Windows Analysis Report 6yDD19jMIu.dll
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "UmEkthy8LQToWYBqtBaWyLn/P1d2KjpXi9nl2is1X7NEi7AW4Al92U7HvBiCwWHgXhs6UyTZ7q6npv3YCi+rPS7xAyorWWgcyyviEpE9CETDXviZ72XZkxmen4ztvEtct+obFAEe0tiXOsfOcC8xDsI0CHPpvmUknsexTYqAJgwcghgx1mGHx/yFM4fnPYw4mFFE6bVI7eMnbu1CuunRmAVRDHZ7MAS7zSkAmYjeo1zAzRnOEWgblRHwenmwlBtp0SFGuYCGVe3TZZ4Nndgpd5xpSeLOoSZi/fRXjtS8b6LXBS/zslRCRObMDjDX4pa1fM1uOgFHyvjANgWJpZ272bpOHjM52/hsEGZXskaNztU=", "c2_domain": ["msn.com/mail", "breuranel.website", "outlook.com/signup", "areuranel.website"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 30 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 16 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 0_2_6E4C21B4 | |
Source: | Code function: | 0_2_6E4D5600 | |
Source: | Code function: | 0_2_6E518C9B | |
Source: | Code function: | 0_2_6E4FE8C0 | |
Source: | Code function: | 3_2_6E4D5600 | |
Source: | Code function: | 3_2_6E50D630 | |
Source: | Code function: | 3_2_6E523CCE | |
Source: | Code function: | 3_2_6E50B597 | |
Source: | Code function: | 3_2_6E52FA78 | |
Source: | Code function: | 3_2_6E51A2B1 | |
Source: | Code function: | 3_2_6E52FB98 | |
Source: | Code function: | 3_2_6E4FE8C0 | |
Source: | Code function: | 4_2_6E4D5600 | |
Source: | Code function: | 4_2_6E50D630 | |
Source: | Code function: | 4_2_6E523CCE | |
Source: | Code function: | 4_2_6E50B597 | |
Source: | Code function: | 4_2_6E51A2B1 | |
Source: | Code function: | 4_2_6E4FE8C0 |
Source: | Code function: | 0_2_6E4C15C6 | |
Source: | Code function: | 0_2_6E4C1273 | |
Source: | Code function: | 0_2_6E4C13B8 | |
Source: | Code function: | 0_2_6E4C23D5 |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_6E4C2159 | |
Source: | Code function: | 0_2_6E4C21B3 | |
Source: | Code function: | 0_2_6E4FABAD | |
Source: | Code function: | 3_2_6E4FABAD | |
Source: | Code function: | 4_2_6E4FABAD |
Source: | Code function: | 0_2_6E4C1DE5 |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E506CB3 |
Source: | Code function: | 0_2_6E4C1DE5 |
Source: | Code function: | 0_2_6E51C325 | |
Source: | Code function: | 0_2_6E528861 | |
Source: | Code function: | 0_2_6E56DFDA | |
Source: | Code function: | 0_2_6E56DEAA | |
Source: | Code function: | 0_2_6E56DBB5 | |
Source: | Code function: | 3_2_6E51C325 | |
Source: | Code function: | 3_2_6E528861 | |
Source: | Code function: | 3_2_6E56DFDA | |
Source: | Code function: | 3_2_6E56DEAA | |
Source: | Code function: | 3_2_6E56DBB5 | |
Source: | Code function: | 4_2_6E51C325 | |
Source: | Code function: | 4_2_6E528861 | |
Source: | Code function: | 4_2_6E56DEAA | |
Source: | Code function: | 4_2_6E56E3B4 | |
Source: | Code function: | 4_2_6E56DBB5 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 0_2_6E506CB3 | |
Source: | Code function: | 0_2_6E4FB316 | |
Source: | Code function: | 3_2_6E506CB3 | |
Source: | Code function: | 3_2_6E4FB316 | |
Source: | Code function: | 4_2_6E506CB3 | |
Source: | Code function: | 4_2_6E4FB316 |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_6E520E4C | |
Source: | Code function: | 0_2_6E4F9EB5 | |
Source: | Code function: | 0_2_6E52E448 | |
Source: | Code function: | 0_2_6E520429 | |
Source: | Code function: | 0_2_6E52EA21 | |
Source: | Code function: | 0_2_6E52E344 | |
Source: | Code function: | 0_2_6E52E3AD | |
Source: | Code function: | 0_2_6E52E84C | |
Source: | Code function: | 0_2_6E52E0A2 | |
Source: | Code function: | 3_2_6E520E4C | |
Source: | Code function: | 3_2_6E4F9EB5 | |
Source: | Code function: | 3_2_6E52E448 | |
Source: | Code function: | 3_2_6E520429 | |
Source: | Code function: | 3_2_6E52EA21 | |
Source: | Code function: | 3_2_6E52E344 | |
Source: | Code function: | 3_2_6E52E3AD | |
Source: | Code function: | 3_2_6E52E84C | |
Source: | Code function: | 3_2_6E52E0A2 | |
Source: | Code function: | 4_2_6E520E4C | |
Source: | Code function: | 4_2_6E4F9EB5 | |
Source: | Code function: | 4_2_6E52E448 | |
Source: | Code function: | 4_2_6E520429 | |
Source: | Code function: | 4_2_6E52EA21 | |
Source: | Code function: | 4_2_6E52E344 | |
Source: | Code function: | 4_2_6E52E3AD | |
Source: | Code function: | 4_2_6E52E84C | |
Source: | Code function: | 4_2_6E52E0A2 |
Source: | Code function: | 0_2_6E4C1172 |
Source: | Code function: | 0_2_6E51FF15 |
Source: | Code function: | 0_2_6E4C1825 |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | Path Interception | Process Injection112 | Virtualization/Sandbox Evasion1 | Input Capture1 | System Time Discovery2 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Process Injection112 | LSASS Memory | Security Software Discovery21 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Deobfuscate/Decode Files or Information1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information2 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol14 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Rundll321 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery13 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
5% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse | ||
7% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
7% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
msn.com | 13.82.28.61 | true | false | high | |
outlook.com | 40.97.161.50 | true | false | high | |
HHN-efz.ms-acdc.office.com | 52.97.223.66 | true | false | high | |
FRA-efz.ms-acdc.office.com | 40.101.124.210 | true | false | high | |
www.msn.com | unknown | unknown | false | high | |
www.outlook.com | unknown | unknown | false | high | |
areuranel.website | unknown | unknown | true |
| unknown |
breuranel.website | unknown | unknown | true |
| unknown |
outlook.office365.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high | ||
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
52.97.219.162 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
40.97.161.50 | outlook.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.98.214.82 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.223.66 | HHN-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
40.101.124.210 | FRA-efz.ms-acdc.office.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
52.97.137.114 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | true | |
52.98.208.114 | unknown | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false | |
13.82.28.61 | msn.com | United States | 8075 | MICROSOFT-CORP-MSN-AS-BLOCKUS | false |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 500309 |
Start date: | 11.10.2021 |
Start time: | 22:33:26 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 10s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 6yDD19jMIu.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winDLL@14/12@26/9 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
22:35:58 | API Interceptor | |
22:36:16 | API Interceptor | |
22:36:22 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
40.101.124.210 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
40.97.161.50 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
52.98.208.114 | Get hash | malicious | Browse | ||
13.82.28.61 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
outlook.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
MICROSOFT-CORP-MSN-AS-BLOCKUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ce5f3254611a8c095a3d821d44539877 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11920 |
Entropy (8bit): | 3.7577872722003836 |
Encrypted: | false |
SSDEEP: | 192:zZGmiE0oXkHygBWjed+x/u7sSS274ItWcB:EmiyXsygBWje8/u7sSX4ItWcB |
MD5: | 073242CE69AAB2A42AF55F221E3EA130 |
SHA1: | DD438EF7C0259129C1A74B1647C5548E0B0F425D |
SHA-256: | C6B779E636113F5DB81E5FD9FF40C319FF0380DAA64547D091ECBCD6C96E6BA9 |
SHA-512: | 924D3B57FF3DBD11FA2D384B9C38BED1E48D795EC5EF9C9F06661B9359EDC7BB20B4CDBC32062F03375AB3D12E384075F054F1F82816EEA0ACA3EC0680C6669B |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12006 |
Entropy (8bit): | 3.763675371484313 |
Encrypted: | false |
SSDEEP: | 192:afi70oXSHBUZMX4jed+x/u7sSS274It7cyn:iilXqBUZMX4je8/u7sSX4It7co |
MD5: | B500320951CD31ACF40B45B6B09B941E |
SHA1: | 5DD4A80D6538B76F306E500B9BC412EDED0C2DC7 |
SHA-256: | FF8A8E154E637DAA42B09CEB1B8673EB0FF0C1F9E57916B4AB0C04BE0B683602 |
SHA-512: | 51D3F122A50039EF6818866050D40B834F1FA92F6682D1D00BBFB160EFAA50EC78AB0842F6E2B9839BC4586D4C450D9A67820AB5BF5AC3664C3D7C4B1291E33F |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12042 |
Entropy (8bit): | 3.764595043236511 |
Encrypted: | false |
SSDEEP: | 192:IHib70oXRHBUZMX4jed+5/u7sSS274It7cA:4iblXhBUZMX4jeU/u7sSX4It7cA |
MD5: | 8D9B2345FAB0E914BA720E2CAAD60CDA |
SHA1: | 7E5E6B5C9187EA49A6C5AA846FF738073D397A7F |
SHA-256: | F1BE18D1EB87C39C6C4A3E036C978B4475CD84509A33FFA3298AA80F6E38DAB8 |
SHA-512: | 534B3863EF98E786BD87C406F74DE75D0FFBC8BBFF41BB989EFE584B86A94DB82ACAE5D56ADEC6CCA585C49A7672E428034F7EDF578A184B954CB280E41C5E47 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4771 |
Entropy (8bit): | 4.489938918942838 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsmJgtWI9siAAWSC8Bb8fm8M4JCds0MFf+q8vjs0c4SrS4d:uITf8WESNWJSuKRcDW4d |
MD5: | BF63B69EAC990AB6D87408C4E4F97D3F |
SHA1: | 85D06704174C9C8FE1742B02F9911C07788C7E63 |
SHA-256: | 44EEF58AE3C49362B39C338932BD7640F10E1E481B6BC707393B2E5D1EE96EB2 |
SHA-512: | 2653F3BE41DE081740D62E094CBA6C91DC09DF55509165C3416E049D854D3200E3E2D5D8B2F8BA2C7FEE7B0139A0F0CF349624768440D1CEED0EE52456BE8627 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59254 |
Entropy (8bit): | 1.9634863542101364 |
Encrypted: | false |
SSDEEP: | 192:aj0QkYA4dJtQhlS2DK0NZh7uP5xZU7KcLG4vPuEeNKolE6ifI7QnSE1Wz9d3:aowbtSbDnhoz/wG4vP4NrlE6lQSiQL3 |
MD5: | 21FC690E719CA0A2B0555CAF4DC9894F |
SHA1: | 9FFF80005C49B84DEDB89A67E403342106D31056 |
SHA-256: | 0B2CFC574556075A4994FF5510FFFD0DEA968910B8B08E8D160F9E73B2C73E91 |
SHA-512: | 8482E0DF1711B6CA87A192E236CDCDB636DE710DCB2FEFF3BF73F191F31488E44D192192813877F8B6FC99EB7B4875787C215536C7BEA8325BDF77D388A63029 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8306 |
Entropy (8bit): | 3.6948125197877575 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi2IA6y6G6YWo651WgmfTkOSDCpDT89b5Ssffzm:RrlsNim63G6YJ6KgmfTkOS35RfS |
MD5: | 63792DA1DF75FF4D2EC7D9A25ACC5AEF |
SHA1: | C7942D021FA364788DD729A675DFB805358CBA84 |
SHA-256: | 831350964B1B96FC83D883BAD10563D9F8CB01B29865BC917948403161B0D1B4 |
SHA-512: | 22B983D28FBC71ECE8D0BDDFA26ACE778DA8ACCEE2F9836D3864253F584031E46EBE19D82283F9416B23124D7A94633942A0E15420624E847100AE775606F40C |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4630 |
Entropy (8bit): | 4.458084179540214 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs9JgtWI9siAAWSC8BL8fm8M4JCds9FC+q8/5Z4SrSmd:uITfXWESNmJEGDWmd |
MD5: | C490845CB287C90988FD6F6CF567DD28 |
SHA1: | 5C7BEE2DC7C4B85A592B569558E138991878A7D0 |
SHA-256: | 5138F57A3B495A7B2638475C4F61D3851192202E4689A4749E4954CE0AA70680 |
SHA-512: | C4C4A55A9D2B5A4B7672168C3ED968A3CDF143E07B244DC6F388360EC9E597C0EB5A48BF2DF40D590195B542FCE84CC2F70FDECDF0570F9EA872080EA8D94987 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34730 |
Entropy (8bit): | 2.463952054231091 |
Encrypted: | false |
SSDEEP: | 192:AsYKWkS1nV/WjP5MUmpISGG+0CszdbdE1lE1RHEHnlzq:AfrkSwqUo/+0Cszwl0R4lzq |
MD5: | 7A5646D47572BB8CFF0CC61340DF4203 |
SHA1: | 980925704E4ED1FAFAA9C6152E358BE9E1FFA2A9 |
SHA-256: | 28DEA90303D7A8DA075BBD36DCCAC8FBBDE8C40515F4DFD39D4770E174B195B0 |
SHA-512: | 14FB9C68EDBD1A420B2637FEDE0B72D722AC9B9A79606046B79F5E9FD78582E02DAAD053B18B1655ADC003D0D8A9B28F2222B134FF57DBDA772342D3C2980461 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8402 |
Entropy (8bit): | 3.6993822896284474 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNimj06JVQA6YWDO6ZVthxmgmf8KS9Cpro89bY0sfJIm:RrlsNio06EA6YYO6ZVthxmgmf8KSAYn7 |
MD5: | F76740664610671DA6DEC7F8DBF0BEF3 |
SHA1: | C0C405E091ED53B8CA110B8885E8BA214D4EC0FB |
SHA-256: | 2F27E2B019C3985C6509E88329774C77C5B641DB3EBE14D0F666FD314ABA23F3 |
SHA-512: | 78218236DD3D944A2FDC43A321C85607EE6B3D8D7AB6BBD0FA217F05F91C223164E00D7DA9BF909D98507E4BD65C6C2DB010EB69A19DE90A175D90DE0128369D |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8404 |
Entropy (8bit): | 3.699506403638675 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNi9h6tR6YWt6ZVthxmgmf8KS9CprK89bhrsfVLm:RrlsNib6r6Ys6ZVthxmgmf8KSGhwfU |
MD5: | 53258A3836AA706F17BA12F50C7F4658 |
SHA1: | B0E270CACDF35F9F6B281217868575FF1AB3BB40 |
SHA-256: | 9E0F6E226E4E0029FE1BF4DD7566B37C712481A0D66B09A25E0FB1E9C86C88E9 |
SHA-512: | 248F418465686AE8B618B8103B7109F3277DEBC857AA6B82BD6D0DBF0F3B26948792CD0EFAFECCA0328BF68C084951A707CE14E4C44031CDECCC0C3C65B3266A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4771 |
Entropy (8bit): | 4.488552391834352 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsmJgtWI9siAAWSC8B48fm8M4JCds0MFtP+q8vjs0pI4SrSMd:uITf8WESNDJSCPKRpIDWMd |
MD5: | 3C8D2B1AA773525A81E1A2FDB24312D9 |
SHA1: | DFD4CA5442CCCA191958EA7501F62BE3DF399B66 |
SHA-256: | F49CDC925BE0BE28FB9BC0214F8DF9E51C17D24497FBA4B518A7F70A01A1EDB7 |
SHA-512: | 8DAAD62180F08DDDC59C4312FF54281D540D15493497B0C192B7E5B17DF8E33AF9223DA5E1526D325B623E57DA6169EF6A5FEC538850969AC34618D48700AD01 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 34688 |
Entropy (8bit): | 2.4757425683465253 |
Encrypted: | false |
SSDEEP: | 192:m/YknY/MxLP5MUmpISGG+0Qsz7zMJsCK/YOrYno1/hAqAPkH0nmMuS:mQkhjqUo/+0Qszf/YUYno1KhU0m5S |
MD5: | E74FA668049BE728B187D9684BC91264 |
SHA1: | DF675FD3B4740E011452A38C5CE42286BEB8BB62 |
SHA-256: | 6442EE5B6A21B283BE6062B04ACBB2E2BC2B23830FB360F459BFA216F6A4BAA8 |
SHA-512: | 6BFA6C0A16C5BDF78EFBB7924CD25834F50EA65BEC6502703B70B100B201F723A8AC479CFF48CD47856AEB6DF3113327EADE66AE551B2DE2C7D3EDD1691E7AD1 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.669873789159674 |
TrID: |
|
File name: | 6yDD19jMIu.dll |
File size: | 718336 |
MD5: | 903cf677ba834a968b42bd71e4626a9d |
SHA1: | c751f3ab4612917d15967fc1f0591e674c2e56ca |
SHA256: | b601a3c9c3a3df9043ea82733f1da5b413207d7585ca6b18baa8a4d923ce92d8 |
SHA512: | b81d6b419c05ac351d086ab9d439b7cf2d8db21208f85b13e483bacb800a811890ca7fc3ce2295d2861f3323b0d52725e27f42758ef4ec6312018b4a7a249095 |
SSDEEP: | 12288:1UAQSx16fDEr8Np6b/rPPsjosrS9aEoe+0JCym+4YJAOSVUNcuHIGF4uW/XrGAsF:1z3x16fq8Np6bTPPaBreaZlYCOSVol2S |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................."w|.............].......].......]......."wf.............].......].......]...............].......Rich........... |
File Icon |
---|
Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1003ab77 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x5F6FF725 [Sun Sep 27 02:21:25 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | b5c6badd398e2e3aa283a40a40432c6c |
Entrypoint Preview |
---|
Instruction |
---|
push ebp |
mov ebp, esp |
cmp dword ptr [ebp+0Ch], 01h |
jne 00007F59789E8407h |
call 00007F59789E8EF2h |
push dword ptr [ebp+10h] |
push dword ptr [ebp+0Ch] |
push dword ptr [ebp+08h] |
call 00007F59789E82AAh |
add esp, 0Ch |
pop ebp |
retn 000Ch |
mov ecx, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], ecx |
pop ecx |
pop edi |
pop edi |
pop esi |
pop ebx |
mov esp, ebp |
pop ebp |
push ecx |
ret |
mov ecx, dword ptr [ebp-10h] |
xor ecx, ebp |
call 00007F59789E8003h |
jmp 00007F59789E83E0h |
mov ecx, dword ptr [ebp-14h] |
xor ecx, ebp |
call 00007F59789E7FF2h |
jmp 00007F59789E83CFh |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [100AA0D4h] |
xor eax, ebp |
push eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
push dword ptr fs:[00000000h] |
lea eax, dword ptr [esp+0Ch] |
sub esp, dword ptr [esp+0Ch] |
push ebx |
push esi |
push edi |
mov dword ptr [eax], ebp |
mov ebp, eax |
mov eax, dword ptr [100AA0D4h] |
xor eax, ebp |
push eax |
mov dword ptr [ebp-10h], eax |
push dword ptr [ebp-04h] |
mov dword ptr [ebp-04h], FFFFFFFFh |
lea eax, dword ptr [ebp-0Ch] |
mov dword ptr fs:[00000000h], eax |
ret |
push eax |
inc dword ptr fs:[eax] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0xa8990 | 0x80 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xa8a10 | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x146000 | 0x53d0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xa474c | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0xa47a0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7b000 | 0x1fc | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x79f71 | 0x7a000 | False | 0.510071801358 | data | 6.75462598911 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x7b000 | 0x2e586 | 0x2e600 | False | 0.556366871631 | data | 5.60177209336 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xaa000 | 0x9b19c | 0x1800 | False | 0.190266927083 | data | 4.15778005426 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.reloc | 0x146000 | 0x53d0 | 0x5400 | False | 0.752650669643 | data | 6.72453697464 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | LockResource, FreeLibrary, GetProcAddress, VirtualProtect, OpenProcess, GetCurrentThreadId, Sleep, GetSystemTime, CreateSemaphoreW, LoadLibraryW, GetModuleFileNameW, GetModuleHandleW, GetTempPathW, CreateFileW, GetVolumeInformationW, QueryPerformanceCounter, GetVersionExW, GetDateFormatW, OutputDebugStringW, CloseHandle, ReadConsoleW, ReadFile, GetConsoleMode, GetConsoleCP, WriteFile, FlushFileBuffers, HeapSize, SetStdHandle, SetFilePointerEx, GetFileSizeEx, GetProcessHeap, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, FindClose, SetConsoleCtrlHandler, GetFileType, GetStdHandle, HeapReAlloc, HeapFree, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, EncodePointer, DecodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, WideCharToMultiByte, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, GetCurrentProcess, TerminateProcess, GetCurrentProcessId, InitializeSListHead, RaiseException, RtlUnwind, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, LoadLibraryExW, QueryPerformanceFrequency, ExitProcess, GetModuleHandleExW, GetCurrentThread, HeapAlloc, GetTimeZoneInformation, GetTimeFormatW, WriteConsoleW |
USER32.dll | CreateMenu, DeferWindowPos, BeginDeferWindowPos, UnregisterHotKey, TranslateMessage, RegisterWindowMessageW, GetPropW |
MSACM32.dll | acmDriverClose, acmFormatChooseW, acmFilterDetailsW, acmFilterEnumW, acmDriverEnum, acmDriverPriority, acmFormatEnumW, acmFilterTagEnumW, acmFormatTagDetailsW, acmDriverMessage, acmFormatSuggest, acmFilterTagDetailsW, acmFormatTagEnumW, acmFilterChooseW, acmDriverOpen, acmDriverDetailsW, acmFormatDetailsW, acmMetrics, acmDriverAddW, acmDriverRemove, acmDriverID, acmGetVersion |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
BeGrass | 1 | 0x10016020 |
Fieldeight | 2 | 0x100162f0 |
Often | 3 | 0x10016510 |
Townenter | 4 | 0x100167a0 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 11, 2021 22:36:11.910393953 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:11.910442114 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:11.910551071 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:11.917790890 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:11.917829990 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.230382919 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.230546951 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.232964039 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.232984066 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.233254910 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.286731005 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.602170944 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.643145084 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.721329927 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.721457958 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.721606016 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.724698067 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.724731922 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:12.724807024 CEST | 49749 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:12.724817991 CEST | 443 | 49749 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.102114916 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.102155924 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.102277040 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.107418060 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.107444048 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.417006969 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.417323112 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.420845032 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.420875072 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.421394110 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.474937916 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.736295938 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.779138088 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.850306988 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.850389957 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.850682974 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.851439953 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.851459980 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:15.851707935 CEST | 49751 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:36:15.851723909 CEST | 443 | 49751 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:36:53.921871901 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:53.921917915 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:53.922110081 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:53.923199892 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:53.923233986 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.435806990 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.436101913 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.443348885 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.443380117 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.443772078 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.453095913 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.499135971 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.628427982 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.628509998 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.628662109 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.628916025 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.628933907 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.628943920 CEST | 49771 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:54.628948927 CEST | 443 | 49771 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:54.667889118 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.667924881 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.668015003 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.668761015 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.668777943 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.761538029 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.761698961 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.764465094 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.764482975 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.764735937 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.766802073 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.795010090 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.795075893 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.795239925 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.795471907 CEST | 49772 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:54.795490026 CEST | 443 | 49772 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:54.823173046 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.823204041 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.823483944 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.825366974 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.825376987 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.921787977 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.921941042 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.927278996 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.927294970 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.927764893 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.930484056 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.965636969 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.965734005 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.966160059 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.966181040 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.966197968 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:54.967273951 CEST | 49773 | 443 | 192.168.2.7 | 52.97.223.66 |
Oct 11, 2021 22:36:54.967287064 CEST | 443 | 49773 | 52.97.223.66 | 192.168.2.7 |
Oct 11, 2021 22:36:57.605314016 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:57.605459929 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:57.606916904 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:57.606964111 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:57.606973886 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.118561983 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.118807077 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.677416086 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.677443981 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.678740978 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.681027889 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.727153063 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.851880074 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.851959944 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.852097034 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.853912115 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.853957891 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.853997946 CEST | 49774 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:36:58.854011059 CEST | 443 | 49774 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:36:58.897250891 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:58.897294998 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:58.897382021 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:58.898139000 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:58.898159027 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:58.984823942 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:58.984977007 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:58.990787983 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:58.990813971 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:58.991261005 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:58.994261980 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:59.022649050 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:59.022754908 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:59.022833109 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:59.023072958 CEST | 49775 | 443 | 192.168.2.7 | 40.101.124.210 |
Oct 11, 2021 22:36:59.023091078 CEST | 443 | 49775 | 40.101.124.210 | 192.168.2.7 |
Oct 11, 2021 22:36:59.050829887 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.050877094 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.050956964 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.052063942 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.052088976 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.141367912 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.141480923 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.152028084 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.152055025 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.152364969 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.155514956 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.185869932 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.186352968 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:36:59.186465025 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.186680079 CEST | 49776 | 443 | 192.168.2.7 | 52.98.208.114 |
Oct 11, 2021 22:36:59.186698914 CEST | 443 | 49776 | 52.98.208.114 | 192.168.2.7 |
Oct 11, 2021 22:37:35.974976063 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:35.975023985 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:35.975125074 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:35.975967884 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:35.975989103 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.286220074 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.286349058 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:36.289215088 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:36.289227962 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.303411007 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.306690931 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:36.351140022 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.422569036 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.422640085 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:36.422739029 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:36.423049927 CEST | 49810 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:36.423069000 CEST | 443 | 49810 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.398437023 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.398484945 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.398749113 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.399797916 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.399816036 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.715756893 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.715966940 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.719129086 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.719153881 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.719582081 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.721568108 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.767139912 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.842668056 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.842763901 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:37:39.842899084 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.843362093 CEST | 49812 | 443 | 192.168.2.7 | 13.82.28.61 |
Oct 11, 2021 22:37:39.843381882 CEST | 443 | 49812 | 13.82.28.61 | 192.168.2.7 |
Oct 11, 2021 22:38:17.221932888 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.221970081 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.222106934 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.223391056 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.223413944 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.735980034 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.736282110 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.740010977 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.740034103 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.740396023 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.743231058 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.791138887 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.913675070 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.913815022 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.914021015 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.914355040 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.914387941 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.914967060 CEST | 49842 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:17.914994001 CEST | 443 | 49842 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:17.940853119 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:17.940902948 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:17.941025019 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:17.941859007 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:17.941879988 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.030836105 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.031136990 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:18.035178900 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:18.035204887 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.042969942 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.045043945 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:18.073892117 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.073965073 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.074101925 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:18.074367046 CEST | 49843 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:18.074397087 CEST | 443 | 49843 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:18.103156090 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.103225946 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.103365898 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.104226112 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.104257107 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.188189030 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.188344955 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.192229986 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.192240953 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.192651987 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.196434975 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.239134073 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.251940012 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.252022028 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.252295017 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.253135920 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.253153086 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:18.253161907 CEST | 49844 | 443 | 192.168.2.7 | 52.97.137.114 |
Oct 11, 2021 22:38:18.253169060 CEST | 443 | 49844 | 52.97.137.114 | 192.168.2.7 |
Oct 11, 2021 22:38:20.198417902 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.198465109 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.198555946 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.199407101 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.199433088 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.706957102 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.707195997 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.709592104 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.709613085 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.710275888 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.713006973 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.759149075 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.882816076 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.882896900 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.883160114 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.883418083 CEST | 49845 | 443 | 192.168.2.7 | 40.97.161.50 |
Oct 11, 2021 22:38:20.883440018 CEST | 443 | 49845 | 40.97.161.50 | 192.168.2.7 |
Oct 11, 2021 22:38:20.913279057 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:20.913321972 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:20.913516998 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:20.914767027 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:20.914793968 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.005903006 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.006114960 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:21.009938002 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:21.009963989 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.010230064 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.013227940 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:21.041765928 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.041855097 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.041943073 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:21.042251110 CEST | 49846 | 443 | 192.168.2.7 | 52.97.219.162 |
Oct 11, 2021 22:38:21.042278051 CEST | 443 | 49846 | 52.97.219.162 | 192.168.2.7 |
Oct 11, 2021 22:38:21.075143099 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.075190067 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.075283051 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.078777075 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.078814030 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.167689085 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.167880058 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.171982050 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.172010899 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.172260046 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.219007015 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.249102116 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.285487890 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.285567999 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
Oct 11, 2021 22:38:21.285722971 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.475836039 CEST | 49847 | 443 | 192.168.2.7 | 52.98.214.82 |
Oct 11, 2021 22:38:21.475878000 CEST | 443 | 49847 | 52.98.214.82 | 192.168.2.7 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 11, 2021 22:36:11.873414993 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:11.889411926 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:12.732743025 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:15.069077015 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:15.090919018 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:15.857944012 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:33.598215103 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:33.618416071 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:36.658934116 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:36.675554037 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:53.875499010 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:53.893239975 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:54.639195919 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:54.657711029 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:54.803148031 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:54.821300030 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:57.584440947 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:57.602292061 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:58.877208948 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:58.895251036 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:36:59.030481100 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:36:59.048182011 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:37:15.299911022 CEST | 59730 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:15.320671082 CEST | 53 | 59730 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:37:19.291902065 CEST | 59310 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:19.310636997 CEST | 53 | 59310 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:37:35.954813957 CEST | 51919 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:35.972763062 CEST | 53 | 51919 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:37:36.455446959 CEST | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:39.377583027 CEST | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:39.395886898 CEST | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:37:39.848298073 CEST | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:57.013140917 CEST | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:37:57.033107042 CEST | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:00.121130943 CEST | 52286 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:00.137804031 CEST | 53 | 52286 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:17.201041937 CEST | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:17.218822002 CEST | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:17.919895887 CEST | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:17.938257933 CEST | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:18.082855940 CEST | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:18.100589991 CEST | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:20.178450108 CEST | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:20.196131945 CEST | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:20.890144110 CEST | 60599 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:20.911417961 CEST | 53 | 60599 | 8.8.8.8 | 192.168.2.7 |
Oct 11, 2021 22:38:21.050587893 CEST | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
Oct 11, 2021 22:38:21.069540977 CEST | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 11, 2021 22:36:11.873414993 CEST | 192.168.2.7 | 8.8.8.8 | 0x6aab | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:12.732743025 CEST | 192.168.2.7 | 8.8.8.8 | 0xc3cf | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:15.069077015 CEST | 192.168.2.7 | 8.8.8.8 | 0xbea1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:15.857944012 CEST | 192.168.2.7 | 8.8.8.8 | 0xd53 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:33.598215103 CEST | 192.168.2.7 | 8.8.8.8 | 0xb926 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:36.658934116 CEST | 192.168.2.7 | 8.8.8.8 | 0xb6fc | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:53.875499010 CEST | 192.168.2.7 | 8.8.8.8 | 0x52b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:54.639195919 CEST | 192.168.2.7 | 8.8.8.8 | 0x281a | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:54.803148031 CEST | 192.168.2.7 | 8.8.8.8 | 0xe20f | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:57.584440947 CEST | 192.168.2.7 | 8.8.8.8 | 0xf028 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:58.877208948 CEST | 192.168.2.7 | 8.8.8.8 | 0xe9ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:59.030481100 CEST | 192.168.2.7 | 8.8.8.8 | 0x3b2e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:15.299911022 CEST | 192.168.2.7 | 8.8.8.8 | 0x9968 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:19.291902065 CEST | 192.168.2.7 | 8.8.8.8 | 0x5d7e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:35.954813957 CEST | 192.168.2.7 | 8.8.8.8 | 0xe451 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:36.455446959 CEST | 192.168.2.7 | 8.8.8.8 | 0xe936 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:39.377583027 CEST | 192.168.2.7 | 8.8.8.8 | 0x173d | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:39.848298073 CEST | 192.168.2.7 | 8.8.8.8 | 0xec9d | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:57.013140917 CEST | 192.168.2.7 | 8.8.8.8 | 0x1d30 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:00.121130943 CEST | 192.168.2.7 | 8.8.8.8 | 0x454f | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:17.201041937 CEST | 192.168.2.7 | 8.8.8.8 | 0xe5e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:17.919895887 CEST | 192.168.2.7 | 8.8.8.8 | 0x568a | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:18.082855940 CEST | 192.168.2.7 | 8.8.8.8 | 0xaee3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:20.178450108 CEST | 192.168.2.7 | 8.8.8.8 | 0xf49 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:20.890144110 CEST | 192.168.2.7 | 8.8.8.8 | 0x1000 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:21.050587893 CEST | 192.168.2.7 | 8.8.8.8 | 0x8706 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 11, 2021 22:36:11.889411926 CEST | 8.8.8.8 | 192.168.2.7 | 0x6aab | No error (0) | 13.82.28.61 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:12.750817060 CEST | 8.8.8.8 | 192.168.2.7 | 0xc3cf | No error (0) | www-msn-com.a-0003.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:15.090919018 CEST | 8.8.8.8 | 192.168.2.7 | 0xbea1 | No error (0) | 13.82.28.61 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:15.873788118 CEST | 8.8.8.8 | 192.168.2.7 | 0xd53 | No error (0) | www-msn-com.a-0003.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:33.618416071 CEST | 8.8.8.8 | 192.168.2.7 | 0xb926 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:36.675554037 CEST | 8.8.8.8 | 192.168.2.7 | 0xb6fc | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:53.893239975 CEST | 8.8.8.8 | 192.168.2.7 | 0x52b6 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | 40.101.124.210 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | 52.97.170.66 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.657711029 CEST | 8.8.8.8 | 192.168.2.7 | 0x281a | No error (0) | 52.97.147.178 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | 52.97.223.66 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | 40.101.124.210 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | 40.101.124.226 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:54.821300030 CEST | 8.8.8.8 | 192.168.2.7 | 0xe20f | No error (0) | 52.98.208.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:57.602292061 CEST | 8.8.8.8 | 192.168.2.7 | 0xf028 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | 40.101.124.210 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | 52.97.170.66 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:58.895251036 CEST | 8.8.8.8 | 192.168.2.7 | 0xe9ce | No error (0) | 52.97.147.178 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | 52.98.208.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | 52.98.175.18 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | 52.97.212.34 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:36:59.048182011 CEST | 8.8.8.8 | 192.168.2.7 | 0x3b2e | No error (0) | 52.97.137.98 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:37:15.320671082 CEST | 8.8.8.8 | 192.168.2.7 | 0x9968 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:19.310636997 CEST | 8.8.8.8 | 192.168.2.7 | 0x5d7e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:37:35.972763062 CEST | 8.8.8.8 | 192.168.2.7 | 0xe451 | No error (0) | 13.82.28.61 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:37:36.473367929 CEST | 8.8.8.8 | 192.168.2.7 | 0xe936 | No error (0) | www-msn-com.a-0003.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:37:39.395886898 CEST | 8.8.8.8 | 192.168.2.7 | 0x173d | No error (0) | 13.82.28.61 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:37:39.864120007 CEST | 8.8.8.8 | 192.168.2.7 | 0xec9d | No error (0) | www-msn-com.a-0003.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:37:57.033107042 CEST | 8.8.8.8 | 192.168.2.7 | 0x1d30 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:00.137804031 CEST | 8.8.8.8 | 192.168.2.7 | 0x454f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.218822002 CEST | 8.8.8.8 | 192.168.2.7 | 0xe5e8 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | 52.97.219.162 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | 52.97.137.242 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | 52.98.175.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:17.938257933 CEST | 8.8.8.8 | 192.168.2.7 | 0x568a | No error (0) | 52.97.137.162 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | FRA-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | 52.97.137.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | 52.97.178.34 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:18.100589991 CEST | 8.8.8.8 | 192.168.2.7 | 0xaee3 | No error (0) | 52.98.208.18 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.161.50 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.156.114 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.160.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.128.194 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.164.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.153.146 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.116.82 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.196131945 CEST | 8.8.8.8 | 192.168.2.7 | 0xf49 | No error (0) | 40.97.148.226 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | outlook.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | 52.97.219.162 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | 52.97.137.242 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | 52.98.175.2 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:20.911417961 CEST | 8.8.8.8 | 192.168.2.7 | 0x1000 | No error (0) | 52.97.137.162 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | outlook.ha.office365.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | outlook.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | HHN-efz.ms-acdc.office.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | 52.98.214.82 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | 52.98.171.242 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | 52.97.218.66 | A (IP address) | IN (0x0001) | ||
Oct 11, 2021 22:38:21.069540977 CEST | 8.8.8.8 | 192.168.2.7 | 0x8706 | No error (0) | 52.97.137.66 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49749 | 13.82.28.61 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:12 UTC | 0 | OUT | |
2021-10-11 20:36:12 UTC | 0 | IN | |
2021-10-11 20:36:12 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.7 | 49751 | 13.82.28.61 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:15 UTC | 1 | OUT | |
2021-10-11 20:36:15 UTC | 1 | IN | |
2021-10-11 20:36:15 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
10 | 192.168.2.7 | 49842 | 40.97.161.50 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:17 UTC | 14 | OUT | |
2021-10-11 20:38:17 UTC | 14 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
11 | 192.168.2.7 | 49843 | 52.97.219.162 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:18 UTC | 15 | OUT | |
2021-10-11 20:38:18 UTC | 15 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
12 | 192.168.2.7 | 49844 | 52.97.137.114 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:18 UTC | 16 | OUT | |
2021-10-11 20:38:18 UTC | 16 | IN | |
2021-10-11 20:38:18 UTC | 17 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
13 | 192.168.2.7 | 49845 | 40.97.161.50 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:20 UTC | 18 | OUT | |
2021-10-11 20:38:20 UTC | 19 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
14 | 192.168.2.7 | 49846 | 52.97.219.162 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:21 UTC | 19 | OUT | |
2021-10-11 20:38:21 UTC | 20 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
15 | 192.168.2.7 | 49847 | 52.98.214.82 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:38:21 UTC | 21 | OUT | |
2021-10-11 20:38:21 UTC | 21 | IN | |
2021-10-11 20:38:21 UTC | 22 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.7 | 49771 | 40.97.161.50 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:54 UTC | 2 | OUT | |
2021-10-11 20:36:54 UTC | 3 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.7 | 49772 | 40.101.124.210 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:54 UTC | 3 | OUT | |
2021-10-11 20:36:54 UTC | 4 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.7 | 49773 | 52.97.223.66 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:54 UTC | 5 | OUT | |
2021-10-11 20:36:54 UTC | 5 | IN | |
2021-10-11 20:36:54 UTC | 5 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
5 | 192.168.2.7 | 49774 | 40.97.161.50 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:58 UTC | 7 | OUT | |
2021-10-11 20:36:58 UTC | 7 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
6 | 192.168.2.7 | 49775 | 40.101.124.210 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:58 UTC | 8 | OUT | |
2021-10-11 20:36:59 UTC | 8 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
7 | 192.168.2.7 | 49776 | 52.98.208.114 | 443 | C:\Windows\System32\loaddll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:36:59 UTC | 9 | OUT | |
2021-10-11 20:36:59 UTC | 9 | IN | |
2021-10-11 20:36:59 UTC | 10 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
8 | 192.168.2.7 | 49810 | 13.82.28.61 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:37:36 UTC | 11 | OUT | |
2021-10-11 20:37:36 UTC | 11 | IN | |
2021-10-11 20:37:36 UTC | 12 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
9 | 192.168.2.7 | 49812 | 13.82.28.61 | 443 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-11 20:37:39 UTC | 12 | OUT | |
2021-10-11 20:37:39 UTC | 13 | IN | |
2021-10-11 20:37:39 UTC | 13 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 22:34:21 |
Start date: | 11/10/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xdc0000 |
File size: | 893440 bytes |
MD5 hash: | 72FCD8FB0ADC38ED9050569AD673650E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 22:34:21 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x870000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 22:34:22 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 22:34:22 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 22:34:26 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 22:34:34 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9a0000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 22:36:04 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3b0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 22:36:05 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3b0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
General |
---|
Start time: | 22:36:10 |
Start date: | 11/10/2021 |
Path: | C:\Windows\SysWOW64\WerFault.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x3b0000 |
File size: | 434592 bytes |
MD5 hash: | 9E2B8ACAD48ECCA55C0230D63623661B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C15C6, Relevance: 13.6, APIs: 9, Instructions: 120sleepnativesynchronizationCOMMON
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 69% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C13B8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70nativeCOMMON
C-Code - Quality: 72% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1273, Relevance: 1.5, APIs: 1, Instructions: 34nativeCOMMON
C-Code - Quality: 68% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1B59, Relevance: 9.1, APIs: 6, Instructions: 71memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C189E, Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 96memoryCOMMON
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1719, Relevance: 6.0, APIs: 4, Instructions: 30threadCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C12B5, Relevance: 4.6, APIs: 3, Instructions: 68memoryCOMMON
C-Code - Quality: 87% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E529A8C, Relevance: 3.1, APIs: 2, Instructions: 100COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E529BA5, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F4F7, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C15A0, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
C-Code - Quality: 37% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1015, Relevance: 1.3, APIs: 1, Instructions: 70COMMON
C-Code - Quality: 86% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C23D5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 195nativeCOMMON
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C1825, Relevance: 6.0, APIs: 4, Instructions: 40COMMON
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E506CB3, Relevance: 4.6, APIs: 3, Instructions: 77COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51C325, Relevance: 4.5, APIs: 3, Instructions: 20COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E518C9B, Relevance: 2.3, APIs: 1, Instructions: 791COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E3AD, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E448, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E520429, Relevance: 1.5, APIs: 1, Instructions: 33COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E344, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E520E4C, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4F9EB5, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4C21B4, Relevance: .1, Instructions: 77COMMONCrypto
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4FE8C0, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E56DBB5, Relevance: .1, Instructions: 75COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E56DEAA, Relevance: .1, Instructions: 55COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E528861, Relevance: .0, Instructions: 22COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E522B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E5208CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4F6CAF, Relevance: 77.3, APIs: 32, Strings: 12, Instructions: 287COMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1C96, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E760E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E76A3, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E6F12, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7738, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E77CD, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E6FA7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1A42, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1AD7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7290, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7AB6, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7B4B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7325, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E703C, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E70D1, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7166, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E71FB, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E533E6F, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E744F, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7C75, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1C01, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E74E4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7579, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7D0A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7A21, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1B6C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7BE0, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E73BA, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7862, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E798C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E522B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E5208CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E538867, Relevance: 6.0, APIs: 4, Instructions: 29COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52146E, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E5C56, Relevance: 1.5, APIs: 1, Instructions: 12COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E56E07C, Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52E0A2, Relevance: 7.8, APIs: 5, Instructions: 251COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52EA21, Relevance: 7.7, APIs: 5, Instructions: 183COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4F6CAF, Relevance: 77.3, APIs: 32, Strings: 12, Instructions: 287COMMON
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52B2A4, Relevance: 19.6, APIs: 13, Instructions: 113COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52D4AB, Relevance: 10.6, APIs: 7, Instructions: 65COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1C96, Relevance: 10.6, APIs: 7, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E760E, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E76A3, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E6F12, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7738, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E77CD, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E6FA7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1A42, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1AD7, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7290, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7AB6, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7B4B, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7325, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E703C, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E70D1, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7166, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E71FB, Relevance: 10.5, APIs: 7, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E744F, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7C75, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1C01, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E74E4, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7579, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7D0A, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7A21, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1B6C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7BE0, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E73BA, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E7862, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E798C, Relevance: 9.0, APIs: 6, Instructions: 49COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51FF15, Relevance: 7.9, APIs: 5, Instructions: 373timeCOMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E522B27, Relevance: 7.7, APIs: 5, Instructions: 186COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E52CEE5, Relevance: 7.5, APIs: 5, Instructions: 40COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E02A0, Relevance: 6.1, APIs: 4, Instructions: 90COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E5208CB, Relevance: 6.1, APIs: 4, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F299, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E51F3F0, Relevance: 6.1, APIs: 4, Instructions: 69COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF800, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4DF8E0, Relevance: 6.1, APIs: 4, Instructions: 67COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 6E4E1E2F, Relevance: 6.0, APIs: 4, Instructions: 47COMMON
APIs |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |