STRING | 0xfe0f4 | 0x214 | data | ||
RT_STRING | 0xfe308 | 0xcc | data | ||
RT_STRING | 0xfe3d4 | 0x194 | data | ||
RT_STRING | 0xfe568 | 0x3c4 | data | ||
RT_STRING | 0xfe92c | 0x338 | data | ||
RT_STRING | 0xfec64 | 0x294 | data | ||
RT_GROUP_CURSOR | 0xfeef8 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef0c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef20 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef34 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef48 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef5c | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_CURSOR | 0xfef70 | 0x14 | Lotus unknown worksheet or configuration, revision 0x1 | English | United States |
RT_GROUP_ICON | 0xfef84 | 0x3e | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
oleaut32.dll | SysFreeString, SysReAllocStringLen, SysAllocStringLen |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegCloseKey |
user32.dll | GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA |
kernel32.dll | GetACP, Sleep, VirtualFree, VirtualAlloc, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, CompareStringA, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle |
kernel32.dll | TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA |
user32.dll | CreateWindowExA, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageW, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageW, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameA, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout |
gdi32.dll | UnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionA, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateEnhMetaFileA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CloseEnhMetaFile, BitBlt |
version.dll | VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA |
kernel32.dll | lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualProtect, VirtualAlloc, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetUserDefaultLCID, GetTickCount, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle |
advapi32.dll | RegQueryValueExA, RegOpenKeyExA, RegFlushKey, RegCloseKey |
oleaut32.dll | GetErrorInfo, SysFreeString |
ole32.dll | CreateStreamOnHGlobal, IsAccelerator, OleDraw, OleSetMenuDescriptor, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID |
kernel32.dll | Sleep |
oleaut32.dll | SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit |
comctl32.dll | _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create |
URL | InetIsOffline |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
09/27/21-20:40:26.090744 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:40:28.212397 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:40:47.445765 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:40:49.554492 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:40:52.234039 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:03.235649 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:17.924951 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:30.956044 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:33.111673 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:39.455292 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
09/27/21-20:41:43.690538 | UDP | 254 | DNS SPOOF query response with TTL of 1 min. and no authority | 53 | 54450 | 8.8.8.8 | 192.168.2.4 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 20:40:26.099253893 CEST | 49771 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:26.126665115 CEST | 5652 | 49771 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:26.633711100 CEST | 49771 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:26.662739038 CEST | 5652 | 49771 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:27.162794113 CEST | 49771 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:27.188055992 CEST | 5652 | 49771 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:28.213025093 CEST | 49774 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:28.239039898 CEST | 5652 | 49774 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:28.740093946 CEST | 49774 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:28.767437935 CEST | 5652 | 49774 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:29.266966105 CEST | 49774 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:29.292431116 CEST | 5652 | 49774 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:30.311638117 CEST | 49775 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:30.337019920 CEST | 5652 | 49775 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:30.847476959 CEST | 49775 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:30.873163939 CEST | 5652 | 49775 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:31.382426977 CEST | 49775 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:31.408561945 CEST | 5652 | 49775 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:32.568515062 CEST | 49776 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:32.593892097 CEST | 5652 | 49776 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:33.097670078 CEST | 49776 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:33.122795105 CEST | 5652 | 49776 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:33.629543066 CEST | 49776 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:33.654998064 CEST | 5652 | 49776 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:35.528153896 CEST | 49777 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:35.553522110 CEST | 5652 | 49777 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:36.104592085 CEST | 49777 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:36.129878044 CEST | 5652 | 49777 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:36.704710960 CEST | 49777 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:36.730668068 CEST | 5652 | 49777 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:37.749738932 CEST | 49782 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:37.775094986 CEST | 5652 | 49782 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:38.275748014 CEST | 49782 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:38.302005053 CEST | 5652 | 49782 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:38.806431055 CEST | 49782 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:38.833870888 CEST | 5652 | 49782 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:39.854981899 CEST | 49783 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:39.880990028 CEST | 5652 | 49783 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:40.382126093 CEST | 49783 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:46.383398056 CEST | 49783 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:46.409064054 CEST | 5652 | 49783 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:47.448198080 CEST | 49790 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:47.475070000 CEST | 5652 | 49790 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:47.975523949 CEST | 49790 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:48.000745058 CEST | 5652 | 49790 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:48.500801086 CEST | 49790 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:48.526865005 CEST | 5652 | 49790 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:49.562388897 CEST | 49792 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:49.588556051 CEST | 5652 | 49792 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:50.090642929 CEST | 49792 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:50.116292953 CEST | 5652 | 49792 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:50.620203018 CEST | 49792 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:50.645873070 CEST | 5652 | 49792 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:52.249577045 CEST | 49793 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:52.275001049 CEST | 5652 | 49793 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:52.867918015 CEST | 49793 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:52.895874977 CEST | 5652 | 49793 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:53.468501091 CEST | 49793 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:53.495196104 CEST | 5652 | 49793 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:54.516490936 CEST | 49794 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:54.542279959 CEST | 5652 | 49794 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:55.076044083 CEST | 49794 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:55.101849079 CEST | 5652 | 49794 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:55.676054955 CEST | 49794 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:55.701675892 CEST | 5652 | 49794 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:56.810127020 CEST | 49796 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:56.836287975 CEST | 5652 | 49796 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:57.367189884 CEST | 49796 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:57.392453909 CEST | 5652 | 49796 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:57.967570066 CEST | 49796 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:57.994271994 CEST | 5652 | 49796 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:59.016191959 CEST | 49809 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:59.042155027 CEST | 5652 | 49809 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:40:59.542375088 CEST | 49809 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:40:59.568694115 CEST | 5652 | 49809 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:00.069375992 CEST | 49809 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:00.096935987 CEST | 5652 | 49809 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:01.115319967 CEST | 49814 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:01.140680075 CEST | 5652 | 49814 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:01.643546104 CEST | 49814 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:01.668754101 CEST | 5652 | 49814 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:02.169558048 CEST | 49814 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:02.195699930 CEST | 5652 | 49814 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:03.238528013 CEST | 49818 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:03.264319897 CEST | 5652 | 49818 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:03.855710983 CEST | 49818 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:03.881481886 CEST | 5652 | 49818 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:04.455780983 CEST | 49818 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:04.481502056 CEST | 5652 | 49818 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:05.535041094 CEST | 49821 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:05.563955069 CEST | 5652 | 49821 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:06.155870914 CEST | 49821 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:06.181652069 CEST | 5652 | 49821 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:06.755912066 CEST | 49821 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:06.782246113 CEST | 5652 | 49821 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:07.804713011 CEST | 49822 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:07.830929995 CEST | 5652 | 49822 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:08.465043068 CEST | 49822 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:08.491796970 CEST | 5652 | 49822 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:09.067141056 CEST | 49822 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:09.093024969 CEST | 5652 | 49822 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:11.281912088 CEST | 49823 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:11.307770967 CEST | 5652 | 49823 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:11.856374025 CEST | 49823 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:11.882030010 CEST | 5652 | 49823 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:12.456403971 CEST | 49823 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:12.481872082 CEST | 5652 | 49823 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:13.500864983 CEST | 49829 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:13.528048038 CEST | 5652 | 49829 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:14.056458950 CEST | 49829 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:14.082390070 CEST | 5652 | 49829 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:14.656506062 CEST | 49829 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:14.686913967 CEST | 5652 | 49829 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:15.709825039 CEST | 49831 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:15.735502005 CEST | 5652 | 49831 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:16.256684065 CEST | 49831 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:16.282218933 CEST | 5652 | 49831 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:16.856717110 CEST | 49831 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:16.882626057 CEST | 5652 | 49831 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:17.925641060 CEST | 49836 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:17.950985909 CEST | 5652 | 49836 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:18.456785917 CEST | 49836 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:18.483309984 CEST | 5652 | 49836 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:19.056817055 CEST | 49836 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:19.083744049 CEST | 5652 | 49836 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:20.110378981 CEST | 49841 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:20.141074896 CEST | 5652 | 49841 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:20.646934986 CEST | 49841 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:20.672533035 CEST | 5652 | 49841 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:21.173989058 CEST | 49841 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:21.199476004 CEST | 5652 | 49841 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:22.219979048 CEST | 49842 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:22.245400906 CEST | 5652 | 49842 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:22.749006987 CEST | 49842 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:22.774339914 CEST | 5652 | 49842 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:23.288388014 CEST | 49842 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:23.318268061 CEST | 5652 | 49842 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:24.337033033 CEST | 49843 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:24.363328934 CEST | 5652 | 49843 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:24.866652966 CEST | 49843 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:24.892354012 CEST | 5652 | 49843 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:25.397974968 CEST | 49843 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:25.424838066 CEST | 5652 | 49843 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:26.454720020 CEST | 49844 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:26.481374025 CEST | 5652 | 49844 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:26.991803885 CEST | 49844 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:27.017288923 CEST | 5652 | 49844 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:27.523144960 CEST | 49844 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:27.549626112 CEST | 5652 | 49844 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:28.604499102 CEST | 49845 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:28.629947901 CEST | 5652 | 49845 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:29.135026932 CEST | 49845 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:29.164258957 CEST | 5652 | 49845 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:29.679605961 CEST | 49845 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:29.705378056 CEST | 5652 | 49845 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:30.956877947 CEST | 49846 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:30.982530117 CEST | 5652 | 49846 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:31.492367029 CEST | 49846 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:31.518776894 CEST | 5652 | 49846 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:32.023648977 CEST | 49846 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:32.049479008 CEST | 5652 | 49846 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:33.112512112 CEST | 49847 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:33.139110088 CEST | 5652 | 49847 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:33.648641109 CEST | 49847 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:33.674082994 CEST | 5652 | 49847 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:34.179969072 CEST | 49847 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:34.205533028 CEST | 5652 | 49847 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:35.229579926 CEST | 49848 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:35.255750895 CEST | 5652 | 49848 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:35.758285046 CEST | 49848 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:35.784475088 CEST | 5652 | 49848 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:36.289539099 CEST | 49848 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:36.315488100 CEST | 5652 | 49848 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:37.338762999 CEST | 49849 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:37.364265919 CEST | 5652 | 49849 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:37.867872000 CEST | 49849 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:37.893913984 CEST | 5652 | 49849 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:38.399072886 CEST | 49849 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:38.424658060 CEST | 5652 | 49849 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:39.455862999 CEST | 49851 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:39.482280970 CEST | 5652 | 49851 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:39.992872953 CEST | 49851 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:40.018836975 CEST | 5652 | 49851 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:40.524198055 CEST | 49851 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:40.551223040 CEST | 5652 | 49851 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:41.571621895 CEST | 49862 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:41.596802950 CEST | 5652 | 49862 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:42.102488041 CEST | 49862 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:42.128117085 CEST | 5652 | 49862 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:42.633773088 CEST | 49862 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:42.659243107 CEST | 5652 | 49862 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:43.691113949 CEST | 49871 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:43.717178106 CEST | 5652 | 49871 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:44.227658987 CEST | 49871 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:44.253036022 CEST | 5652 | 49871 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:44.759078026 CEST | 49871 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:44.785418987 CEST | 5652 | 49871 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:45.809561968 CEST | 49872 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:45.834741116 CEST | 5652 | 49872 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:46.337189913 CEST | 49872 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:46.362776995 CEST | 5652 | 49872 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:46.868498087 CEST | 49872 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:46.894069910 CEST | 5652 | 49872 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:48.060870886 CEST | 49873 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:48.086034060 CEST | 5652 | 49873 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:48.587595940 CEST | 49873 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:48.613167048 CEST | 5652 | 49873 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:49.118729115 CEST | 49873 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:49.143979073 CEST | 5652 | 49873 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:50.167882919 CEST | 49874 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:50.193130016 CEST | 5652 | 49874 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:50.696935892 CEST | 49874 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:50.722172022 CEST | 5652 | 49874 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:51.228236914 CEST | 49874 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:51.254547119 CEST | 5652 | 49874 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:52.278573990 CEST | 49875 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:52.304378033 CEST | 5652 | 49875 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:52.806636095 CEST | 49875 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:52.834062099 CEST | 5652 | 49875 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:53.337838888 CEST | 49875 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:53.363450050 CEST | 5652 | 49875 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:54.387445927 CEST | 49876 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:54.412591934 CEST | 5652 | 49876 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:54.916549921 CEST | 49876 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:54.942821980 CEST | 5652 | 49876 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:55.447508097 CEST | 49876 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:55.474395990 CEST | 5652 | 49876 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:56.494640112 CEST | 49877 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:56.520145893 CEST | 5652 | 49877 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:57.025827885 CEST | 49877 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:57.051889896 CEST | 5652 | 49877 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:57.556952953 CEST | 49877 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:57.582830906 CEST | 5652 | 49877 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:58.607630014 CEST | 49878 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:41:58.634394884 CEST | 5652 | 49878 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:41:59.135330915 CEST | 49878 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:05.151293039 CEST | 49878 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:05.176501036 CEST | 5652 | 49878 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:06.621654987 CEST | 49879 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:06.647058010 CEST | 5652 | 49879 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:07.151632071 CEST | 49879 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:07.176831961 CEST | 5652 | 49879 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:07.682760000 CEST | 49879 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:07.710411072 CEST | 5652 | 49879 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:08.729939938 CEST | 49880 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:08.755093098 CEST | 5652 | 49880 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:09.261085033 CEST | 49880 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:09.286627054 CEST | 5652 | 49880 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:09.792313099 CEST | 49880 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:09.818428993 CEST | 5652 | 49880 | 185.140.53.15 | 192.168.2.4 |
Sep 27, 2021 20:42:10.844146967 CEST | 49881 | 5652 | 192.168.2.4 | 185.140.53.15 |
Sep 27, 2021 20:42:10.870908976 CEST | 5652 | 49881 | 185.140.53.15 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 20:39:50.712766886 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:39:50.742908955 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:39:54.559814930 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:39:54.586869001 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:00.329817057 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:00.377412081 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:01.487426043 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:01.589236021 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:26.069981098 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:26.090744019 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:26.709034920 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:26.736041069 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:28.191519976 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:28.212397099 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:30.296859026 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:30.310684919 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:32.554495096 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:32.567531109 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:35.508255959 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:35.522198915 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:35.778544903 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:35.861727953 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:36.340289116 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:36.441093922 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:37.736310959 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:37.749092102 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:39.840715885 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:39.854439974 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:42.579866886 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:42.592500925 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:42.794097900 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:42.857904911 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:44.545025110 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:44.717713118 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:46.670589924 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:46.683717966 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:47.422678947 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:47.445765018 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:49.533044100 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:49.554491997 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:52.200242996 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:52.234039068 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:54.499921083 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:54.513664007 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:55.821634054 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:55.889620066 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:56.719162941 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:56.794174910 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:56.808721066 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:56.828322887 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:57.487617016 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:57.515784025 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:57.897201061 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:57.985850096 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:58.307404041 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:58.380373001 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:58.864598036 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:58.879224062 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:58.999835014 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:40:59.013353109 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:40:59.997201920 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:00.010282040 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:00.552804947 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:00.629829884 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:01.101335049 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:01.114439011 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:02.316555023 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:02.329612970 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:03.211925030 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:03.235649109 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:04.239950895 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:04.253524065 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:04.683504105 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:04.696125984 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:05.504503965 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:05.526628971 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:07.787156105 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:07.801413059 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:11.246792078 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:11.259496927 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:13.020337105 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:13.040038109 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:13.486362934 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:13.499980927 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:15.690439939 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:15.703810930 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:17.904463053 CEST | 53418 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:17.924951077 CEST | 53 | 53418 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:20.089129925 CEST | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:20.102364063 CEST | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:22.204933882 CEST | 59260 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:22.218985081 CEST | 53 | 59260 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:24.323244095 CEST | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:24.335789919 CEST | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:26.440473080 CEST | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:26.453758955 CEST | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:28.589694023 CEST | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:28.603553057 CEST | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:30.934642076 CEST | 51275 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:30.956043959 CEST | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:33.083949089 CEST | 63492 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:33.111673117 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:35.215830088 CEST | 58945 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:35.228498936 CEST | 53 | 58945 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:37.323995113 CEST | 60779 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:37.337399006 CEST | 53 | 60779 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:38.495858908 CEST | 64014 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:38.526067019 CEST | 53 | 64014 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:39.433008909 CEST | 57091 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:39.455291986 CEST | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:39.548918962 CEST | 55904 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:39.562026024 CEST | 53 | 55904 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:41.558228970 CEST | 52109 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:41.570872068 CEST | 53 | 52109 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:43.668311119 CEST | 54450 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:43.690537930 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:45.795187950 CEST | 49374 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:45.808367014 CEST | 53 | 49374 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:48.034203053 CEST | 50436 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:48.047791004 CEST | 53 | 50436 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:50.154508114 CEST | 62605 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:50.166790962 CEST | 53 | 62605 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:52.264264107 CEST | 54256 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:52.277652025 CEST | 53 | 54256 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:54.373840094 CEST | 52189 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:54.386415005 CEST | 53 | 52189 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:56.481215954 CEST | 56131 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:56.493730068 CEST | 53 | 56131 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:41:58.592732906 CEST | 62992 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:41:58.606566906 CEST | 53 | 62992 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:42:06.596437931 CEST | 54432 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:42:06.612971067 CEST | 53 | 54432 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:42:08.715605974 CEST | 57227 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:42:08.729338884 CEST | 53 | 57227 | 8.8.8.8 | 192.168.2.4 |
Sep 27, 2021 20:42:10.826145887 CEST | 58383 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 27, 2021 20:42:10.839230061 CEST | 53 | 58383 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 27, 2021 20:40:00.329817057 CEST | 192.168.2.4 | 8.8.8.8 | 0xaf7e | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:01.487426043 CEST | 192.168.2.4 | 8.8.8.8 | 0x72ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:26.069981098 CEST | 192.168.2.4 | 8.8.8.8 | 0xd18a | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:28.191519976 CEST | 192.168.2.4 | 8.8.8.8 | 0x61d9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:30.296859026 CEST | 192.168.2.4 | 8.8.8.8 | 0x4be0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:32.554495096 CEST | 192.168.2.4 | 8.8.8.8 | 0x500f | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:35.508255959 CEST | 192.168.2.4 | 8.8.8.8 | 0x5b70 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:35.778544903 CEST | 192.168.2.4 | 8.8.8.8 | 0x6992 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:36.340289116 CEST | 192.168.2.4 | 8.8.8.8 | 0xf6e3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:37.736310959 CEST | 192.168.2.4 | 8.8.8.8 | 0xf757 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:39.840715885 CEST | 192.168.2.4 | 8.8.8.8 | 0x941c | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:42.794097900 CEST | 192.168.2.4 | 8.8.8.8 | 0xe14e | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:44.545025110 CEST | 192.168.2.4 | 8.8.8.8 | 0xd5fc | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:47.422678947 CEST | 192.168.2.4 | 8.8.8.8 | 0x216 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:49.533044100 CEST | 192.168.2.4 | 8.8.8.8 | 0x813 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:52.200242996 CEST | 192.168.2.4 | 8.8.8.8 | 0x73fa | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:54.499921083 CEST | 192.168.2.4 | 8.8.8.8 | 0x620b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:56.794174910 CEST | 192.168.2.4 | 8.8.8.8 | 0xf61c | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:40:58.999835014 CEST | 192.168.2.4 | 8.8.8.8 | 0xa4a5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:01.101335049 CEST | 192.168.2.4 | 8.8.8.8 | 0x4f8b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:03.211925030 CEST | 192.168.2.4 | 8.8.8.8 | 0x4880 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:05.504503965 CEST | 192.168.2.4 | 8.8.8.8 | 0xd44d | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:07.787156105 CEST | 192.168.2.4 | 8.8.8.8 | 0xca1e | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:11.246792078 CEST | 192.168.2.4 | 8.8.8.8 | 0x97ab | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:13.486362934 CEST | 192.168.2.4 | 8.8.8.8 | 0x4556 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:15.690439939 CEST | 192.168.2.4 | 8.8.8.8 | 0xfea6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:17.904463053 CEST | 192.168.2.4 | 8.8.8.8 | 0xc846 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:20.089129925 CEST | 192.168.2.4 | 8.8.8.8 | 0x4bfd | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:22.204933882 CEST | 192.168.2.4 | 8.8.8.8 | 0x5dfd | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:24.323244095 CEST | 192.168.2.4 | 8.8.8.8 | 0x3c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:26.440473080 CEST | 192.168.2.4 | 8.8.8.8 | 0x6c58 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:28.589694023 CEST | 192.168.2.4 | 8.8.8.8 | 0xb11b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:30.934642076 CEST | 192.168.2.4 | 8.8.8.8 | 0x29b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:33.083949089 CEST | 192.168.2.4 | 8.8.8.8 | 0xf9b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:35.215830088 CEST | 192.168.2.4 | 8.8.8.8 | 0x7da5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:37.323995113 CEST | 192.168.2.4 | 8.8.8.8 | 0x2de7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:39.433008909 CEST | 192.168.2.4 | 8.8.8.8 | 0xf6a1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:41.558228970 CEST | 192.168.2.4 | 8.8.8.8 | 0xc97d | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:43.668311119 CEST | 192.168.2.4 | 8.8.8.8 | 0xdadc | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:45.795187950 CEST | 192.168.2.4 | 8.8.8.8 | 0xc1b1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:48.034203053 CEST | 192.168.2.4 | 8.8.8.8 | 0x4ee2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:50.154508114 CEST | 192.168.2.4 | 8.8.8.8 | 0xd265 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:52.264264107 CEST | 192.168.2.4 | 8.8.8.8 | 0x5e9b | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:54.373840094 CEST | 192.168.2.4 | 8.8.8.8 | 0x88b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:56.481215954 CEST | 192.168.2.4 | 8.8.8.8 | 0xd752 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:41:58.592732906 CEST | 192.168.2.4 | 8.8.8.8 | 0x14d1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:42:06.596437931 CEST | 192.168.2.4 | 8.8.8.8 | 0x1b36 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:42:08.715605974 CEST | 192.168.2.4 | 8.8.8.8 | 0x346a | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 20:42:10.826145887 CEST | 192.168.2.4 | 8.8.8.8 | 0xfb67 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 27, 2021 20:40:00.377412081 CEST | 8.8.8.8 | 192.168.2.4 | 0xaf7e | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:01.589236021 CEST | 8.8.8.8 | 192.168.2.4 | 0x72ff | No error (0) | sn-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:01.589236021 CEST | 8.8.8.8 | 192.168.2.4 | 0x72ff | No error (0) | odc-sn-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:26.090744019 CEST | 8.8.8.8 | 192.168.2.4 | 0xd18a | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:28.212397099 CEST | 8.8.8.8 | 192.168.2.4 | 0x61d9 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:30.310684919 CEST | 8.8.8.8 | 192.168.2.4 | 0x4be0 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:32.567531109 CEST | 8.8.8.8 | 192.168.2.4 | 0x500f | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:35.522198915 CEST | 8.8.8.8 | 192.168.2.4 | 0x5b70 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:35.861727953 CEST | 8.8.8.8 | 192.168.2.4 | 0x6992 | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:36.441093922 CEST | 8.8.8.8 | 192.168.2.4 | 0xf6e3 | No error (0) | sn-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:36.441093922 CEST | 8.8.8.8 | 192.168.2.4 | 0xf6e3 | No error (0) | odc-sn-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:37.749092102 CEST | 8.8.8.8 | 192.168.2.4 | 0xf757 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:39.854439974 CEST | 8.8.8.8 | 192.168.2.4 | 0x941c | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:42.857904911 CEST | 8.8.8.8 | 192.168.2.4 | 0xe14e | No error (0) | odc-web-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:44.717713118 CEST | 8.8.8.8 | 192.168.2.4 | 0xd5fc | No error (0) | sn-files.fe.1drv.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:44.717713118 CEST | 8.8.8.8 | 192.168.2.4 | 0xd5fc | No error (0) | odc-sn-files-geo.onedrive.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 20:40:47.445765018 CEST | 8.8.8.8 | 192.168.2.4 | 0x216 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:49.554491997 CEST | 8.8.8.8 | 192.168.2.4 | 0x813 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:52.234039068 CEST | 8.8.8.8 | 192.168.2.4 | 0x73fa | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:54.513664007 CEST | 8.8.8.8 | 192.168.2.4 | 0x620b | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:56.808721066 CEST | 8.8.8.8 | 192.168.2.4 | 0xf61c | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:40:59.013353109 CEST | 8.8.8.8 | 192.168.2.4 | 0xa4a5 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:01.114439011 CEST | 8.8.8.8 | 192.168.2.4 | 0x4f8b | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:03.235649109 CEST | 8.8.8.8 | 192.168.2.4 | 0x4880 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:05.526628971 CEST | 8.8.8.8 | 192.168.2.4 | 0xd44d | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:07.801413059 CEST | 8.8.8.8 | 192.168.2.4 | 0xca1e | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:11.259496927 CEST | 8.8.8.8 | 192.168.2.4 | 0x97ab | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:13.499980927 CEST | 8.8.8.8 | 192.168.2.4 | 0x4556 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:15.703810930 CEST | 8.8.8.8 | 192.168.2.4 | 0xfea6 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:17.924951077 CEST | 8.8.8.8 | 192.168.2.4 | 0xc846 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:20.102364063 CEST | 8.8.8.8 | 192.168.2.4 | 0x4bfd | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:22.218985081 CEST | 8.8.8.8 | 192.168.2.4 | 0x5dfd | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:24.335789919 CEST | 8.8.8.8 | 192.168.2.4 | 0x3c7 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:26.453758955 CEST | 8.8.8.8 | 192.168.2.4 | 0x6c58 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:28.603553057 CEST | 8.8.8.8 | 192.168.2.4 | 0xb11b | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:30.956043959 CEST | 8.8.8.8 | 192.168.2.4 | 0x29b | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:33.111673117 CEST | 8.8.8.8 | 192.168.2.4 | 0xf9b9 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:35.228498936 CEST | 8.8.8.8 | 192.168.2.4 | 0x7da5 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:37.337399006 CEST | 8.8.8.8 | 192.168.2.4 | 0x2de7 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:39.455291986 CEST | 8.8.8.8 | 192.168.2.4 | 0xf6a1 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:41.570872068 CEST | 8.8.8.8 | 192.168.2.4 | 0xc97d | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:43.690537930 CEST | 8.8.8.8 | 192.168.2.4 | 0xdadc | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:45.808367014 CEST | 8.8.8.8 | 192.168.2.4 | 0xc1b1 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:48.047791004 CEST | 8.8.8.8 | 192.168.2.4 | 0x4ee2 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:50.166790962 CEST | 8.8.8.8 | 192.168.2.4 | 0xd265 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:52.277652025 CEST | 8.8.8.8 | 192.168.2.4 | 0x5e9b | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:54.386415005 CEST | 8.8.8.8 | 192.168.2.4 | 0x88b9 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:56.493730068 CEST | 8.8.8.8 | 192.168.2.4 | 0xd752 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:41:58.606566906 CEST | 8.8.8.8 | 192.168.2.4 | 0x14d1 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:42:06.612971067 CEST | 8.8.8.8 | 192.168.2.4 | 0x1b36 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:42:08.729338884 CEST | 8.8.8.8 | 192.168.2.4 | 0x346a | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 20:42:10.839230061 CEST | 8.8.8.8 | 192.168.2.4 | 0xfb67 | No error (0) | 185.140.53.15 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 20:39:57 |
Start date: | 27/09/2021 |
Path: | C:\Users\user\Desktop\ENTREGA DE DOCUMENTOS DHL _ 27-09-21,pdf.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009152 bytes |
MD5 hash: | 3808D4A11CBEE20896CCA28F9A3BCB9B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Reputation: | low |
General |
---|
Start time: | 20:40:20 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\mobsync.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 93184 bytes |
MD5 hash: | 44C19378FA529DD88674BAF647EBDC3C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 20:40:25 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:25 |
Start date: | 27/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:26 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:26 |
Start date: | 27/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:26 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x11d0000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:27 |
Start date: | 27/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:27 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\reg.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x310000 |
File size: | 59392 bytes |
MD5 hash: | CEE2A7E57DF2A159A065A34913A055C2 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:28 |
Start date: | 27/09/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff724c50000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 20:40:31 |
Start date: | 27/09/2021 |
Path: | C:\Users\Public\Libraries\Iqzenco\Iqzenco.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009152 bytes |
MD5 hash: | 3808D4A11CBEE20896CCA28F9A3BCB9B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
Antivirus matches: |
|
General |
---|
Start time: | 20:40:39 |
Start date: | 27/09/2021 |
Path: | C:\Users\Public\Libraries\Iqzenco\Iqzenco.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1009152 bytes |
MD5 hash: | 3808D4A11CBEE20896CCA28F9A3BCB9B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Borland Delphi |
General |
---|
Start time: | 20:40:59 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\mobsync.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9d0000 |
File size: | 93184 bytes |
MD5 hash: | 44C19378FA529DD88674BAF647EBDC3C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
General |
---|
Start time: | 20:41:16 |
Start date: | 27/09/2021 |
Path: | C:\Windows\SysWOW64\secinit.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 9728 bytes |
MD5 hash: | 174A363BB5A2D88B224546C15DD10906 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 0040D072, Relevance: 84.1, APIs: 28, Strings: 20, Instructions: 98libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D455, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88sleepCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004166F6, Relevance: 3.0, APIs: 2, Instructions: 41COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F1CD, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C641, Relevance: 60.3, APIs: 16, Strings: 18, Instructions: 769synchronizationCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411319, Relevance: 28.7, APIs: 6, Strings: 10, Instructions: 728sleepnetworkthreadCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 37% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 0040D1AD, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 186processsynchronizationCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004170AC, Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A291, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004410D3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004360A3, Relevance: 4.6, APIs: 3, Instructions: 78COMMON
C-Code - Quality: 76% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406176, Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 96% |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F2AB, Relevance: 1.6, APIs: 1, Instructions: 132COMMON
C-Code - Quality: 84% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449143, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
C-Code - Quality: 59% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449373, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041A3F8, Relevance: .6, Instructions: 585COMMONCrypto
C-Code - Quality: 96% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042220F, Relevance: .4, Instructions: 411COMMONCrypto
C-Code - Quality: 99% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043424F, Relevance: .3, Instructions: 341COMMONCrypto
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142A5, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 298windowmemoryCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041636B, Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 185synchronizationCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B107, Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 259registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044625D, Relevance: 27.4, APIs: 18, Instructions: 419COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E23C, Relevance: 22.8, APIs: 15, Instructions: 296COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004480F6, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409197, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413012, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 112sleepfileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004152D7, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004450E7, Relevance: 13.8, APIs: 9, Instructions: 300COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040628B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044326D, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 76% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A320, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050E5, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38synchronizationCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004160D6, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004350A9, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041510D, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 128fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405165, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44synchronizationCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C2CD, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
C-Code - Quality: 83% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041729F, Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044618A, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041033E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B0B1, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
C-Code - Quality: 95% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417334, Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040412D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 28% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441129, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
Function 0043B789, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042F1CD, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C641, Relevance: 53.3, APIs: 15, Strings: 15, Instructions: 769synchronizationCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F4B7, Relevance: 31.7, APIs: 7, Strings: 11, Instructions: 194threadCOMMON
C-Code - Quality: 82% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040559D, Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 283pipesleepfileCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A3AF, Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 152fileCOMMON
C-Code - Quality: 95% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A5CA, Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 143fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004126A5, Relevance: 18.1, APIs: 12, Instructions: 83clipboardmemoryCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004170AC, Relevance: 13.6, APIs: 9, Instructions: 147fileCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044190C, Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMON
C-Code - Quality: 76% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A291, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004077EE, Relevance: 9.3, APIs: 6, Instructions: 324fileCOMMON
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00412598, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 97libraryloadershutdownCOMMON
C-Code - Quality: 62% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D455, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88sleepCOMMON
C-Code - Quality: 46% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 94% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00449440, Relevance: 7.7, APIs: 5, Instructions: 188COMMON
C-Code - Quality: 89% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041242F, Relevance: 3.1, APIs: 2, Instructions: 66sleepfilenetworkCOMMON
C-Code - Quality: 77% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044697D, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D072, Relevance: 82.3, APIs: 28, Strings: 19, Instructions: 98libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004142A5, Relevance: 51.0, APIs: 27, Strings: 2, Instructions: 298windowmemoryCOMMON
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040F785, Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 181synchronizationCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B465, Relevance: 38.8, APIs: 6, Strings: 16, Instructions: 280registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041636B, Relevance: 38.7, APIs: 12, Strings: 10, Instructions: 185synchronizationCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040B107, Relevance: 35.3, APIs: 6, Strings: 14, Instructions: 259registryCOMMON
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401A44, Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 155fileCOMMON
C-Code - Quality: 95% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044625D, Relevance: 27.4, APIs: 18, Instructions: 419COMMON
C-Code - Quality: 87% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406455, Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 345fileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004187B2, Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 74windowCOMMON
C-Code - Quality: 64% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043E23C, Relevance: 22.8, APIs: 15, Instructions: 296COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041755D, Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 212registryCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004480F6, Relevance: 19.6, APIs: 13, Instructions: 114COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D1AD, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 186processsynchronizationCOMMON
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447430, Relevance: 18.4, APIs: 12, Instructions: 376COMMON
C-Code - Quality: 97% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 41% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409197, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 156sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004053B7, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 147windowmemoryCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 84% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413012, Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 112sleepfileCOMMON
C-Code - Quality: 77% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004188B1, Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 89memoryCOMMON
C-Code - Quality: 59% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044087E, Relevance: 15.1, APIs: 10, Instructions: 54COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 71% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004152D7, Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 176sleeptimeCOMMON
C-Code - Quality: 85% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004437EC, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 152fileCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408894, Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 63windowCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418680, Relevance: 14.0, APIs: 7, Strings: 1, Instructions: 48windowstringCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004450E7, Relevance: 13.8, APIs: 9, Instructions: 300COMMON
C-Code - Quality: 77% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DA45, Relevance: 13.8, APIs: 9, Instructions: 268COMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 65% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004136BA, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 108filesynchronizationCOMMON
C-Code - Quality: 73% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040628B, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106fileCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044326D, Relevance: 12.2, APIs: 8, Instructions: 216COMMON
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 80% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00447855, Relevance: 10.7, APIs: 7, Instructions: 204COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 73% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044FA43, Relevance: 10.6, APIs: 7, Instructions: 80COMMON
C-Code - Quality: 90% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00409636, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 74timeCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416871, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 71sleeplibraryloaderCOMMON
C-Code - Quality: 45% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004349C5, Relevance: 10.6, APIs: 7, Instructions: 60COMMON
C-Code - Quality: 95% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A320, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 49fileCOMMON
C-Code - Quality: 75% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004050E5, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38synchronizationCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B80E, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38libraryloaderCOMMON
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004160D6, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 30sleepCOMMON
C-Code - Quality: 86% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004350A9, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
C-Code - Quality: 69% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00440972, Relevance: 9.0, APIs: 6, Instructions: 50COMMON
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 97% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408744, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 70threadCOMMON
C-Code - Quality: 84% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004093AF, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 65threadCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418732, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57registryCOMMON
C-Code - Quality: 70% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 19% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D797, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 46processCOMMON
C-Code - Quality: 50% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00405165, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 44synchronizationCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410420, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42registryCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00404466, Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 201sleepCOMMON
C-Code - Quality: 67% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C2CD, Relevance: 7.6, APIs: 5, Instructions: 129COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A8C0, Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 103sleepCOMMON
C-Code - Quality: 83% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041729F, Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044618A, Relevance: 7.6, APIs: 5, Instructions: 68COMMON
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004409F6, Relevance: 7.6, APIs: 5, Instructions: 53COMMON
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004477EC, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043C51C, Relevance: 7.5, APIs: 5, Instructions: 30COMMON
C-Code - Quality: 91% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041077E, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 179registryCOMMON
C-Code - Quality: 88% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 72% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041510D, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128fileCOMMON
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 88% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 82% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041033E, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40registryCOMMON
C-Code - Quality: 63% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041053C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39registryCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401397, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401452, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040146F, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 7libraryloaderCOMMON
C-Code - Quality: 100% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00442490, Relevance: 6.3, APIs: 4, Instructions: 305COMMON
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043B0B1, Relevance: 6.1, APIs: 4, Instructions: 133COMMON
C-Code - Quality: 95% |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00408A53, Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 82sleepCOMMON
C-Code - Quality: 89% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417334, Relevance: 6.1, APIs: 4, Instructions: 52fileCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431611, Relevance: 6.0, APIs: 4, Instructions: 14COMMON
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040412D, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93sleepCOMMON
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004049D2, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60networkCOMMON
C-Code - Quality: 60% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004165D8, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 59timeCOMMON
C-Code - Quality: 75% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 81% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 28% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00441129, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 39% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 25% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 20% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004410D3, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 30timeCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |