Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
DNSBench.exe

Overview

General Information

Sample Name:DNSBench.exe
Analysis ID:1327966
MD5:154ee28facb62e73e1dcaf3562c2d6ec
SHA1:570b1f2153c735ea0f9e5680c8f21cc581cd69e9
SHA256:ab42c94fc03ddbf446319772518b229d7b2e2546fdddaae7c01abe0fa8a02be1

Detection

Score:30
Range:0 - 100
Whitelisted:false
Confidence:60%

Compliance

Score:46
Range:0 - 100

Signatures

Snort IDS alert for network traffic
PE file has a writeable .text section
Tries to resolve many domain names, but no domain seems valid
Performs DNS TXT record lookups
Uses 32bit PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains an invalid checksum
May sleep (evasive loops) to hinder dynamic analysis
Connects to many different domains

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample monitors window changes (e.g. starting applications), analyze the sample with the 'Simulates keyboard and window changes' cookbook
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • DNSBench.exe (PID: 2692 cmdline: C:\Users\user\Desktop\DNSBench.exe MD5: 154EE28FACB62E73E1DCAF3562C2D6EC)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:24.113.32.29192.168.2.1753648662018666 10/18/23-14:00:20.319037
SID:2018666
Source Port:53
Destination Port:64866
Protocol:UDP
Classtype:A Network Trojan was detected

Joe Sandbox Signatures

  • Compliance
  • Networking
  • System Summary
  • Data Obfuscation
  • Malware Analysis System Evasion
  • HIPS / PFW / Operating System Protection Evasion

Click to jump to signature section

Show All Signature Results

Compliance

barindex
Source: DNSBench.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: DNSBench.exeStatic PE information: certificate valid
Source: unknownHTTPS traffic detected: 4.79.142.202:443 -> 192.168.2.17:49715 version: TLS 1.2

Networking

barindex
Source: TrafficSnort IDS: 2018666 ET TROJAN Possible Zeus P2P Variant DGA NXDOMAIN Responses July 11 2014 24.113.32.29:53 -> 192.168.2.17:64866
Source: unknownDNS traffic detected: query: www.capb3czthgep1ugo3utapkgkve.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.11.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.13.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: axwpxuasjx2howw0bfte4ut4rd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4twp0trq4lhrf4xsrlsshmeotc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: pw2lmedtkvcftyidcxqq2t4zbg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.cocm1gqxtqazvfe0xlq0ffgdvd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: i4aufknxlm0x5v4qsrt2rilfzb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.xtbr2snwk3hsjxcdq4qifagasc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.9.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.192.153.198.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.og30ulxw1iypdl33icsaylxu4f.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 250.35.250.129.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: almje0iq2xi5zlhji0tussipyb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.6.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.cgw2g10sptfhaxcje2rekzsm3h.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.18.1.68.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.71.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 110.0.55.209.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.159.92.66.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 154.69.87.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 222.220.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 22.70.154.156.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.100.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.192.153.198.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.xnmsek2vtllnk3vjdtq0vhen4a.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.11.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 5.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.212.118.74.origin.asn.cymru.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 10.212.97.204.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.oyulnhgwmq01w0hejptopucioa.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 200.234.194.204.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: mjit4qfvrprdbkaaxjq40hz01a.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.c2dc2w4sxcodn0dltttukcbrfg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.fs3zfudxdvyp0ybjh1rcn2nykg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.95.254.216.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.4.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.212.118.74.origin.asn.cymru.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 123.222.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: g2fovvyrs3c0ur01nfr2xlufxd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4xpmmjevt20kaol5fas2cdlzyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.ptkf0o3q1rqybpatritoz3wmrc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 200.234.194.204.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.71.154.156.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.0.0.1.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 10.252.2.199.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.32.113.24.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: xq35ostwqp3bm0hdvoti3a4i0h.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 22.71.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 200.232.194.204.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 220.1.55.209.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 22.70.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.1rsazqyszwognv1kitqea5thib.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.kh2fmievp3j3pscye4r203z4kb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.87.93.66.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.httywqaqdmrpszcq4erwwdhj2d.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: bxpjpaywzxbrtacpo0rk150hqc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: g5bjwtgqi0s3myq4aws2z0mtga.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.127.81.64.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.70.154.156.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: tdix34ysmkyinulndht4omtggg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.k3czke0t5ct3idfefptmnrfjff.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.194.153.198.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.70.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4q3hhdpt5w55b0hu01ro3ro22f.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.pv1nauuu50va0rfbfvqcpkyq3g.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 123.220.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 220.1.55.209.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 525puxbuc1hx5ughfkratsseef.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.111.81.64.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 8.8.8.8.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 200.232.194.204.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.zslj0j0xi5y3eg14mbryg0aalc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.100.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.212.118.74.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 154.64.87.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.u2n2lryssrgxclhrgfsydntgmg.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.2.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.0x1saadsbczswhab3krmz3ntea.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 0zh1dy5tcfzo4dadfgraediimd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: zvjwgumw5p5qv4kjtbrk5qnnkh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.ch0jc5vrg4hg0q1ue2senzvn1e.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.x4agjo0ril2zdjjozhq2fz5w2g.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: tkyk0iow5vsqd34buhrqjgzfwc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.10.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.12.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.194.153.198.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2e3mv42vq1w0jbdnypsca5kmoe.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.yscxv04tm4famwq2yhqoo3lcve.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 9.9.9.9.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 6.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.79.81.64.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 110.0.55.209.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.175.27.216.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: kqmuu5sxv1vddpboyft4slpdgh.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.bhy2gmeqr2isclykvxrijmgwhc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.10.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vtrmoifqubivuw4sdstajtop4f.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.111.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.70.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: t445eiovlxixsgx4uhrcltyeyc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 29.32.113.24.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: ha4345hxkxy524bbicq4cliqoc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.224.92.66.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: nqvumi1r25igflonhkqixnudee.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.159.81.64.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 251.35.250.129.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: vfj4gbpqg0e153x0qvr0ks0myb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.41.231.216.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.jrnzoonx3qla2add5dqcoldt4f.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: aiujmuwtrscjv5ri5stwldgbkf.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 3.2.2.4.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.c5rje2dwud2uzdidt4q2n0mn0e.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.vgualr4tag1mh1yfv4qad1iwja.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.4.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.212.118.74.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.1lspz04sshgl3e3ltrronzaxug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: jhvx4a4ttgw5pcoq4mq23vvkrb.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.18.1.68.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4.4.8.8.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.fu34ipmshuqvvmkfxwqqd3kpxc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 10.214.117.204.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.1fq3u1mtw0ox1zctdftoqrbzcc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.tgfqtmnqf2b35mmbuiqmsuflza.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.13.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 220.222.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 170.68.87.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: eznoeisq3pexqvrjsgsa02ua2d.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: a5w3tonvyiriikqgpaqy40eyxc.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 4t0d25tu2mvoskofmirwnhqrbe.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.18.1.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.212.118.74.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.45.81.64.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.a04kprwwvmjvn1o3h2tiqr4qfd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.el5ol3nxeywp1nbaxergawf22d.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.6.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: cmee3fxqf4abiyjokot4crfaub.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.12.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.111.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.16.9.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 220.220.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 230fe4humclnardnp0rukcbezd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: h2pdcasq40s5mudljis0fa35ug.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 22.71.154.156.in-addr.arpa replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.1psllbnvzodpwmh50zqsjx0ooe.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 2.64.92.66.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 5rbixjdtw32gye4dgkqsblguee.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 222.222.67.208.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 1.1.1.1.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 30.16.2.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.71.154.156.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: lkhtcz0tdyg5zjc5r5tap3ftjd.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.uyoo533xzijl0qy4w3sup4tbxe.com replaycode: Name error (3)
Source: unknownDNS traffic detected: query: 25.18.1.68.test.senderbase.org replaycode: Name error (3)
Source: unknownDNS traffic detected: query: www.kokc25fv2o2vozn0serulnyq5h.com replaycode: Name error (3)
Source: unknownNetwork traffic detected: DNS query count 316
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownUDP traffic detected without corresponding DNS query: 198.41.0.4
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.2
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 4.2.2.2
Source: unknownUDP traffic detected without corresponding DNS query: 1.0.0.1
Source: unknownDNS traffic detected: queries for: tuwvialq5i03oisinpqah03p5b.isc.org
Source: global trafficHTTP traffic detected: GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1User-Agent: Gibson Research Corporation DNS BenchmarkHost: www.grc.com
Source: global trafficHTTP traffic detected: GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1User-Agent: Gibson Research Corporation DNS BenchmarkHost: www.grc.com
Source: global trafficHTTP traffic detected: GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1User-Agent: Gibson Research Corporation DNS BenchmarkHost: www.grc.com
Source: global trafficHTTP traffic detected: GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1User-Agent: Gibson Research Corporation DNS BenchmarkHost: www.grc.com
Source: global trafficHTTP traffic detected: GET /x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrb HTTP/1.1User-Agent: Gibson Research Corporation DNS BenchmarkHost: www.grc.com
Source: unknownHTTPS traffic detected: 4.79.142.202:443 -> 192.168.2.17:49715 version: TLS 1.2

System Summary

barindex
Source: DNSBench.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: DNSBench.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
Source: DNSBench.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
Source: C:\Users\user\Desktop\DNSBench.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: C:\Users\user\Desktop\DNSBench.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\ne[1].dll
Source: classification engineClassification label: sus30.troj.evad.winEXE@1/1@1509/518
Source: C:\Users\user\Desktop\DNSBench.exeFile read: C:\Windows\win.ini
Source: C:\Users\user\Desktop\DNSBench.exeFile opened: C:\Windows\SysWOW64\riched32.dll
Source: C:\Users\user\Desktop\DNSBench.exeWindow found: window name: SysTabControl32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: C:\Users\user\Desktop\DNSBench.exeWindow detected: Number of UI elements: 14
Source: DNSBench.exeStatic PE information: certificate valid
Source: DNSBench.exeStatic PE information: real checksum: 0x96e5193b should be: 0x3338f
Source: initial sampleStatic PE information: section name: .text entropy: 7.997286904575205
Source: C:\Users\user\Desktop\DNSBench.exeWindow / User API: threadDelayed 384
Source: C:\Users\user\Desktop\DNSBench.exeWindow / User API: threadDelayed 2978
Source: C:\Users\user\Desktop\DNSBench.exeWindow / User API: threadDelayed 978
Source: C:\Users\user\Desktop\DNSBench.exe TID: 6776Thread sleep time: -58000s >= -30000s
Source: C:\Users\user\Desktop\DNSBench.exe TID: 6776Thread sleep time: -384000s >= -30000s
Source: C:\Users\user\Desktop\DNSBench.exe TID: 4920Thread sleep time: -32300s >= -30000s
Source: C:\Users\user\Desktop\DNSBench.exe TID: 4920Thread sleep time: -297800s >= -30000s
Source: C:\Users\user\Desktop\DNSBench.exe TID: 6776Thread sleep time: -978000s >= -30000s

HIPS / PFW / Operating System Protection Evasion

barindex
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.1.1.1.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as13335.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.0.0.1.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as13335.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 3.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 5.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 6.2.2.4.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as3356.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 4.4.8.8.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as15169.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 8.8.8.8.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as15169.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 9.9.9.9.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 29.32.113.24.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as19281.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as11404.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.32.113.24.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as11404.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.45.81.64.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.79.81.64.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.111.81.64.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as18566.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.127.81.64.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.81.64.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.64.92.66.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.159.92.66.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.224.92.66.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: as11696.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.87.93.66.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as17184.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.18.1.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.18.1.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.2.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.2.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.4.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.4.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.6.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.6.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.9.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.9.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.10.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.10.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.11.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.11.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.12.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.12.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.13.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.13.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 154.64.87.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as7922.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 170.68.87.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as7922.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 154.69.87.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as7922.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.100.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.100.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.16.111.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 30.16.111.68.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as22773.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 250.35.250.129.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: as2914.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 251.35.250.129.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 2.212.118.74.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as2914.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.70.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.71.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.70.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.70.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 22.71.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 25.71.154.156.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.192.153.198.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 1.194.153.198.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as397213.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.252.2.199.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as1239.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.212.97.204.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as1239.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 10.214.117.204.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as1239.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 200.232.194.204.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 200.234.194.204.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 123.220.67.208.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 123.222.67.208.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.220.67.208.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 222.220.67.208.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 110.0.55.209.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 110.0.55.209.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 220.222.67.208.origin.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 220.1.55.209.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 110.0.55.209.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: as36692.asn.cymru.com
Source: TrafficDNS traffic detected: queries for: 220.1.55.209.test.senderbase.org
Source: TrafficDNS traffic detected: queries for: 222.222.67.208.origin.asn.cymru.com

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionPath Interception1
Masquerading		OS Credential Dumping1
Virtualization/Sandbox Evasion		Remote ServicesData from Local SystemExfiltration Over Other Network Medium2
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Virtualization/Sandbox Evasion		LSASS Memory1
Application Window Discovery		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth2
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)2
Software Packing		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
Obfuscated Files or Information		NTDS1
System Information Discovery		Distributed Component Object ModelInput CaptureScheduled Transfer1
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Screenshots

Download Video

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version
No bigger version

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
DNSBench.exe4%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
net4.rebindtest.com
4.4.4.4
truefalse
    		unknown
    net192.rebindtest.com
    		192.168.0.1
    		truefalse
      		unknown
      www.grc.com
      		4.79.142.202
      		truefalse
        		high
        isc.org
        		149.20.2.28
        		truefalse
          		high
          net172.rebindtest.com
          		172.16.0.1
          		truefalse
            		unknown
            net127.rebindtest.com
            		127.0.0.1
            		truefalse
              		unknown
              net10.rebindtest.com
              		10.0.0.1
              		truefalse
                		unknown
                vfj4gbpqg0e153x0qvr0ks0myb.com
                		unknown
                		unknowntrue
                  		unknown
                  6.2.2.4.origin.asn.cymru.com
                  		unknown
                  		unknownfalse
                    		high
                    www.fu34ipmshuqvvmkfxwqqd3kpxc.com
                    		unknown
                    		unknowntrue
                      		unknown
                      nqvumi1r25igflonhkqixnudee.com
                      		unknown
                      		unknowntrue
                        		unknown
                        30.16.2.68.in-addr.arpa
                        		unknown
                        		unknowntrue
                          		unknown
                          154.64.87.68.test.senderbase.org
                          		unknown
                          		unknowntrue
                            		unknown
                            3.2.2.4.test.senderbase.org
                            		unknown
                            		unknowntrue
                              		unknown
                              123.222.67.208.origin.asn.cymru.com
                              		unknown
                              		unknownfalse
                                		high
                                2.45.81.64.test.senderbase.org
                                		unknown
                                		unknowntrue
                                  		unknown
                                  25.16.11.68.origin.asn.cymru.com
                                  		unknown
                                  		unknownfalse
                                    		high
                                    220.220.67.208.origin.asn.cymru.com
                                    		unknown
                                    		unknownfalse
                                      		high
                                      www.jrnzoonx3qla2add5dqcoldt4f.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        200.232.194.204.test.senderbase.org
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          25.16.111.68.test.senderbase.org
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            10.252.2.199.origin.asn.cymru.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              www.1fq3u1mtw0ox1zctdftoqrbzcc.com
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.cocm1gqxtqazvfe0xlq0ffgdvd.com
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  30.16.100.68.origin.asn.cymru.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    8.8.8.8.in-addr.arpa
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      170.68.87.68.in-addr.arpa
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.xtbr2snwk3hsjxcdq4qifagasc.com
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown
                                                          220.222.67.208.test.senderbase.org
                                                          		unknown
                                                          		unknowntrue
                                                            		unknown
                                                            123.222.67.208.test.senderbase.org
                                                            		unknown
                                                            		unknowntrue
                                                              		unknown
                                                              250.35.250.129.origin.asn.cymru.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                30.16.6.68.test.senderbase.org
                                                                		unknown
                                                                		unknowntrue
                                                                  		unknown
                                                                  www.vgualr4tag1mh1yfv4qad1iwja.com
                                                                  		unknown
                                                                  		unknowntrue
                                                                    		unknown
                                                                    250.35.250.129.in-addr.arpa
                                                                    		unknown
                                                                    		unknowntrue
                                                                      		unknown
                                                                      25.16.6.68.origin.asn.cymru.com
                                                                      		unknown
                                                                      		unknownfalse
                                                                        		high
                                                                        www.ptkf0o3q1rqybpatritoz3wmrc.com
                                                                        		unknown
                                                                        		unknowntrue
                                                                          		unknown
                                                                          30.16.111.68.in-addr.arpa
                                                                          		unknown
                                                                          		unknowntrue
                                                                            		unknown
                                                                            tdix34ysmkyinulndht4omtggg.com
                                                                            		unknown
                                                                            		unknowntrue
                                                                              		unknown
                                                                              2.2.2.4.origin.asn.cymru.com
                                                                              		unknown
                                                                              		unknownfalse
                                                                                		high
                                                                                30.16.13.68.test.senderbase.org
                                                                                		unknown
                                                                                		unknowntrue
                                                                                  		unknown
                                                                                  222.222.67.208.in-addr.arpa
                                                                                  		unknown
                                                                                  		unknowntrue
                                                                                    		unknown
                                                                                    2.95.254.216.test.senderbase.org
                                                                                    		unknown
                                                                                    		unknowntrue
                                                                                      		unknown
                                                                                      110.0.55.209.test.senderbase.org
                                                                                      		unknown
                                                                                      		unknowntrue
                                                                                        		unknown
                                                                                        251.35.250.129.origin.asn.cymru.com
                                                                                        		unknown
                                                                                        		unknownfalse
                                                                                          		high
                                                                                          g5bjwtgqi0s3myq4aws2z0mtga.com
                                                                                          		unknown
                                                                                          		unknowntrue
                                                                                            		unknown
                                                                                            2.95.254.216.in-addr.arpa
                                                                                            		unknown
                                                                                            		unknowntrue
                                                                                              		unknown
                                                                                              25.16.9.68.origin.asn.cymru.com
                                                                                              		unknown
                                                                                              		unknownfalse
                                                                                                		high
                                                                                                4q3hhdpt5w55b0hu01ro3ro22f.com
                                                                                                		unknown
                                                                                                		unknowntrue
                                                                                                  		unknown
                                                                                                  25.16.11.68.in-addr.arpa
                                                                                                  		unknown
                                                                                                  		unknowntrue
                                                                                                    		unknown
                                                                                                    1.70.154.156.test.senderbase.org
                                                                                                    		unknown
                                                                                                    		unknowntrue
                                                                                                      		unknown
                                                                                                      30.16.11.68.in-addr.arpa
                                                                                                      		unknown
                                                                                                      		unknowntrue
                                                                                                        		unknown
                                                                                                        25.16.100.68.test.senderbase.org
                                                                                                        		unknown
                                                                                                        		unknowntrue
                                                                                                          		unknown
                                                                                                          pw2lmedtkvcftyidcxqq2t4zbg.com
                                                                                                          		unknown
                                                                                                          		unknowntrue
                                                                                                            		unknown
                                                                                                            as11404.asn.cymru.com
                                                                                                            		unknown
                                                                                                            		unknownfalse
                                                                                                              		high
                                                                                                              as15169.asn.cymru.com
                                                                                                              		unknown
                                                                                                              		unknownfalse
                                                                                                                		high
                                                                                                                a5w3tonvyiriikqgpaqy40eyxc.com
                                                                                                                		unknown
                                                                                                                		unknowntrue
                                                                                                                  		unknown
                                                                                                                  1.0.0.1.in-addr.arpa
                                                                                                                  		unknown
                                                                                                                  		unknowntrue
                                                                                                                    		unknown
                                                                                                                    154.64.87.68.in-addr.arpa
                                                                                                                    		unknown
                                                                                                                    		unknowntrue
                                                                                                                      		unknown
                                                                                                                      25.16.4.68.origin.asn.cymru.com
                                                                                                                      		unknown
                                                                                                                      		unknownfalse
                                                                                                                        		high
                                                                                                                        30.16.12.68.origin.asn.cymru.com
                                                                                                                        		unknown
                                                                                                                        		unknownfalse
                                                                                                                          		high
                                                                                                                          www.a04kprwwvmjvn1o3h2tiqr4qfd.com
                                                                                                                          		unknown
                                                                                                                          		unknowntrue
                                                                                                                            		unknown
                                                                                                                            as7922.asn.cymru.com
                                                                                                                            		unknown
                                                                                                                            		unknownfalse
                                                                                                                              		high
                                                                                                                              22.70.154.156.origin.asn.cymru.com
                                                                                                                              		unknown
                                                                                                                              		unknownfalse
                                                                                                                                		high
                                                                                                                                jhvx4a4ttgw5pcoq4mq23vvkrb.com
                                                                                                                                		unknown
                                                                                                                                		unknowntrue
                                                                                                                                  		unknown
                                                                                                                                  www.tgfqtmnqf2b35mmbuiqmsuflza.com
                                                                                                                                  		unknown
                                                                                                                                  		unknowntrue
                                                                                                                                    		unknown
                                                                                                                                    axwpxuasjx2howw0bfte4ut4rd.com
                                                                                                                                    		unknown
                                                                                                                                    		unknowntrue
                                                                                                                                      		unknown
                                                                                                                                      30.16.6.68.origin.asn.cymru.com
                                                                                                                                      		unknown
                                                                                                                                      		unknownfalse
                                                                                                                                        		high
                                                                                                                                        10.214.117.204.test.senderbase.org
                                                                                                                                        		unknown
                                                                                                                                        		unknowntrue
                                                                                                                                          		unknown
                                                                                                                                          25.16.4.68.in-addr.arpa
                                                                                                                                          		unknown
                                                                                                                                          		unknowntrue
                                                                                                                                            		unknown
                                                                                                                                            123.220.67.208.origin.asn.cymru.com
                                                                                                                                            		unknown
                                                                                                                                            		unknownfalse
                                                                                                                                              		high
                                                                                                                                              525puxbuc1hx5ughfkratsseef.com
                                                                                                                                              		unknown
                                                                                                                                              		unknowntrue
                                                                                                                                                		unknown
                                                                                                                                                1.70.154.156.origin.asn.cymru.com
                                                                                                                                                		unknown
                                                                                                                                                		unknownfalse
                                                                                                                                                  		high
                                                                                                                                                  www.kh2fmievp3j3pscye4r203z4kb.com
                                                                                                                                                  		unknown
                                                                                                                                                  		unknowntrue
                                                                                                                                                    		unknown
                                                                                                                                                    10.214.117.204.origin.asn.cymru.com
                                                                                                                                                    		unknown
                                                                                                                                                    		unknownfalse
                                                                                                                                                      		high
                                                                                                                                                      as397213.asn.cymru.com
                                                                                                                                                      		unknown
                                                                                                                                                      		unknownfalse
                                                                                                                                                        		high
                                                                                                                                                        30.16.111.68.origin.asn.cymru.com
                                                                                                                                                        		unknown
                                                                                                                                                        		unknownfalse
                                                                                                                                                          		high
                                                                                                                                                          1.1.1.1.in-addr.arpa
                                                                                                                                                          		unknown
                                                                                                                                                          		unknowntrue
                                                                                                                                                            		unknown
                                                                                                                                                            222.220.67.208.in-addr.arpa
                                                                                                                                                            		unknown
                                                                                                                                                            		unknowntrue
                                                                                                                                                              		unknown
                                                                                                                                                              6.2.2.4.test.senderbase.org
                                                                                                                                                              		unknown
                                                                                                                                                              		unknowntrue
                                                                                                                                                                		unknown
                                                                                                                                                                0zh1dy5tcfzo4dadfgraediimd.com
                                                                                                                                                                		unknown
                                                                                                                                                                		unknowntrue
                                                                                                                                                                  		unknown
                                                                                                                                                                  9.9.9.9.in-addr.arpa
                                                                                                                                                                  		unknown
                                                                                                                                                                  		unknowntrue
                                                                                                                                                                    		unknown
                                                                                                                                                                    8.8.8.8.origin.asn.cymru.com
                                                                                                                                                                    		unknown
                                                                                                                                                                    		unknownfalse
                                                                                                                                                                      		high
                                                                                                                                                                      xq35ostwqp3bm0hdvoti3a4i0h.com
                                                                                                                                                                      		unknown
                                                                                                                                                                      		unknowntrue
                                                                                                                                                                        		unknown
                                                                                                                                                                        2.212.118.74.origin.asn.cymru.com
                                                                                                                                                                        		unknown
                                                                                                                                                                        		unknownfalse
                                                                                                                                                                          		high
                                                                                                                                                                          10.214.117.204.in-addr.arpa
                                                                                                                                                                          		unknown
                                                                                                                                                                          		unknowntrue
                                                                                                                                                                            		unknown
                                                                                                                                                                            as18566.asn.cymru.com
                                                                                                                                                                            		unknown
                                                                                                                                                                            		unknownfalse
                                                                                                                                                                              		high
                                                                                                                                                                              30.16.13.68.origin.asn.cymru.com
                                                                                                                                                                              		unknown
                                                                                                                                                                              		unknownfalse
                                                                                                                                                                                		high
                                                                                                                                                                                25.16.12.68.test.senderbase.org
                                                                                                                                                                                		unknown
                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  www.1rsazqyszwognv1kitqea5thib.com
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    www.k3czke0t5ct3idfefptmnrfjff.com
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      30.16.10.68.test.senderbase.org
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        www.1lspz04sshgl3e3ltrronzaxug.com
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          2.64.92.66.origin.asn.cymru.com
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          		unknownfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            30.16.10.68.in-addr.arpa
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            		unknowntrue
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              30.16.13.68.in-addr.arpa
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              		unknowntrue
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                110.0.55.209.in-addr.arpa
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                		unknowntrue
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  www.c2dc2w4sxcodn0dltttukcbrfg.com
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  		unknowntrue
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    25.18.1.68.test.senderbase.org
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    		unknowntrue
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      25.16.2.68.in-addr.arpa
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      		unknowntrue
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        vtrmoifqubivuw4sdstajtop4f.com
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        		unknowntrue
                                                                                                                                                                                                          		unknown

                                                                                                                                                                                                          Contacted URLs

                                                                                                                                                                                                          NameMaliciousAntivirus DetectionReputation
                                                                                                                                                                                                          http://www.grc.com/x/ne.dll?aaaaaaednxaptz5yqth3s3zvqtvtnkk30s52dlvtv42q01221x322qjlrbfalse
                                                                                                                                                                                                            		high

                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                            64.81.111.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		18566MEGAPATH5-USfalse
                                                                                                                                                                                                            68.87.64.154
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		7922COMCAST-7922USfalse
                                                                                                                                                                                                            68.11.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            64.81.159.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            74.118.212.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		7251THREATTRACK-SECURITY-INCUSfalse
                                                                                                                                                                                                            8.8.4.4
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                            68.1.18.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            216.231.41.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.6.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            8.8.8.8
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                            68.1.18.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            156.154.70.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397240ULTRADNSUSfalse
                                                                                                                                                                                                            66.92.64.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.12.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            204.97.212.10
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		1239SPRINTLINKUSfalse
                                                                                                                                                                                                            4.2.2.3
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            74.118.212.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		7251THREATTRACK-SECURITY-INCUSfalse
                                                                                                                                                                                                            4.2.2.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            4.2.2.5
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            68.4.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            4.2.2.4
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3UStrue
                                                                                                                                                                                                            4.2.2.6
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            66.92.159.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		11696NBS11696USfalse
                                                                                                                                                                                                            24.113.32.29
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		11404AS-WAVE-1UStrue
                                                                                                                                                                                                            1.1.1.1
                                                                                                                                                                                                            		unknownAustralia
                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                            68.111.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            208.67.222.123
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            68.100.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.6.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            129.250.35.250
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                            129.250.35.251
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		2914NTT-COMMUNICATIONS-2914USfalse
                                                                                                                                                                                                            68.11.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            208.67.220.123
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            68.100.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.4.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.111.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            64.81.79.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.12.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.87.69.154
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		7922COMCAST-7922USfalse
                                                                                                                                                                                                            68.10.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            24.113.32.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		11404AS-WAVE-1USfalse
                                                                                                                                                                                                            198.41.0.4
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397199VRSN-AC28USfalse
                                                                                                                                                                                                            68.13.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            156.154.71.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397241ULTRADNSUSfalse
                                                                                                                                                                                                            216.254.95.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            204.117.214.10
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		1239SPRINTLINKUSfalse
                                                                                                                                                                                                            199.2.252.10
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		1239SPRINTLINKUSfalse
                                                                                                                                                                                                            156.154.70.22
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397240ULTRADNSUSfalse
                                                                                                                                                                                                            204.194.234.200
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		30607302-DIRECT-MEDIA-ASNUSfalse
                                                                                                                                                                                                            156.154.70.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397240ULTRADNSUSfalse
                                                                                                                                                                                                            216.27.175.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		11696NBS11696USfalse
                                                                                                                                                                                                            64.81.45.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.9.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.10.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            9.9.9.9
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		19281QUAD9-AS-1UStrue
                                                                                                                                                                                                            208.67.222.222
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            208.67.222.220
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            64.81.127.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            4.2.2.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            4.79.142.202
                                                                                                                                                                                                            		www.grc.comUnited States
                                                                                                                                                                                                            		3356LEVEL3USfalse
                                                                                                                                                                                                            66.92.224.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.2.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            198.153.192.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397241ULTRADNSUSfalse
                                                                                                                                                                                                            209.55.0.110
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		10397MOMENTUMUSfalse
                                                                                                                                                                                                            198.153.194.1
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397240ULTRADNSUSfalse
                                                                                                                                                                                                            204.194.232.200
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		30607302-DIRECT-MEDIA-ASNUSfalse
                                                                                                                                                                                                            68.2.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            68.9.16.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            209.55.1.220
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		10397MOMENTUMUSfalse
                                                                                                                                                                                                            1.0.0.1
                                                                                                                                                                                                            		unknownAustralia
                                                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                            156.154.71.25
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397241ULTRADNSUSfalse
                                                                                                                                                                                                            208.67.220.222
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            66.93.87.2
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		17184ATL-CBEYONDUSfalse
                                                                                                                                                                                                            68.13.16.30
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
                                                                                                                                                                                                            208.67.220.220
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		36692OPENDNSUSfalse
                                                                                                                                                                                                            68.87.68.170
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		7922COMCAST-7922USfalse
                                                                                                                                                                                                            156.154.71.22
                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                            		397241ULTRADNSUSfalse

                                                                                                                                                                                                            General Information

                                                                                                                                                                                                            Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                                                                                            Analysis ID:1327966
                                                                                                                                                                                                            Start date and time:2023-10-18 13:59:46 +02:00
                                                                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                                                                            Overall analysis duration:
                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                            Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                            Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                            Number of analysed new started processes analysed:25
                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                            Analysis Mode:stream
                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                            Sample file name:DNSBench.exe
                                                                                                                                                                                                            Detection:SUS
                                                                                                                                                                                                            Classification:sus30.troj.evad.winEXE@1/1@1509/518
                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com
                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                            • VT rate limit hit for: DNSBench.exe

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\5IQBCSP1\ne[1].dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\DNSBench.exe
                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19396
                                                                                                                                                                                                            Entropy (8bit):7.588766714648591
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                            MD5:519AD9B249AEAC5B8BB15D2972291285
                                                                                                                                                                                                            SHA1:54FD23CAC1727217F90F4B7B0860628960EE565C
                                                                                                                                                                                                            SHA-256:96F2F19EEE11641A511F55D04DBFFA5A7B47D121D933E5F32C25070B0D53968F
                                                                                                                                                                                                            SHA-512:D0C15EBF18E5BC25D5E246C18283C8344B563FE1ADD40F4C11E45DF34CC1981532EF1C61B103C14E9160B53C1B310707646D3B34892CEAC859375BDD8E889BCF
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:................................................#...$....v...v...............]..s........... " .!" ..yD..yD.#3`..Pj.%.j.^.m.C...G.............................)....)........F...G...H...U.....................5...7....g...g....................#...#...8...Y...Y.w.].})]..7f.f>f.. q.. q..!t..'t...t...t...t...t...t...t...t...t...t..hu...|.@r..D........................................................?...?...?...?...`...`..(....}..&...5@...`...`...a...a...a...a..........=...%.......M.......$...-...................!...K............A...A..........5...5...-..#...#...#..`&..d&..f&..t&.bw&...&...)...)$..)%..)...)...)...)-..)...)...)...)...+..C9..I9*s.:.9.:...:B`.:...:...:.|@:..E:..E:.O.:...;2..;...;...;..<...<...<...<E`.=G`.=q..=...=1..=!..=1..=...=...=...=!..=!..=!..=...=...=...=...=...=D..=...=..8=..<=B.?=.?J=.tz=.tz=Ia.=Ja.=.c.=.c.=.r.=.r.=B..=C..=D..=...=D..=.@.=.I.=...=...=E..=I'.=D,.=B6.=.%.=.R.=...={..=...=.(.=.[.=.b.=.b.=...=...=...=...=...=...=(..=I..=v..=...=...=...=bF.=!].="].=...=Y..=

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows, PECompact2 compressed
                                                                                                                                                                                                            Entropy (8bit):7.915033051671682
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 98.96%
                                                                                                                                                                                                            • Win32 EXE PECompact compressed (v2.x) (59071/9) 0.58%
                                                                                                                                                                                                            • Win32 EXE PECompact compressed (generic) (41571/9) 0.41%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                            File name:DNSBench.exe
                                                                                                                                                                                                            File size:162'848 bytes
                                                                                                                                                                                                            MD5:154ee28facb62e73e1dcaf3562c2d6ec
                                                                                                                                                                                                            SHA1:570b1f2153c735ea0f9e5680c8f21cc581cd69e9
                                                                                                                                                                                                            SHA256:ab42c94fc03ddbf446319772518b229d7b2e2546fdddaae7c01abe0fa8a02be1
                                                                                                                                                                                                            SHA512:b000502243b66e9dc535b0eb6fbd9212ba6adabc519c0ca4c44d65ace1c659efa8be12a843f480e3e8ff436246d919ba19e5307e9aedd81893b77343274d7735
                                                                                                                                                                                                            SSDEEP:3072:XSww+ICvU0Qv8Z9yzvSh3gzaDKzHDa4cn2qTWM9gbYfNjh:XSwwPC08CzvSh3geOzm4cn2AWM9gb4
                                                                                                                                                                                                            TLSH:36F3F1D3C3D81C11E82A4A3134F0D822BE747981AA29D9F7A31DC44EAFD5B524CA87B5
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*.M?n.#ln.#ln.#ln."l..#l..~ly.#l...lo.#ln.#lo.#lRichn.#l........................PE..L....<.Z.................0...0......^......

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:13554c92d244338f

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x40bd5e
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                            Time Stamp:0x5AC53CC9 [Wed Apr 4 20:59:53 2018 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:09d0478591d4f788cb3e5ea416c25237

                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                            Signature Valid:true
                                                                                                                                                                                                            Signature Issuer:CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                                            Signature Validation Error:The operation completed successfully
                                                                                                                                                                                                            Error Number:0
                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                            • 15/04/2019 02:00:00 20/04/2022 14:00:00
                                                                                                                                                                                                            Subject Chain
                                                                                                                                                                                                            • CN=Gibson Research Corporation, OU=Gibson Research Corporation, O=Gibson Research Corporation, L=Laguna Niguel, S=California, C=US, SERIALNUMBER=C1411812, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US
                                                                                                                                                                                                            Version:3
                                                                                                                                                                                                            Thumbprint MD5:7A34956311C60616188AF4DDACE69D56
                                                                                                                                                                                                            Thumbprint SHA-1:CE068EA21AA7C935AB9D3589BBDFB17610EAF717
                                                                                                                                                                                                            Thumbprint SHA-256:C989480EB128013BBB68079B3989C2032E11A8C02000621987B633A3E55248DB
                                                                                                                                                                                                            Serial:035F7EBDACF22EFED58CD2242C66B060
                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            mov eax, 004A930Ch
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            push dword ptr fs:[00000000h]
                                                                                                                                                                                                            mov dword ptr fs:[00000000h], esp
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            mov dword ptr [eax], ecx
                                                                                                                                                                                                            push eax
                                                                                                                                                                                                            inc ebp
                                                                                                                                                                                                            inc ebx
                                                                                                                                                                                                            outsd
                                                                                                                                                                                                            insd
                                                                                                                                                                                                            jo 00007FB354688453h
                                                                                                                                                                                                            arpl word ptr [edx+esi+00h], si
                                                                                                                                                                                                            jmp 00007FB2F19C5A48h
                                                                                                                                                                                                            or eax, 43D34444h
                                                                                                                                                                                                            int1
                                                                                                                                                                                                            int1
                                                                                                                                                                                                            hlt
                                                                                                                                                                                                            popad
                                                                                                                                                                                                            sbb al, 06h
                                                                                                                                                                                                            add edi, edx
                                                                                                                                                                                                            push ds
                                                                                                                                                                                                            enter 5258h, 15h
                                                                                                                                                                                                            dec esi
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            cwde
                                                                                                                                                                                                            add dword ptr [edi], AF19C1D2h
                                                                                                                                                                                                            movsb
                                                                                                                                                                                                            leave
                                                                                                                                                                                                            dec edx
                                                                                                                                                                                                            jbe 00007FB354688396h
                                                                                                                                                                                                            mov eax, dword ptr [C0C0F467h]
                                                                                                                                                                                                            fcmovnu st(0), st(4)
                                                                                                                                                                                                            add esp, esi
                                                                                                                                                                                                            inc ebx
                                                                                                                                                                                                            jnbe 00007FB3546883E6h
                                                                                                                                                                                                            xor byte ptr [ebx+edx*4], dh
                                                                                                                                                                                                            sbb dword ptr [eax+72h], ebx
                                                                                                                                                                                                            pop dword ptr [ebx+esi*2+7Dh]
                                                                                                                                                                                                            sahf
                                                                                                                                                                                                            push esp
                                                                                                                                                                                                            xchg eax, ebp
                                                                                                                                                                                                            jnl 00007FB354688413h
                                                                                                                                                                                                            loopne 00007FB3546883E0h
                                                                                                                                                                                                            int1
                                                                                                                                                                                                            mov al, 04h
                                                                                                                                                                                                            dec esi
                                                                                                                                                                                                            sti
                                                                                                                                                                                                            xor dword ptr [ebx-755D5F77h], 009AEF84h
                                                                                                                                                                                                            les ebx, fword ptr [edx]
                                                                                                                                                                                                            inc ebp
                                                                                                                                                                                                            cmp eax, F6142FF2h
                                                                                                                                                                                                            adc eax, E095D3BBh
                                                                                                                                                                                                            push edx
                                                                                                                                                                                                            xchg eax, esi
                                                                                                                                                                                                            leave
                                                                                                                                                                                                            or dh, byte ptr [eax]
                                                                                                                                                                                                            les ebx, fword ptr [ecx-49DE750Fh]
                                                                                                                                                                                                            in al, dx
                                                                                                                                                                                                            jnc 00007FB35468838Dh
                                                                                                                                                                                                            dec ecx
                                                                                                                                                                                                            mov eax, dword ptr [AF890BEBh]
                                                                                                                                                                                                            pop ebx
                                                                                                                                                                                                            push esp
                                                                                                                                                                                                            pop ebp
                                                                                                                                                                                                            add eax, 5C41A0DBh
                                                                                                                                                                                                            mov eax, 04B2A77Dh
                                                                                                                                                                                                            shr byte ptr [edi-0456B33Bh], 1
                                                                                                                                                                                                            inc esi
                                                                                                                                                                                                            xchg eax, ecx
                                                                                                                                                                                                            jns 00007FB354688431h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            mov edi, 8CA8CEC2h
                                                                                                                                                                                                            retf
                                                                                                                                                                                                            sbb al, 0Fh
                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                            mov eax, dword ptr [AE119504h]
                                                                                                                                                                                                            cmp dword ptr [edi], FFFFFFAFh
                                                                                                                                                                                                            into
                                                                                                                                                                                                            or esp, ecx
                                                                                                                                                                                                            push 003E9AFDh
                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0xa86c40x8f.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xa70000x16a0.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x22e000x4e20.text
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000xa60000x20600False0.9984465492277992data7.997286904575205IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .rsrc0xa70000x30000x2400False0.5944010416666666data5.760035483519286IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_CURSOR0x1c0000x134dataEnglishUnited States1.0357142857142858
                                                                                                                                                                                                            RT_ICON0xa75c00x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.27673410404624277
                                                                                                                                                                                                            RT_ICON0xa7b280x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.3387096774193548
                                                                                                                                                                                                            RT_ACCELERATOR0x1c1380x170OpenPGP Secret KeyEnglishUnited States1.0298913043478262
                                                                                                                                                                                                            RT_RCDATA0x1c2a80x13948dataEnglishUnited States0.9882358455193101
                                                                                                                                                                                                            RT_RCDATA0x2fbf00x657emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x302480x25demptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x304a80x516emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x309c00x23caemptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x32d900x28eemptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x330200x3b36emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x36b580x3b36emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x3a6900xa56emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x3b0e80xa5baemptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x456a80x4daemptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x45b880x8712emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x4e2a00x29e56emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0x780f80x29e56emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0xa1f500x20faemptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0xa40500xb26emptyEnglishUnited States0
                                                                                                                                                                                                            RT_RCDATA0xa4b780x476emptyEnglishUnited States0
                                                                                                                                                                                                            RT_GROUP_CURSOR0xa4ff00x14emptyEnglishUnited States0
                                                                                                                                                                                                            RT_GROUP_ICON0xa7e100x22dataEnglishUnited States1.0588235294117647
                                                                                                                                                                                                            RT_VERSION0xa7e380x5d0dataEnglishUnited States0.4173387096774194
                                                                                                                                                                                                            RT_MANIFEST0xa84080x298XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5030120481927711
                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            kernel32.dllLoadLibraryA, GetProcAddress, VirtualAlloc, VirtualFree

                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                            EnglishUnited States