Play interactive tour
Edit tourAnalysis Report 2
Overview
General Information
| Sample Name: | 2 (renamed file extension from none to exe) |
| Analysis ID: | 352559 |
| MD5: | 3f6fcdaa059d9ba461578374c74e5696 |
| SHA1: | fa535b72a9cea09f5869e8ad1b8179f229985fcf |
| SHA256: | 30c0b3f98d0e267293219f3a03347f87da66c208739e569b87b49fc6903128c4 |
Most interesting Screenshot:  | |
Detection
| Score: | 92 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Adds a directory exclusion to Windows Defender
Binary contains a suspicious time stamp
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Potential malicious VBS script found (has network functionality)
Potential malicious VBS script found (suspicious strings)
Uses dynamic DNS services
Wscript starts Powershell (via cmd or directly)
Contains capabilities to detect virtual machines
Contains functionality to detect virtual machines (STR)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Classification
Startup |
|---|
|
Malware Configuration |
|---|
| No configs have been found |
|---|
Yara Overview |
|---|
| No yara matches |
|---|
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: |   |
|---|
| Multi AV Scanner detection for domain / URL | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Multi AV Scanner detection for dropped file | Show sources | ||
| Source: | ReversingLabs: | ||
| Machine Learning detection for dropped file | Show sources | ||
| Source: | Joe Sandbox ML: | ||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
Compliance: | |
|---|
| Uses insecure TLS / SSL version for HTTPS connection | Show sources | ||
| Source: | HTTPS traffic detected: | ||
| Contains modern PE file flags such as dynamic base (ASLR) or NX | Show sources | ||
| Source: | Static PE information: | ||
Networking: | |
|---|
| May check the online IP address of the machine | Show sources | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Potential malicious VBS script found (has network functionality) | Show sources | ||
| Source: | Dropped file: | Jump to dropped file | ||
| Source: | Dropped file: | Jump to dropped file | ||
| Uses dynamic DNS services | Show sources | ||
| Source: | DNS query: | ||
| Source: | IP Address: | ||
| Source: | JA3 fingerprint: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
System Summary: | |
|---|
| Potential malicious VBS script found (suspicious strings) | Show sources | ||
| Source: | Dropped file: | Jump to dropped file | ||
| Source: | Dropped file: | Jump to dropped file | ||
| Wscript starts Powershell (via cmd or directly) | Show sources | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Code function: | 6_2_00007FFA1D911958 | |
| Source: | Code function: | 10_2_00007FFA1D911930 | |
| Source: | Code function: | 10_2_00007FFA1D9E3285 | |
| Source: | Code function: | 19_2_00007FFA1D911998 | |
| Source: | Code function: | 19_2_00007FFA1D9D3285 | |
| Source: | Dropped File: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Key value queried: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
Data Obfuscation: | |
|---|
| Binary contains a suspicious time stamp | Show sources | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 6_2_00007FFA1D917259 | |
| Source: | Code function: | 10_2_00007FFA1D917259 | |
| Source: | Code function: | 19_2_00007FFA1D91731A | |
| Source: | Code function: | 19_2_00007FFA1D9D9549 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | File opened / queried: | ||
| Source: | Code function: | 19_2_00007FFA1D9181AB | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window found: | ||
| Source: | Window found: | ||
| Source: | Window found: | ||
| Source: | Window found: | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Adds a directory exclusion to Windows Defender | Show sources | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | |||
| Source: | Key value queried: | Jump to behavior | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation1 | DLL Side-Loading1 | Process Injection11 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Command and Scripting Interpreter2 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion4 | LSASS Memory | Security Software Discovery111 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | Scripting312 | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools11 | Security Account Manager | Virtualization/Sandbox Evasion4 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | PowerShell1 | Logon Script (Mac) | Logon Script (Mac) | Process Injection11 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting312 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Timestomp1 | DCSync | System Network Configuration Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | DLL Side-Loading1 | Proc Filesystem | File and Directory Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery13 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Joe Sandbox ML | |||
| 2% | ReversingLabs | Script-Python.Infostealer.Heuristic | ||
| 21% | ReversingLabs | ByteCode-MSIL.Trojan.Heracles |
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 1% | Virustotal | Browse | ||
| 7% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| ocsp.rootg2.amazontrust.com | 143.204.15.108 | true | false |
| unknown |
| myexternalip.com | 216.239.32.21 | true | false | high | |
| discord.com | 162.159.136.232 | true | false |
| unknown |
| cdn.discordapp.com | 162.159.134.233 | true | false | high | |
| checkip.us-east-1.prod.check-ip.aws.a2z.com | 107.21.162.206 | true | false | high | |
| sf3q2wrq34.ddns.net | 34.199.8.144 | true | true |
| unknown |
| proxycheck.io | 172.67.75.219 | true | false | unknown | |
| jspaste.tnfangel.repl.co | 35.201.120.147 | true | false | high | |
| o.ss2.us | 143.204.15.205 | true | false | unknown | |
| ocsp.sca1b.amazontrust.com | 143.204.15.29 | true | false | unknown | |
| wttr.in | 5.9.243.187 | true | false | unknown | |
| set-clima.mrgaton.repl.co | 35.201.120.147 | true | false | high | |
| canary.discord.com | 162.159.137.232 | true | false | unknown | |
| ocsp.rootca1.amazontrust.com | 143.204.15.46 | true | false | unknown | |
| checkip.amazonaws.com | unknown | unknown | false | high | |
| ocsp.pki.goog | unknown | unknown | true | unknown | |
| r3.o.lencr.org | unknown | unknown | true | unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 162.159.134.233 | unknown | United States | 13335 | CLOUDFLARENETUS | false |
General Information |
|---|
| Joe Sandbox Version: | 31.0.0 Emerald |
| Analysis ID: | 352559 |
| Start date: | 12.02.2021 |
| Start time: | 19:38:19 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 10m 19s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | 2 (renamed file extension from none to exe) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 40 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal92.troj.evad.winEXE@49/41@51/1 |
| EGA Information: | Failed |
| HDC Information: | Failed |
| HCA Information: | Failed |
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 19:39:16 | API Interceptor | |
| 19:40:18 | API Interceptor | |
| 19:40:21 | API Interceptor | |
| 19:40:40 | Task Scheduler | |
| 19:40:41 | Autostart |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 162.159.134.233 | Get hash | malicious | Browse |
|
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| myexternalip.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| ocsp.rootg2.amazontrust.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| discord.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
Dropped Files |
|---|
Created / dropped Files |
|---|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11 |
| Entropy (8bit): | 3.2776134368191165 |
| Encrypted: | false |
| SSDEEP: | 3:DGL:s |
| MD5: | E52FD7542AC7305FA13A4D98A54A2CA8 |
| SHA1: | FB8ACCDF211CF0B62407BD51E718CE7CDA33B2BB |
| SHA-256: | BA224EAAF6280529D86A250DD13E6151A6985BCE39603B1BCB22ACAA805422D8 |
| SHA-512: | 08CCE6462F4582017757789BFE68C8BC718D7EE3F64700E81707467521ABA0929F85D80F5A57EDA719E5CB41AC12DD83BCB8D39626D8360E8F18BBDFBC3A8960 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5912 |
| Entropy (8bit): | 5.1804903836765686 |
| Encrypted: | false |
| SSDEEP: | 96:px1k6raNVA3+U8U/LToUO0iUJnXA3LQEwhQAf+N2WAvvG1VuU1ki1V6Jb:n14NVAbT9OMh7EgvG1v1P1VQb |
| MD5: | 3E615C5231AF93E759FED12E6DB2296C |
| SHA1: | DE932C47DC56419506A545984B2421892DD3AE58 |
| SHA-256: | 0C122171FA8415B825E1B4BFE094329A32C1E3A6A64299B63E49B4983D8AEE13 |
| SHA-512: | AACA799FB27C50BED21C0CA50A4624321550AEF45DF1FFF686F4A0BE170363291C5FCC82085A9C56C9A6843F1E16B2A212E85FAECD5E6205280624070C07ED99 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2032 |
| Entropy (8bit): | 5.261502872623547 |
| Encrypted: | false |
| SSDEEP: | 24:/ILiMlEy9U9paOkUj18mK5OmCmbcqEEytkUj1nK5OQmbcq/kUj1JW5Ogbcq/kUjV:/dgU9jVy5DChV05IVLW5rV75/ahZG |
| MD5: | F21FAFE3ECFC9EC143ED22A39356B4BD |
| SHA1: | A0C5FCD6576CF98E887C7089CF01041230E80EAA |
| SHA-256: | 0A0D9BA409EEBB4DAC46E5F888E63236A8276948501F2A169F93F3DB6E85311A |
| SHA-512: | E5431BF934D2FC5490D1C3B052B140F3C02140DB1D8E686BFBAF6253900758C0828850432599FFF9C7549A5B8C2C4B41E8C4F3D2E2EA98224FBF6FC4252A02E0 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 439 |
| Entropy (8bit): | 4.99329424605955 |
| Encrypted: | false |
| SSDEEP: | 12:qMCP4dJlPQMb93+WEFgQX0HClrMlliHMlz:qHPIYmREFgQX0HClrVo |
| MD5: | 966428B7F2F12E324632CC54BF0C3C12 |
| SHA1: | F5CBC7C229AD4C4F27660318E3D29E71349BA19D |
| SHA-256: | 4AEAE0E560A19A6A68A75AB5EE47E250E48B71D32BECF8333EB7AA2CC00C98D5 |
| SHA-512: | 02C2F0F8C1576AAA2EF5D3222DF372CB9183D3B09070E522E4FA161AFA1E32D41F483A7D1F54923753221DE7B788182570188CAEA9BDBF6C0000E0B9EB38AE0D |
| Malicious: | true |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 268 |
| Entropy (8bit): | 4.960824243052304 |
| Encrypted: | false |
| SSDEEP: | 3:RAkmQEm8nBve8Rm8x7D/emNDWKXMJAYMrHEKXMhX2Ay4BKjm5Auv8NX4E4RiERKr:RjFNqZM+7ym/eMTTMh36HXlMh3UNUqJH |
| MD5: | 251F5F82FEC9C402EE46C3DEC8271400 |
| SHA1: | 7A7B2E8B13DC09BCE2AE5765124761E8D4923E00 |
| SHA-256: | 01EA2EBEF5587324463D5F9B3F3DFAF624D431584D40E21BC317BDE80BA0756C |
| SHA-512: | 64CB7874B09CAB147286FFA48CCAA58CC74783B24A24CFB10A9FE4751B19486C034F7384BE218CC23E3A3E99BA20952921A739D8B89C64135C2ABF4F90D2D6CB |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1545 |
| Entropy (8bit): | 5.087938391843514 |
| Encrypted: | false |
| SSDEEP: | 24:qSnDPIYmDEFgQX0HvFlrLR9PtPIYmPEFgQX0Hvplrf19PtPIYmgEFgQX0HvwlrAI:7DPaEFgDlZFtPOEFgnlxFtPFEFgulh6g |
| MD5: | 2E551D2C55A926F93FEF7708B196FD50 |
| SHA1: | AF086015300B4BECEAE95E7B027A05B801FB84F6 |
| SHA-256: | FB7CA2264D8F96E4228FB27B97D2409700C99F9194A20D4F1FFF9BB93CBA21B4 |
| SHA-512: | EB6CA232E08AD4E707AFB115B2E3680CDCC427E50459EA4C75446925C14FC52F316D8B8A55CF052941C72828AD3AEBDF84369D7204EF304B01808CBE937612C2 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 259 |
| Entropy (8bit): | 5.017243843063982 |
| Encrypted: | false |
| SSDEEP: | 3:jaPFEm8nBve8Rm8x7D/emNDWKXMJAYMrHEKXMhX2AyBKjm5Au/2qQANX4E4RiERD:j6NqZM+7ym/eMTTMh3R620XlMh3FNUqj |
| MD5: | C49395FCD12BC5746A9C3F20B161CB62 |
| SHA1: | 04F1D91C0050D057F4C92D2B5EE3DC4DD8FAED3E |
| SHA-256: | 15E0423E8D9A8BE8BC5DF26F0E6BAE09CA0EEF7FA7893BA210B533DDEA931337 |
| SHA-512: | 68973F0FCD50D48B03EF5F44CE955E1E6D1B4280FCEB2F232EE8A69C383AF8DAAC90C897B47442729D0F61A3C36E403A5F42FDB881A348A9B66133AE0915DB6D |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 424 |
| Entropy (8bit): | 5.029523947268901 |
| Encrypted: | false |
| SSDEEP: | 6:qMhrFoFP/63JuSJFCWDjQMb7uJE/BxvEE/MgImGFE6T0Hl7dEWWlH7PMhJiHMhPn:qMCP4dJlPQMbGWEFgQX0HClrMfiHMx |
| MD5: | 0077592A5ACEEF9E61EFBA93B3B7F733 |
| SHA1: | 9B2E2898A2CB58D68B50DB0D326C66BEC28A8914 |
| SHA-256: | B1EBC5575D1C63980FEF799E7459564BE6D59701914B9C493621261B4A8D67CF |
| SHA-512: | 373664777EED91B0427B0E433A83E234F2B0F756F12686A3217C11B401F723E51D9DF9D357A32622E0ADE7A10A60EABBAA382DD408A2BB4C266150E3011DEA28 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 270 |
| Entropy (8bit): | 4.993476708309651 |
| Encrypted: | false |
| SSDEEP: | 6:RjFNqZM+7ym/eMTTMh3X4MHXlMh3X4iNUqJH:pCZd2MTTMlX4M3lMlX4TiH |
| MD5: | CFE3503C31066775F0311C576BA73A7B |
| SHA1: | A176B0BE12DFE429EA506ACD375D23E5C57DD579 |
| SHA-256: | FF36CCA2A5BE57324611834B08411B9209DA259C96C3E20D4ADB100F2EF4AFCD |
| SHA-512: | E08DFC06F94A7C8E68E4AAC90376829B648D29CDE8308C9AECD383EE729BD7278B707F198A1CB82851C96917C43905EE886103FAF5E7472E0D18AA5A8897B3FA |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 514 |
| Entropy (8bit): | 4.978239002664289 |
| Encrypted: | false |
| SSDEEP: | 12:Q8ddJSG4eF7McXiHMcSMjiHM+MfiHMMKIwMl2:Q84G4epAwfRLZgR |
| MD5: | 6515E583B174DEE1414F0F3AE2843D79 |
| SHA1: | 1822EA1CC6449973E9F9C7962F40291227B3A9C6 |
| SHA-256: | 00D2F37EF58E682E44FDBC404751BCD930AA2DD6920A53A342BE8A0A12FDD2CA |
| SHA-512: | E5EC2E6779F65D7EAD598C9CB6E4ED5C69F76FFC016188EEEA7CD695BFD49658D43E18E225FF2BB29A3FA7E33FB806A4DDEB89543A3629BF7115659C92738256 |
| Malicious: | true |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 262 |
| Entropy (8bit): | 5.018629288245689 |
| Encrypted: | false |
| SSDEEP: | 6:RjFNqZM+7ym/eMTTMh3mvHXlMh3m/NUqJH:pCZd2MTTMlmv3lMlmeiH |
| MD5: | DE6F241EE41F0DD4CCE500DAAB20D3BC |
| SHA1: | 2C12021C811E961D05712FBE604C754040DCD6C6 |
| SHA-256: | 60C5B8AA20454C6DB954F433001B6937B563784B387DCBC12FB38914745FC2A1 |
| SHA-512: | 3A06787760056F9F8FB6BC9009D2AADDDCF2D88EB4BDBF55D50CA658A30808DCA824224893D6726D58C2290AEC8FFDC7B7B1ABE2ACF7CDA7817DBD7D9DB3A1F7 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 655 |
| Entropy (8bit): | 5.190886140486877 |
| Encrypted: | false |
| SSDEEP: | 12:ZdDWr3VudCY2dVYiqkMzJXkfoq7ukMZlDnU7unj0FDnU7uEW6RXU8W5Y:3S3VuUVKkMlXk5uk+nUuw5nUuEW6Xxj |
| MD5: | 1C3216273F7A7B2CCD2E7A296E69FB67 |
| SHA1: | 215A6291C7527B0B8C640E9CA6A99D4155E123AA |
| SHA-256: | 889933A1549353CE6B8727E19170C0946C6A2C4C4191EE3B42B2DF8DE65075E9 |
| SHA-512: | 3B6D73B8B0EEB81AEF89DF0A78963B823F061BE06A30AAE8A6962E8406477ADCA451BA1C3E291CB979EA21F342B2832F4C396E779F3ACC038267F33B85B00C7F |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 16866 |
| Entropy (8bit): | 5.174272015041054 |
| Encrypted: | false |
| SSDEEP: | 384:O552a44ugUrXlJFt3na8bbyAuFUQyqwkCO6uG2O446eAAtS6ciWMAoIAGAW8EYKc:O552a44ugUrXlJFt3na8bbyAuFUQyqwB |
| MD5: | 6292AADDB83D7AA3ACF0570F111A48C1 |
| SHA1: | DE44A420DC66420216130F2390D4A97F5C667F27 |
| SHA-256: | CFFE7A157857DD06F26489196FFB8864266EA7B72D84364EF8979AB49D080CA6 |
| SHA-512: | 735565EF45679B32FE6F90F6A0BCF9C39F08074ADFE99894A43B7BC6B365C81F0E4C7A2353132E93110D844794866DF0903673F2DC32DA7DAFFEBD29973C973A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7496 |
| Entropy (8bit): | 4.74694060830541 |
| Encrypted: | false |
| SSDEEP: | 192:nGRexxt4jMh5ElKh43WECxRSe/V/erIdb5MEB8/AX/NTt36GkdHsjm:nSex7kMv3CqxLdh3dyHsjm |
| MD5: | A47E7380CA55AA797F0E2B049CC93640 |
| SHA1: | C9DAB64DA9D3276FE5657CB635A121CF71BF60B2 |
| SHA-256: | 211C96FFDD2EE3688F0539C2AA890FD3FB33F6947EC9FBF8B134E190E92BA2C8 |
| SHA-512: | FE4C7D65B6DD46FB8C2DD8BF2CC5CC3B95FE5C800E9769853DB529092C4191BBC1F33B834F71F78DB0B45298FBE19707D1B70EDAFCE34CE7206B1FBEDBB8C4F1 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 287744 |
| Entropy (8bit): | 7.975079202001964 |
| Encrypted: | false |
| SSDEEP: | 6144:NkQtYG6gQMP9+VlFqsl+HYlUTWP0Ua0cJx91a7Epwzq8gqMsPB:Nkjo5FclFqsl+HYl3LlCda7EpwG8XM |
| MD5: | 45C3C6D36AF693F36E6D3F3C5FFDC67A |
| SHA1: | 8274C10D8AFAD40A78F6A511F6DD13550E8AFEE1 |
| SHA-256: | 7EA0EFF216A142312F72B0CC7EA6C61F33C63EACF6EBD781E3DFC27D902EFB90 |
| SHA-512: | 9E0BE79012D15073F89025DBD1EA0F2E7A7976768775556305F694D0C1513968A075ED2B1659CD62158A8EF2482C4AE995E67A1809912C5DC118C3797631B1F1 |
| Malicious: | true |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2369 |
| Entropy (8bit): | 5.174040624698519 |
| Encrypted: | false |
| SSDEEP: | 48:z4auTEsQkCtBtFw++xWbUPbheMMzFesQkC1:zgxQJpFw++mUYMcFTQJ1 |
| MD5: | 8B518D601F2D95F6DD8012847494DE60 |
| SHA1: | D2E1997CB8922FABFB80F047A0121569500119F8 |
| SHA-256: | FA32861C25927A3884071EC59F6E8C44832BCCAAB5238CC8092674A41E52B0F8 |
| SHA-512: | C80F2E7664A8CA2EAF43035BF739A9949FDE8E51F396FF23DB26EACA1A947E85AB417347126BDA30AC8E069E7D20ED84D09ABFAC7AA55221C974414B213856B0 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 195 |
| Entropy (8bit): | 4.96000545040791 |
| Encrypted: | false |
| SSDEEP: | 6:E9fzMhRjCg59D1oWf9FTMhRr0oWfoqMhRrX:sfzMvGc9DCWfTM3FWfoqM3b |
| MD5: | 8CDFB7BF22303A6D4CDD8283671A9845 |
| SHA1: | 756561332343B544C7A45556D11A4403610EF2FC |
| SHA-256: | 125E4B3894C0BFB6973352076EB1FA8FA3E6B3FBE33E16FAA715E9236AE14D54 |
| SHA-512: | 13CF2AB7B934D47BDF64EFD08E665A497D574C1240D6AB51F971867C70862F52D67E5FD89DD2519E2EDB4D2EADFE96D4505AC87E87BDE710762A21F70674AC7D |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 405 |
| Entropy (8bit): | 4.91510534549036 |
| Encrypted: | false |
| SSDEEP: | 12:RfzMvGc9DCWfTM3FWfoqM3FWfTM34M3Y+WfoqM3DqM3YW:t7mDCqItqIqbh+tqwqhW |
| MD5: | AFE820131F6F1807664A1F1E057240A0 |
| SHA1: | 04B23BDA86A094257970491051CEEE2769356E34 |
| SHA-256: | 12793E96A47A3260DAD29068C50C2A96C60648A62141307FD6F51A5B861F45A6 |
| SHA-512: | 188D0F48C8B797BD889A7385302445E143963CE2DF66104FA9F2D49CC670EB94D1BE664BE5821E60418CB2FC73E6770EF81B4493DA9F2C7F3062E5D502AB0674 |
| Malicious: | true |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 756 |
| Entropy (8bit): | 5.013000534242134 |
| Encrypted: | false |
| SSDEEP: | 12:9vWdKCZd2MTTM3m3lM3BcMTTM30/qNANM3QmFMTTMvGcHqNANMvGc4MTTM3wqNA8:9AFZd2MTTblKcMTTBCNAN2MTT79NAN75 |
| MD5: | 0275844589E754FBA4152D2E70DB990C |
| SHA1: | 56A5492D4233B214116751FBA92AF7DEEF62FF92 |
| SHA-256: | DE148BBC2A78D59931BB583E991B0E7E78B5F1F4772673926491155029421090 |
| SHA-512: | B04704C27F75797A6E383EE3F7CFEB49E9EE8CD1ED3EF3326E374EBF6E79D688FF89EBABAA13BE6039F351E38CC5C3457C51BB66024B6A2E811DCB2E00B3048B |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1505 |
| Entropy (8bit): | 5.386123854735665 |
| Encrypted: | false |
| SSDEEP: | 24:JPIAjVBEcJVpBJVQJV6yioVBKDZIV7yYMTTuFD5bXYVAC7blV7LzI1:2AjBv3OQoeIQqZYfpV0 |
| MD5: | 41C3283806307C95DAC11604DF01FA6F |
| SHA1: | EF7B57EDB4C70EAF3E8C3F0CFE5002CA36F39B0D |
| SHA-256: | CE301250DF449D88FA88DAD882E165BC8BA01A6FF95A154CA388E42D8532D90C |
| SHA-512: | B6332ED56FACBAB1FADD4FE7ABD2CC9B1F9A2DC62AE5C73A13A13C6980B4C52CE622FE495D1C2C84CEDC3E7277C01092B59D77D1D739F181499D4D030004405A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1397 |
| Entropy (8bit): | 5.138618388021063 |
| Encrypted: | false |
| SSDEEP: | 24:2dH4+STEfMFuL60YeGlMhEMjn5pwjpILUYODOLG9RJh7h8gK3i7zty:cb3fQuL60uydbQ9IIYODOLedq3mQ |
| MD5: | 5367BC827AEAA017534E36F7A6F91DFE |
| SHA1: | 7C36F57CEBB102012D79EB4CA1DA5E8EFBA473DC |
| SHA-256: | B49965BD6B87500A9B90B235B10BACF2FBB0B35B009C305AE490D05E86C614D9 |
| SHA-512: | 823FCFE24DC524BB1D6849DA73A86AA86D25B9AD89FCFF60A157CCF09E3875D736CE4F9F9051E338EB3C49AF7389AE1D9DFE7B02421C68A9FDD10343D9A4C337 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2376 |
| Entropy (8bit): | 4.862595516733785 |
| Encrypted: | false |
| SSDEEP: | 48:v0IVVjVTa6j6WeB2c16WeB2KxOxJe+Zj6WeB2Y16WeB2hBx:c8vTRlGlAQJxl6lTx |
| MD5: | EDA57A7389DA68420E5ACF1D623815F8 |
| SHA1: | 4C46A6544DDF921154E91648DFCBEBB25C856F28 |
| SHA-256: | 07A081C429E05BB61CC89F0B193B173FC0EC6F9A70A8C598355B99ADA007D5C7 |
| SHA-512: | 48C2D3FDD3F0B76927C3946967E177A1DAF8CB68DF275B82731355F4A1B3C7139B5ED0E83CCF61CDE5EB769B137E1742CD1315511429FF989E0D4EA9AD1F2376 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2079 |
| Entropy (8bit): | 5.435500332996288 |
| Encrypted: | false |
| SSDEEP: | 48:e2KfZUkjuVMZUkV2O2J2C7ZDbpuVMZDbn2O2J2m:e2KWoKfQ2O2J2MtKGL2O2J2m |
| MD5: | 250E6D96A3E19A266AB3AD5E098CDA58 |
| SHA1: | 070A0126BA59DCBF50056197B867DDBAC72AD6DE |
| SHA-256: | DA6489E8D58CB060BC7DEA99B6527A64F1DA75F0721E0336E9B40940674DD155 |
| SHA-512: | FB1D9E2616B65AF315EA9DD329AA91EB003B3F6A74EB100D21B0A0A8C9383E65C5DB01D07E31A17ACFF9A711E7A94E9FC7CC4BAE90A4F6610B5A3A0506AAFFD4 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 242 |
| Entropy (8bit): | 5.03411654470083 |
| Encrypted: | false |
| SSDEEP: | 3:RAkmQEm8nBve8Rm8x7D/emNDWKXMJAYMrHEKXMhXWJuXzm5Auv8NX4E4RiERKXMf:RjFNqZM+7ym/eMTTMhbHXlMhbNUqJH |
| MD5: | 15A9D40EEA360D75A5591021468DE320 |
| SHA1: | 0D18737CA8A01D97BD7E11BD84F32F84FD02D7AE |
| SHA-256: | B09AB197B9D6651AB31309F26968E157CBE2863CCF7415A767D575F81835C995 |
| SHA-512: | BE05AFB0031FB649A176B4C411D5800B43F09CC61F073E7896B10A4B37289F7696D2EF08D734BE7D60FD5214908EA59FA4E82063CB983FD42A36F9E7A7F46B44 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1682 |
| Entropy (8bit): | 5.414392752196666 |
| Encrypted: | false |
| SSDEEP: | 48:QU9NZUk2KuJ3K2kR4mLK1EVSwVYriVe99:QU9sjJ3lkmmLK18DFO9 |
| MD5: | EC421078C3F5275BE21E4CE3A22F691F |
| SHA1: | 22E146AC4B26D580E4D4540ABB2C9E79C91F6C37 |
| SHA-256: | 01694E4751C0272DA33231D4401AB6D9F4E5D2A37EA909B3B26D39683BA9C311 |
| SHA-512: | 2661C40EBB2BB7DC3AAB995BDB3FCDF93F60EBD1DB0843E3789BE3A889206E3ED52D249D9BACC86FD07B204E69B8002AC8F19D20CC77E1BD0EA8B3B0D4D682C8 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5765 |
| Entropy (8bit): | 5.293515775147969 |
| Encrypted: | false |
| SSDEEP: | 96:GULU9HQgWSQOz4fj4HjR1ChHuBVku1JVt53rQRzQ7/2x4g+k/07MTCi:m9ISQ14H1opu5r6uq3/OMTz |
| MD5: | 8255012FBDCAEABE80C175B5213FF40F |
| SHA1: | 2CE5B5EE04E6CEDBA7EACDF6851345B8BE9B6BA3 |
| SHA-256: | 8BC77AFFE7C6C833BE183FBE91402D799749AB5CAFCCE377877F233959B8C287 |
| SHA-512: | C76E60C016582E7197715C7A59A2BF48DD7CD0CB2A369C5F34570C57315DA84857BB420708D1FC0AC1061032A885FEAD587A8F1D6D85C09EDD2E8DC5734596BA |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13993 |
| Entropy (8bit): | 5.463481737879301 |
| Encrypted: | false |
| SSDEEP: | 192:Y9RA9lA9tEG3vr8CapTVymNuyw0XsQcn2OkpzKFQPGhxbZTHRgAfMSlad9drM97U:oRwGtEG3vr8CapTV/jtpzdeR9DOuQ |
| MD5: | 8F0841B5991DAC232B12BDBDF0B8AE21 |
| SHA1: | D58A9A2CB9051A784851CE5C594D58B5191352AB |
| SHA-256: | 0B1C474D439C700AE4BEACA91C6F0EAC9E690C73D6AF74BF0BC4F40CA91BE851 |
| SHA-512: | 0124C0AF7217EF01E9EFCE463BDEAC5720D69E712C6EDA4CF61F445D6FE1F70BBD716BE298AE0B9CCA27606605F3E7F39B05BB85F8903BB118258E8EB1026640 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Users\user\Desktop\2.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 847 |
| Entropy (8bit): | 5.350326386662965 |
| Encrypted: | false |
| SSDEEP: | 24:ML9E4KrgKDE4KGKN08AKhPKIE4TKD1KoZAE4KKPz:MxHKEYHKGD8AoPtHTG1hAHKKPz |
| MD5: | 8695FFB03DE68402BA23CADD1D71EF14 |
| SHA1: | 67BBF40D11F0B1841FEE4F622E07855787065E0B |
| SHA-256: | 1F0942A2EECF4990E027C7D609E319ADCF4563F984DD0D8EF2B370A1817F3C1C |
| SHA-512: | 6EDEEAB5EF14473DF54251D69A3E2B7AC29778AEF929F8EC05F03008BF9AD629FE315115B22EDC09E92E1D7F2869CF9D4DDC6DB92C4158E92F80DEDA5A365098 |
| Malicious: | true |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1292 |
| Entropy (8bit): | 5.353484982621018 |
| Encrypted: | false |
| SSDEEP: | 24:3vUAPpQrLAo4KAxX5qRPD42HOoVZe9t4CvKuKnKJRSF8PQ9b6F:8APerB4nqRL/Hvfe9t4Cv94aR48Y9eF |
| MD5: | E13A29925DCC70BBB9172F467860FDE5 |
| SHA1: | 83F5DF637300324E512DE4B08B6322BC94A7E05A |
| SHA-256: | 58223C2381C6D0F52FA98B6317FB7493A61CF02E6326EA5860114BA86C3C774B |
| SHA-512: | 7BC27E66E0406DDEE6E0B3E63E316C9B86FD04E0814635E9B8B0C4BDD78FEDF2167EFA1F5F6BDFC64E8DAB7967A47C7E0EF290A53AD6A05F60207A6D1F891C9A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5214 |
| Entropy (8bit): | 5.374491182321908 |
| Encrypted: | false |
| SSDEEP: | 96:BZw/jN5wqDo1Z2ZT/jN5wqDo1Z3BfJjZi/jN5wqDo1ZQc55eZl:4/t7 |
| MD5: | 24792ED9117E5BD27A479A220F6F376A |
| SHA1: | 93D5602DD702D35DA84592D358E7270C773C5DCA |
| SHA-256: | 0EDB893912FB26AA59088FFC7CB53BA6A617ABDEB54537510F04F619B9A4C89C |
| SHA-512: | 93B91551AF87212D06554EEE0E331FD5A2D0E7A06465192CF27691D42DCA65A879AFEB7770070503E89F7540B5BC56B2AD01A2100EBB488FC7A98D7E04288D14 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5550 |
| Entropy (8bit): | 5.355645127746279 |
| Encrypted: | false |
| SSDEEP: | 96:BZH/jN5vqDo1ZVZo/jN5vqDo1ZWdT1jZ+/jN5vqDo1ZwIllHZg:Pe9m |
| MD5: | AEAB3D6463C7F69300EDCA026E07EF93 |
| SHA1: | D3508741A2F4DDA930660C80BDA8B471FBC9F06A |
| SHA-256: | E434BF8B785CD8FD1AF20F23BA3B734A13BE6BE671515A3F7F8211D76AEA8369 |
| SHA-512: | A6010EFDD5E98D0BE885EC7804A66BE94B133312CAFDED28670FE1CC95AB6EFC7584E0BEC1785DDCAB6FDCF015570DC96F05F31BFA8EE4A9D5C3C2ADCCEE984F |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 5214 |
| Entropy (8bit): | 5.376164670972943 |
| Encrypted: | false |
| SSDEEP: | 96:BZR/jN5bqDo1Z+ZI/jN5bqDo1Z7Nw64jZl/jN5bqDo1ZnNooCZV:pH4i |
| MD5: | 5E57C4B295625A1D7012708B73D90089 |
| SHA1: | B2F0AD905F68E494602FC13F3C91148F44732284 |
| SHA-256: | 7F284AE7E57FBA38A08FDFBE50EF0D4DC84DC10162C6F71B5FAD8E2EDACFCE63 |
| SHA-512: | 5C1F4E6636016F9150ACF7D5716A43D341E43C43FB72F0CEF11FD158BDFB902D03502072527AAB5D686786F53005E7513220F708BF7162F791A7E370F2C540DF |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\wbem\WMIC.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28 |
| Entropy (8bit): | 4.208966082694623 |
| Encrypted: | false |
| SSDEEP: | 3:nLWGWNI3ov:nyGWNOov |
| MD5: | F2CE4C29DC78D5906090690C345EAF80 |
| SHA1: | D12E3B86380F0DBEF4FBDFFE2CBFE2144FB7E9CD |
| SHA-256: | 0356A869FC7E6495BAC33303B002935C317166D0EA5D403BE162573CF01055D8 |
| SHA-512: | 51F939C41710BC3A4E443CDAF33AAE614B043ACC2382A0C836049E34D2F51C8195FD149548752B33E4EDD4299548BB1957B89997FC640C837C9400D76FEA5B74 |
| Malicious: | false |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 4.221711326146183 |
| TrID: |
|
| File name: | 2.exe |
| File size: | 121856 |
| MD5: | 3f6fcdaa059d9ba461578374c74e5696 |
| SHA1: | fa535b72a9cea09f5869e8ad1b8179f229985fcf |
| SHA256: | 30c0b3f98d0e267293219f3a03347f87da66c208739e569b87b49fc6903128c4 |
| SHA512: | a05c569a8a1d2727987e1913b8e4b90505605db3a2358ad5c7adfe0f24501949681e202eb2925ed4962447e09e07cfd2d88ce0430f369e29c2cdee7ce78d4022 |
| SSDEEP: | 768:Vm2zfxXOt+oPq38OIHitat5Q8aE9MhJ/gaLpZVb5HKrq4BaMDrllU74auqdGjnwy:Q2z5XOZcat50E92jq074auqdGjnwy |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....!..........."...0.................. ........@.. .......................@............@................................ |
File Icon |
|---|
 | |
| Icon Hash: | 00828e8e8686b000 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x41ef8a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0xA0219704 [Thu Feb 18 09:31:48 2055 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | v4.0.30319 |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | f34d5f2d4577ed6d9ceec516c1f5a744 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| jmp dword ptr [00402000h] |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1ef38 | 0x4f | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x20000 | 0x3d8 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x22000 | 0xc | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1ef1c | 0x1c | .text |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x2000 | 0x8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x2008 | 0x48 | .text |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x2000 | 0x1cf90 | 0x1d000 | False | 0.176707300647 | data | 4.26785642311 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x20000 | 0x3d8 | 0x400 | False | 0.42578125 | data | 3.18453918242 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x22000 | 0xc | 0x400 | False | 0.025390625 | data | 0.0558553080537 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_VERSION | 0x20058 | 0x37c | data |
Imports |
|---|
| DLL | Import |
|---|---|
| mscoree.dll | _CorExeMain |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x0000 0x04b0 |
| LegalCopyright | SCREEN SAVER |
| Assembly Version | 2.0.0.0 |
| InternalName | IP GRAVER.exe |
| FileVersion | 4.0.0.0 |
| CompanyName | SYSTEM USER |
| LegalTrademarks | NUCLEAR MANAGERs |
| Comments | WINDOWS UPDATE |
| ProductName | USER MANAGER |
| ProductVersion | 4.0.0.0 |
| FileDescription | MICROSOFT HEALTH |
| OriginalFilename | IP GRAVER.exe |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Snort IDS Alerts |
|---|
| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 02/12/21-19:40:38.467996 | ICMP | 382 | ICMP PING Windows | 192.168.2.5 | 1.1.1.1 | ||
| 02/12/21-19:40:38.467996 | ICMP | 384 | ICMP PING | 192.168.2.5 | 1.1.1.1 | ||
| 02/12/21-19:40:38.509617 | ICMP | 408 | ICMP Echo Reply | 1.1.1.1 | 192.168.2.5 | ||
| 02/12/21-19:40:42.095791 | ICMP | 382 | ICMP PING Windows | 192.168.2.5 | 1.1.1.2 | ||
| 02/12/21-19:40:42.095791 | ICMP | 384 | ICMP PING | 192.168.2.5 | 1.1.1.2 | ||
| 02/12/21-19:40:42.138139 | ICMP | 408 | ICMP Echo Reply | 1.1.1.2 | 192.168.2.5 |
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 12, 2021 19:39:12.915743113 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:12.962869883 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:12.962992907 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.007564068 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.055013895 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.060415030 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.060472012 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.060504913 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.060554981 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.066039085 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.110780001 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.111145973 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.154292107 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.169187069 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.214111090 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235661030 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235707998 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235745907 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235774040 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235810995 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235848904 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.235934019 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.235985994 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.235992908 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.236599922 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.236640930 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.236726999 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.237693071 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.237735033 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.237806082 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.238838911 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.238930941 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.238996029 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.239984035 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.240024090 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.240092993 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.241044044 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.241095066 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.241189003 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.242161036 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.242201090 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.242275000 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.243243933 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.243284941 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.243365049 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.244388103 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.244436979 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.244527102 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.245492935 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.245534897 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.245625019 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.246532917 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.246576071 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.246646881 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.247577906 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.247620106 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.247709036 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.248765945 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.248807907 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.248884916 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.249783039 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.249823093 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.249893904 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.250919104 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.250960112 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.251044989 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.282601118 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.282639027 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.282812119 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.283173084 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.283217907 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.283283949 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.284192085 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.284230947 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.284291983 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.285439968 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.285485029 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.285557985 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.286401033 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.286444902 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.286514044 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.287554979 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.287594080 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.287661076 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.288655043 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.288758039 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.288836956 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.289648056 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.289689064 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.289756060 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.290899992 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.291002989 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.291066885 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.291843891 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.291882992 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.291949034 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.293018103 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.293060064 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.293133020 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.294048071 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.294097900 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.294164896 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.295239925 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.295280933 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.295368910 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.296325922 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.296366930 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.296463013 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.297473907 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.297514915 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.297593117 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.298414946 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.298458099 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.298516035 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.299555063 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.299595118 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.299659967 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.300688028 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.300729036 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.300802946 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.301923037 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.301961899 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.302057981 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.302895069 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.302934885 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.303004026 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.303963900 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.304035902 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.304104090 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.305044889 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.305088997 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.305146933 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.306189060 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.306236982 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.306303978 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.307248116 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.307343006 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.307411909 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.327588081 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.327636957 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.327724934 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.328061104 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.328104019 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.328167915 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.328977108 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.329016924 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.329082966 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.330323935 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.330363989 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.330441952 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.331314087 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.331353903 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.331443071 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.332437992 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.332487106 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.332565069 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.333473921 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.333515882 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.333597898 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.334310055 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.334352016 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.334423065 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.335918903 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.335959911 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.336050034 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.336530924 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.336574078 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.336663008 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.337760925 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.337800026 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.337892056 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.338855028 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.338896036 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.338962078 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.340162992 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.340204954 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.340282917 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.341092110 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.341191053 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.341289043 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.342245102 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.342294931 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.342364073 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.343024969 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.343065977 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.343158007 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.344130993 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.344177008 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.344244957 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.345364094 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.345438957 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.345520973 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.346690893 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.346734047 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.347150087 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.347717047 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.347759962 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.347829103 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.348696947 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.348738909 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.348825932 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.349706888 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.349745989 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.349828959 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.350847006 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.350887060 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.350965977 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.352037907 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.352180958 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.352251053 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.372369051 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.372411966 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.372544050 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.372767925 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.372811079 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.372883081 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.373734951 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.373775005 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.373914003 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.375037909 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.375081062 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.375190973 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.376041889 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.376080990 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.376172066 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.377527952 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.377588987 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.377688885 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.378477097 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.378515005 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.378649950 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.379128933 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.379170895 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.379240036 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.380666018 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.380706072 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.380783081 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.381180048 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.381228924 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.381299019 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.382534027 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.382575035 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.382654905 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.383548975 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.383600950 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.383779049 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.384815931 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.384860039 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.384953976 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.385788918 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.385831118 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.385915995 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.386858940 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.386898041 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.386991024 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.388905048 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.388947964 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.388988972 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.389067888 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.390089989 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.390134096 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.390171051 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.390199900 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.390244007 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.391669989 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.391710043 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.391757965 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.391792059 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.393603086 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.393646002 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.393682003 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.393798113 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.395781040 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.395832062 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.395879030 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.395931005 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.395970106 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.395998955 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.396018028 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.396065950 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.396131992 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.396135092 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.397954941 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.397994995 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398032904 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398061037 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.398072004 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398114920 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.398123980 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398175001 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398219109 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398221970 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.398257017 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398303986 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.398686886 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398729086 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398768902 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.398772955 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.398863077 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.399622917 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.399666071 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.399704933 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.399758101 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.400609016 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.400640965 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.400700092 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.400718927 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.400796890 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.401575089 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.401604891 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.401633024 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.401676893 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.402661085 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.402693987 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.402719975 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.402744055 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.402786016 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.403605938 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.403635979 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.403697014 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.403764963 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.417509079 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.417562962 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.417612076 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.417639971 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.417681932 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.418488979 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.418539047 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.418581963 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.418592930 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.419804096 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.419853926 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.419871092 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.419895887 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.419945002 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.422352076 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.422405005 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.422449112 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.422625065 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.423188925 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.423238993 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.423254967 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.423281908 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.423340082 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.425618887 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.425658941 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.425733089 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.428277969 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.493275881 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493308067 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493325949 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493351936 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493443012 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.493474960 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.493554115 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493578911 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.493652105 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:39:13.493725061 CET | 443 | 49709 | 162.159.134.233 | 192.168.2.5 |
| Feb 12, 2021 19:39:13.544912100 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
| Feb 12, 2021 19:40:19.122873068 CET | 49709 | 443 | 192.168.2.5 | 162.159.134.233 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Feb 12, 2021 19:39:12.847662926 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:12.901578903 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:20.117603064 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:20.167531013 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:20.949692965 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:20.998332977 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:21.847783089 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:21.900568008 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:23.159027100 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:23.210644007 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:24.786776066 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:24.835724115 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:27.677092075 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:27.730287075 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:28.862818956 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:28.916677952 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:29.776531935 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:29.829895973 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:30.883977890 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:30.946824074 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:31.121857882 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:31.170511007 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:39.812098980 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:39.860742092 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:48.455224037 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:48.517560959 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:53.291927099 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:53.348943949 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:39:58.153609037 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:39:58.204525948 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:02.727237940 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:02.789319992 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:11.440280914 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:11.508692026 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:39.005584955 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:39.070374012 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:39.070493937 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:39.130650997 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:39.263901949 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:39.332546949 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:39.370762110 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:39.428996086 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:39.573430061 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:39.634572983 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:40.322938919 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:40.388392925 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:40.527709961 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:40.578511953 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:40.652638912 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:40.710012913 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:40.767175913 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:40.829327106 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:41.119926929 CET | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:41.179934978 CET | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:41.291948080 CET | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:41.355822086 CET | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:41.466799021 CET | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:41.531847954 CET | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:41.659954071 CET | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:41.730904102 CET | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:42.289730072 CET | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:42.352104902 CET | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:42.822513103 CET | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:42.875116110 CET | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:44.781487942 CET | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:44.840626955 CET | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:45.414455891 CET | 56895 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:45.467808008 CET | 53 | 56895 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:49.750647068 CET | 62372 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:49.810750008 CET | 53 | 62372 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:55.407075882 CET | 61515 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:55.472400904 CET | 53 | 61515 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:40:59.731561899 CET | 56675 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:40:59.791347980 CET | 53 | 56675 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:03.787647963 CET | 57172 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:03.846425056 CET | 53 | 57172 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:05.811400890 CET | 55267 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:05.891813040 CET | 53 | 55267 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:06.228884935 CET | 50969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:06.290657043 CET | 53 | 50969 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:06.725229979 CET | 64362 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:06.782314062 CET | 53 | 64362 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:07.696568966 CET | 54766 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:07.754977942 CET | 53 | 54766 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:12.098895073 CET | 61446 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:12.122212887 CET | 57515 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:12.161081076 CET | 53 | 61446 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:12.173568010 CET | 53 | 57515 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:12.346142054 CET | 58199 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:12.404568911 CET | 53 | 58199 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:16.770713091 CET | 65221 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:16.822163105 CET | 53 | 65221 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:17.795803070 CET | 61573 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:17.854777098 CET | 53 | 61573 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:18.812328100 CET | 56562 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:18.861107111 CET | 53 | 56562 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:19.573525906 CET | 53591 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:19.627435923 CET | 53 | 53591 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:21.716600895 CET | 59688 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:21.775773048 CET | 53 | 59688 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:22.722007036 CET | 56032 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:22.778975964 CET | 53 | 56032 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:25.731026888 CET | 61150 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:25.771728039 CET | 63458 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:25.790643930 CET | 53 | 61150 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:25.821655989 CET | 53 | 63458 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:25.971651077 CET | 50422 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:26.039793015 CET | 53 | 50422 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:26.505218983 CET | 53247 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:26.564394951 CET | 53 | 53247 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:26.704303980 CET | 58544 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:26.756351948 CET | 53 | 58544 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:29.879177094 CET | 53814 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:29.940694094 CET | 53 | 53814 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:34.794995070 CET | 51305 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:34.853214979 CET | 53 | 51305 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:38.711321115 CET | 53670 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:38.772607088 CET | 53 | 53670 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:41.919118881 CET | 55160 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:42.016376019 CET | 53 | 55160 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:42.573524952 CET | 61414 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:42.627928972 CET | 53 | 61414 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:42.889404058 CET | 63847 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:42.947263002 CET | 53 | 63847 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:43.507289886 CET | 61523 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:43.557326078 CET | 53 | 61523 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:43.973295927 CET | 50551 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:44.030577898 CET | 53 | 50551 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:44.435007095 CET | 62847 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:44.492425919 CET | 53 | 62847 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:44.932533026 CET | 57712 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:44.981132984 CET | 53 | 57712 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:45.454602003 CET | 61064 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:45.506191015 CET | 53 | 61064 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:46.069237947 CET | 61891 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:46.131855965 CET | 53 | 61891 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:46.762001991 CET | 61585 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:46.824454069 CET | 53 | 61585 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:47.211963892 CET | 65163 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:47.263428926 CET | 53 | 65163 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:47.727386951 CET | 58969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:47.778558016 CET | 53 | 58969 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:52.807904005 CET | 53977 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:52.858756065 CET | 53 | 53977 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:55.803329945 CET | 57147 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:55.862991095 CET | 53 | 57147 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:56.539375067 CET | 52381 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:56.588185072 CET | 53 | 52381 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:56.733515024 CET | 49231 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:56.790939093 CET | 53 | 49231 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:41:59.811423063 CET | 53217 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:41:59.862313986 CET | 53 | 53217 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:42:00.775614023 CET | 52554 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:42:00.834916115 CET | 53 | 52554 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:42:01.576595068 CET | 49603 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:42:01.625483990 CET | 53 | 49603 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:42:04.710470915 CET | 64476 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:42:04.767792940 CET | 53 | 64476 | 8.8.8.8 | 192.168.2.5 |
| Feb 12, 2021 19:42:10.212553978 CET | 49975 | 53 | 192.168.2.5 | 8.8.8.8 |
| Feb 12, 2021 19:42:10.263884068 CET | 53 | 49975 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Feb 12, 2021 19:39:12.847662926 CET | 192.168.2.5 | 8.8.8.8 | 0x5e9c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:39.005584955 CET | 192.168.2.5 | 8.8.8.8 | 0x3fb3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:39.070493937 CET | 192.168.2.5 | 8.8.8.8 | 0xc0b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:39.263901949 CET | 192.168.2.5 | 8.8.8.8 | 0x34d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:39.573430061 CET | 192.168.2.5 | 8.8.8.8 | 0xa643 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:40.322938919 CET | 192.168.2.5 | 8.8.8.8 | 0xdb4e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:40.652638912 CET | 192.168.2.5 | 8.8.8.8 | 0xbddd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:40.767175913 CET | 192.168.2.5 | 8.8.8.8 | 0xfc8d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:41.119926929 CET | 192.168.2.5 | 8.8.8.8 | 0x9639 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:41.291948080 CET | 192.168.2.5 | 8.8.8.8 | 0x6dd7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:41.466799021 CET | 192.168.2.5 | 8.8.8.8 | 0xb600 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:41.659954071 CET | 192.168.2.5 | 8.8.8.8 | 0x607e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:42.289730072 CET | 192.168.2.5 | 8.8.8.8 | 0xbb49 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:42.822513103 CET | 192.168.2.5 | 8.8.8.8 | 0x8ec9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:44.781487942 CET | 192.168.2.5 | 8.8.8.8 | 0x502e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:45.414455891 CET | 192.168.2.5 | 8.8.8.8 | 0x6061 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:49.750647068 CET | 192.168.2.5 | 8.8.8.8 | 0x6743 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:55.407075882 CET | 192.168.2.5 | 8.8.8.8 | 0xf73 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:40:59.731561899 CET | 192.168.2.5 | 8.8.8.8 | 0x6cba | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:03.787647963 CET | 192.168.2.5 | 8.8.8.8 | 0x7a52 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:05.811400890 CET | 192.168.2.5 | 8.8.8.8 | 0xa4e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:06.228884935 CET | 192.168.2.5 | 8.8.8.8 | 0x4451 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:06.725229979 CET | 192.168.2.5 | 8.8.8.8 | 0x6a20 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:07.696568966 CET | 192.168.2.5 | 8.8.8.8 | 0x36c6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:12.098895073 CET | 192.168.2.5 | 8.8.8.8 | 0x65d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:12.122212887 CET | 192.168.2.5 | 8.8.8.8 | 0xb246 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:12.346142054 CET | 192.168.2.5 | 8.8.8.8 | 0xb0e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:16.770713091 CET | 192.168.2.5 | 8.8.8.8 | 0x31ad | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:17.795803070 CET | 192.168.2.5 | 8.8.8.8 | 0x335f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:18.812328100 CET | 192.168.2.5 | 8.8.8.8 | 0x77d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:19.573525906 CET | 192.168.2.5 | 8.8.8.8 | 0x6068 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:21.716600895 CET | 192.168.2.5 | 8.8.8.8 | 0xa2f4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:22.722007036 CET | 192.168.2.5 | 8.8.8.8 | 0xc29a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:25.731026888 CET | 192.168.2.5 | 8.8.8.8 | 0x5956 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:25.771728039 CET | 192.168.2.5 | 8.8.8.8 | 0xd322 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:25.971651077 CET | 192.168.2.5 | 8.8.8.8 | 0x5841 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:26.505218983 CET | 192.168.2.5 | 8.8.8.8 | 0xa9b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:29.879177094 CET | 192.168.2.5 | 8.8.8.8 | 0xdf54 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:34.794995070 CET | 192.168.2.5 | 8.8.8.8 | 0x1fd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:38.711321115 CET | 192.168.2.5 | 8.8.8.8 | 0x603d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:42.889404058 CET | 192.168.2.5 | 8.8.8.8 | 0x278f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:47.727386951 CET | 192.168.2.5 | 8.8.8.8 | 0x49da | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:52.807904005 CET | 192.168.2.5 | 8.8.8.8 | 0x7fe | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:55.803329945 CET | 192.168.2.5 | 8.8.8.8 | 0x5345 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:56.539375067 CET | 192.168.2.5 | 8.8.8.8 | 0xaa3d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:56.733515024 CET | 192.168.2.5 | 8.8.8.8 | 0x11e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:41:59.811423063 CET | 192.168.2.5 | 8.8.8.8 | 0x1b4b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:42:00.775614023 CET | 192.168.2.5 | 8.8.8.8 | 0x8d5d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:42:01.576595068 CET | 192.168.2.5 | 8.8.8.8 | 0x3f9a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:42:04.710470915 CET | 192.168.2.5 | 8.8.8.8 | 0x936d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Feb 12, 2021 19:42:10.212553978 CET | 192.168.2.5 | 8.8.8.8 | 0x4b39 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Feb 12, 2021 19:39:12.901578903 CET | 8.8.8.8 | 192.168.2.5 | 0x5e9c | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:39:12.901578903 CET | 8.8.8.8 | 192.168.2.5 | 0x5e9c | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:39:12.901578903 CET | 8.8.8.8 | 192.168.2.5 | 0x5e9c | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:39:12.901578903 CET | 8.8.8.8 | 192.168.2.5 | 0x5e9c | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:39:12.901578903 CET | 8.8.8.8 | 192.168.2.5 | 0x5e9c | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:39.070374012 CET | 8.8.8.8 | 192.168.2.5 | 0x3fb3 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:39.130650997 CET | 8.8.8.8 | 192.168.2.5 | 0xc0b9 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:39.332546949 CET | 8.8.8.8 | 192.168.2.5 | 0x34d7 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:39.634572983 CET | 8.8.8.8 | 192.168.2.5 | 0xa643 | No error (0) | o.lencr.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.388392925 CET | 8.8.8.8 | 192.168.2.5 | 0xdb4e | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.388392925 CET | 8.8.8.8 | 192.168.2.5 | 0xdb4e | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.388392925 CET | 8.8.8.8 | 192.168.2.5 | 0xdb4e | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.388392925 CET | 8.8.8.8 | 192.168.2.5 | 0xdb4e | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.388392925 CET | 8.8.8.8 | 192.168.2.5 | 0xdb4e | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.710012913 CET | 8.8.8.8 | 192.168.2.5 | 0xbddd | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | checkip.check-ip.aws.a2z.com | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | checkip.us-east-1.prod.check-ip.aws.a2z.com | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 107.21.162.206 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 3.222.126.94 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 34.200.69.241 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 52.20.197.7 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 34.192.7.28 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 52.204.109.97 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 34.193.115.2 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:40.829327106 CET | 8.8.8.8 | 192.168.2.5 | 0xfc8d | No error (0) | 52.206.184.85 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.179934978 CET | 8.8.8.8 | 192.168.2.5 | 0x9639 | No error (0) | 143.204.15.205 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.179934978 CET | 8.8.8.8 | 192.168.2.5 | 0x9639 | No error (0) | 143.204.15.163 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.179934978 CET | 8.8.8.8 | 192.168.2.5 | 0x9639 | No error (0) | 143.204.15.149 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.179934978 CET | 8.8.8.8 | 192.168.2.5 | 0x9639 | No error (0) | 143.204.15.190 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.355822086 CET | 8.8.8.8 | 192.168.2.5 | 0x6dd7 | No error (0) | 143.204.15.108 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.355822086 CET | 8.8.8.8 | 192.168.2.5 | 0x6dd7 | No error (0) | 143.204.15.37 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.355822086 CET | 8.8.8.8 | 192.168.2.5 | 0x6dd7 | No error (0) | 143.204.15.46 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.355822086 CET | 8.8.8.8 | 192.168.2.5 | 0x6dd7 | No error (0) | 143.204.15.2 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.531847954 CET | 8.8.8.8 | 192.168.2.5 | 0xb600 | No error (0) | 143.204.15.46 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.531847954 CET | 8.8.8.8 | 192.168.2.5 | 0xb600 | No error (0) | 143.204.15.37 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.531847954 CET | 8.8.8.8 | 192.168.2.5 | 0xb600 | No error (0) | 143.204.15.108 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.531847954 CET | 8.8.8.8 | 192.168.2.5 | 0xb600 | No error (0) | 143.204.15.2 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.730904102 CET | 8.8.8.8 | 192.168.2.5 | 0x607e | No error (0) | 143.204.15.29 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.730904102 CET | 8.8.8.8 | 192.168.2.5 | 0x607e | No error (0) | 143.204.15.36 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.730904102 CET | 8.8.8.8 | 192.168.2.5 | 0x607e | No error (0) | 143.204.15.47 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:41.730904102 CET | 8.8.8.8 | 192.168.2.5 | 0x607e | No error (0) | 143.204.15.203 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.352104902 CET | 8.8.8.8 | 192.168.2.5 | 0xbb49 | No error (0) | 34.199.8.144 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.875116110 CET | 8.8.8.8 | 192.168.2.5 | 0x8ec9 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.875116110 CET | 8.8.8.8 | 192.168.2.5 | 0x8ec9 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.875116110 CET | 8.8.8.8 | 192.168.2.5 | 0x8ec9 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.875116110 CET | 8.8.8.8 | 192.168.2.5 | 0x8ec9 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:42.875116110 CET | 8.8.8.8 | 192.168.2.5 | 0x8ec9 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:44.840626955 CET | 8.8.8.8 | 192.168.2.5 | 0x502e | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:44.840626955 CET | 8.8.8.8 | 192.168.2.5 | 0x502e | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:44.840626955 CET | 8.8.8.8 | 192.168.2.5 | 0x502e | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:44.840626955 CET | 8.8.8.8 | 192.168.2.5 | 0x502e | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:44.840626955 CET | 8.8.8.8 | 192.168.2.5 | 0x502e | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:45.467808008 CET | 8.8.8.8 | 192.168.2.5 | 0x6061 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:45.467808008 CET | 8.8.8.8 | 192.168.2.5 | 0x6061 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:45.467808008 CET | 8.8.8.8 | 192.168.2.5 | 0x6061 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:45.467808008 CET | 8.8.8.8 | 192.168.2.5 | 0x6061 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:45.467808008 CET | 8.8.8.8 | 192.168.2.5 | 0x6061 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:49.810750008 CET | 8.8.8.8 | 192.168.2.5 | 0x6743 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:49.810750008 CET | 8.8.8.8 | 192.168.2.5 | 0x6743 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:49.810750008 CET | 8.8.8.8 | 192.168.2.5 | 0x6743 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:49.810750008 CET | 8.8.8.8 | 192.168.2.5 | 0x6743 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:49.810750008 CET | 8.8.8.8 | 192.168.2.5 | 0x6743 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:55.472400904 CET | 8.8.8.8 | 192.168.2.5 | 0xf73 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:55.472400904 CET | 8.8.8.8 | 192.168.2.5 | 0xf73 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:55.472400904 CET | 8.8.8.8 | 192.168.2.5 | 0xf73 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:55.472400904 CET | 8.8.8.8 | 192.168.2.5 | 0xf73 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:55.472400904 CET | 8.8.8.8 | 192.168.2.5 | 0xf73 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:59.791347980 CET | 8.8.8.8 | 192.168.2.5 | 0x6cba | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:59.791347980 CET | 8.8.8.8 | 192.168.2.5 | 0x6cba | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:59.791347980 CET | 8.8.8.8 | 192.168.2.5 | 0x6cba | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:59.791347980 CET | 8.8.8.8 | 192.168.2.5 | 0x6cba | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:40:59.791347980 CET | 8.8.8.8 | 192.168.2.5 | 0x6cba | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:03.846425056 CET | 8.8.8.8 | 192.168.2.5 | 0x7a52 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:03.846425056 CET | 8.8.8.8 | 192.168.2.5 | 0x7a52 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:03.846425056 CET | 8.8.8.8 | 192.168.2.5 | 0x7a52 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:03.846425056 CET | 8.8.8.8 | 192.168.2.5 | 0x7a52 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:03.846425056 CET | 8.8.8.8 | 192.168.2.5 | 0x7a52 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:05.891813040 CET | 8.8.8.8 | 192.168.2.5 | 0xa4e5 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:06.290657043 CET | 8.8.8.8 | 192.168.2.5 | 0x4451 | No error (0) | o.lencr.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:41:06.782314062 CET | 8.8.8.8 | 192.168.2.5 | 0x6a20 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:07.754977942 CET | 8.8.8.8 | 192.168.2.5 | 0x36c6 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:07.754977942 CET | 8.8.8.8 | 192.168.2.5 | 0x36c6 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:07.754977942 CET | 8.8.8.8 | 192.168.2.5 | 0x36c6 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:07.754977942 CET | 8.8.8.8 | 192.168.2.5 | 0x36c6 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:07.754977942 CET | 8.8.8.8 | 192.168.2.5 | 0x36c6 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.161081076 CET | 8.8.8.8 | 192.168.2.5 | 0x65d0 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.161081076 CET | 8.8.8.8 | 192.168.2.5 | 0x65d0 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.161081076 CET | 8.8.8.8 | 192.168.2.5 | 0x65d0 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.161081076 CET | 8.8.8.8 | 192.168.2.5 | 0x65d0 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.161081076 CET | 8.8.8.8 | 192.168.2.5 | 0x65d0 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.173568010 CET | 8.8.8.8 | 192.168.2.5 | 0xb246 | No error (0) | 5.9.243.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:12.404568911 CET | 8.8.8.8 | 192.168.2.5 | 0xb0e | No error (0) | o.lencr.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:41:16.822163105 CET | 8.8.8.8 | 192.168.2.5 | 0x31ad | No error (0) | 5.9.243.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:17.854777098 CET | 8.8.8.8 | 192.168.2.5 | 0x335f | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:17.854777098 CET | 8.8.8.8 | 192.168.2.5 | 0x335f | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:17.854777098 CET | 8.8.8.8 | 192.168.2.5 | 0x335f | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:17.854777098 CET | 8.8.8.8 | 192.168.2.5 | 0x335f | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:17.854777098 CET | 8.8.8.8 | 192.168.2.5 | 0x335f | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:18.861107111 CET | 8.8.8.8 | 192.168.2.5 | 0x77d0 | No error (0) | 5.9.243.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:19.627435923 CET | 8.8.8.8 | 192.168.2.5 | 0x6068 | No error (0) | 5.9.243.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:21.775773048 CET | 8.8.8.8 | 192.168.2.5 | 0xa2f4 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:21.775773048 CET | 8.8.8.8 | 192.168.2.5 | 0xa2f4 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:21.775773048 CET | 8.8.8.8 | 192.168.2.5 | 0xa2f4 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:21.775773048 CET | 8.8.8.8 | 192.168.2.5 | 0xa2f4 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:21.775773048 CET | 8.8.8.8 | 192.168.2.5 | 0xa2f4 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:22.778975964 CET | 8.8.8.8 | 192.168.2.5 | 0xc29a | No error (0) | 5.9.243.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.790643930 CET | 8.8.8.8 | 192.168.2.5 | 0x5956 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.790643930 CET | 8.8.8.8 | 192.168.2.5 | 0x5956 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.790643930 CET | 8.8.8.8 | 192.168.2.5 | 0x5956 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.790643930 CET | 8.8.8.8 | 192.168.2.5 | 0x5956 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.790643930 CET | 8.8.8.8 | 192.168.2.5 | 0x5956 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.821655989 CET | 8.8.8.8 | 192.168.2.5 | 0xd322 | No error (0) | 216.239.32.21 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.821655989 CET | 8.8.8.8 | 192.168.2.5 | 0xd322 | No error (0) | 216.239.34.21 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.821655989 CET | 8.8.8.8 | 192.168.2.5 | 0xd322 | No error (0) | 216.239.38.21 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:25.821655989 CET | 8.8.8.8 | 192.168.2.5 | 0xd322 | No error (0) | 216.239.36.21 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:26.039793015 CET | 8.8.8.8 | 192.168.2.5 | 0x5841 | No error (0) | pki-goog.l.google.com | CNAME (Canonical name) | IN (0x0001) | ||
| Feb 12, 2021 19:41:26.564394951 CET | 8.8.8.8 | 192.168.2.5 | 0xa9b8 | No error (0) | 172.67.75.219 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:26.564394951 CET | 8.8.8.8 | 192.168.2.5 | 0xa9b8 | No error (0) | 104.26.9.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:26.564394951 CET | 8.8.8.8 | 192.168.2.5 | 0xa9b8 | No error (0) | 104.26.8.187 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:29.940694094 CET | 8.8.8.8 | 192.168.2.5 | 0xdf54 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:29.940694094 CET | 8.8.8.8 | 192.168.2.5 | 0xdf54 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:29.940694094 CET | 8.8.8.8 | 192.168.2.5 | 0xdf54 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:29.940694094 CET | 8.8.8.8 | 192.168.2.5 | 0xdf54 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:29.940694094 CET | 8.8.8.8 | 192.168.2.5 | 0xdf54 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:34.853214979 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:34.853214979 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:34.853214979 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:34.853214979 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:34.853214979 CET | 8.8.8.8 | 192.168.2.5 | 0x1fd | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:38.772607088 CET | 8.8.8.8 | 192.168.2.5 | 0x603d | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:38.772607088 CET | 8.8.8.8 | 192.168.2.5 | 0x603d | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:38.772607088 CET | 8.8.8.8 | 192.168.2.5 | 0x603d | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:38.772607088 CET | 8.8.8.8 | 192.168.2.5 | 0x603d | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:38.772607088 CET | 8.8.8.8 | 192.168.2.5 | 0x603d | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:42.947263002 CET | 8.8.8.8 | 192.168.2.5 | 0x278f | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:42.947263002 CET | 8.8.8.8 | 192.168.2.5 | 0x278f | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:42.947263002 CET | 8.8.8.8 | 192.168.2.5 | 0x278f | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:42.947263002 CET | 8.8.8.8 | 192.168.2.5 | 0x278f | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:42.947263002 CET | 8.8.8.8 | 192.168.2.5 | 0x278f | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:47.778558016 CET | 8.8.8.8 | 192.168.2.5 | 0x49da | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:47.778558016 CET | 8.8.8.8 | 192.168.2.5 | 0x49da | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:47.778558016 CET | 8.8.8.8 | 192.168.2.5 | 0x49da | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:47.778558016 CET | 8.8.8.8 | 192.168.2.5 | 0x49da | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:47.778558016 CET | 8.8.8.8 | 192.168.2.5 | 0x49da | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:52.858756065 CET | 8.8.8.8 | 192.168.2.5 | 0x7fe | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:52.858756065 CET | 8.8.8.8 | 192.168.2.5 | 0x7fe | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:52.858756065 CET | 8.8.8.8 | 192.168.2.5 | 0x7fe | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:52.858756065 CET | 8.8.8.8 | 192.168.2.5 | 0x7fe | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:52.858756065 CET | 8.8.8.8 | 192.168.2.5 | 0x7fe | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:55.862991095 CET | 8.8.8.8 | 192.168.2.5 | 0x5345 | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.588185072 CET | 8.8.8.8 | 192.168.2.5 | 0xaa3d | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.588185072 CET | 8.8.8.8 | 192.168.2.5 | 0xaa3d | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.588185072 CET | 8.8.8.8 | 192.168.2.5 | 0xaa3d | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.588185072 CET | 8.8.8.8 | 192.168.2.5 | 0xaa3d | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.588185072 CET | 8.8.8.8 | 192.168.2.5 | 0xaa3d | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.790939093 CET | 8.8.8.8 | 192.168.2.5 | 0x11e5 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.790939093 CET | 8.8.8.8 | 192.168.2.5 | 0x11e5 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.790939093 CET | 8.8.8.8 | 192.168.2.5 | 0x11e5 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.790939093 CET | 8.8.8.8 | 192.168.2.5 | 0x11e5 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:56.790939093 CET | 8.8.8.8 | 192.168.2.5 | 0x11e5 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:41:59.862313986 CET | 8.8.8.8 | 192.168.2.5 | 0x1b4b | No error (0) | 35.201.120.147 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:00.834916115 CET | 8.8.8.8 | 192.168.2.5 | 0x8d5d | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:00.834916115 CET | 8.8.8.8 | 192.168.2.5 | 0x8d5d | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:00.834916115 CET | 8.8.8.8 | 192.168.2.5 | 0x8d5d | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:00.834916115 CET | 8.8.8.8 | 192.168.2.5 | 0x8d5d | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:00.834916115 CET | 8.8.8.8 | 192.168.2.5 | 0x8d5d | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:01.625483990 CET | 8.8.8.8 | 192.168.2.5 | 0x3f9a | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:01.625483990 CET | 8.8.8.8 | 192.168.2.5 | 0x3f9a | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:01.625483990 CET | 8.8.8.8 | 192.168.2.5 | 0x3f9a | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:01.625483990 CET | 8.8.8.8 | 192.168.2.5 | 0x3f9a | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:01.625483990 CET | 8.8.8.8 | 192.168.2.5 | 0x3f9a | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:04.767792940 CET | 8.8.8.8 | 192.168.2.5 | 0x936d | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:04.767792940 CET | 8.8.8.8 | 192.168.2.5 | 0x936d | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:04.767792940 CET | 8.8.8.8 | 192.168.2.5 | 0x936d | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:04.767792940 CET | 8.8.8.8 | 192.168.2.5 | 0x936d | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:04.767792940 CET | 8.8.8.8 | 192.168.2.5 | 0x936d | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:10.263884068 CET | 8.8.8.8 | 192.168.2.5 | 0x4b39 | No error (0) | 162.159.135.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:10.263884068 CET | 8.8.8.8 | 192.168.2.5 | 0x4b39 | No error (0) | 162.159.137.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:10.263884068 CET | 8.8.8.8 | 192.168.2.5 | 0x4b39 | No error (0) | 162.159.128.233 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:10.263884068 CET | 8.8.8.8 | 192.168.2.5 | 0x4b39 | No error (0) | 162.159.136.232 | A (IP address) | IN (0x0001) | ||
| Feb 12, 2021 19:42:10.263884068 CET | 8.8.8.8 | 192.168.2.5 | 0x4b39 | No error (0) | 162.159.138.232 | A (IP address) | IN (0x0001) |
HTTPS Packets |
|---|
| Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
|---|---|---|---|---|---|---|---|---|---|---|
| Feb 12, 2021 19:39:13.060504913 CET | 162.159.134.233 | 443 | 192.168.2.5 | 49709 | CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US | CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Tue Jan 19 01:00:00 CET 2021 Mon Jan 27 13:46:39 CET 2020 | Wed Jan 19 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025 | 769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,0 | 54328bd36c14bd82ddaa0c04b25ed9ad |
| CN=Cloudflare Inc RSA CA-2, O="Cloudflare, Inc.", C=US | CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE | Mon Jan 27 13:46:39 CET 2020 | Wed Jan 01 00:59:59 CET 2025 |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
Behavior |
|---|
Click to jump to process
System Behavior |
|---|
General |
|---|
| Start time: | 19:39:08 |
| Start date: | 12/02/2021 |
| Path: | C:\Users\user\Desktop\2.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0xac0000 |
| File size: | 121856 bytes |
| MD5 hash: | 3F6FCDAA059D9BA461578374C74E5696 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | low |
General |
|---|
| Start time: | 19:39:13 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:39:13 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7ecfc0000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:39:14 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\net.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff64e5e0000 |
| File size: | 56832 bytes |
| MD5 hash: | 15534275EDAABC58159DD0F8607A71E5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
General |
|---|
| Start time: | 19:39:14 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\net1.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7cc470000 |
| File size: | 175104 bytes |
| MD5 hash: | AF569DE92AB6C1B9C681AF1E799F9983 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
General |
|---|
| Start time: | 19:39:15 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff617cb0000 |
| File size: | 447488 bytes |
| MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
General |
|---|
| Start time: | 19:39:32 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff617cb0000 |
| File size: | 447488 bytes |
| MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
General |
|---|
| Start time: | 19:39:48 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff617cb0000 |
| File size: | 447488 bytes |
| MD5 hash: | 95000560239032BC68B4C2FDFCDEF913 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:13 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\timeout.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7ef080000 |
| File size: | 30720 bytes |
| MD5 hash: | EB9A65078396FB5D4E3813BB9198CB18 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
General |
|---|
| Start time: | 19:40:15 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff748630000 |
| File size: | 163840 bytes |
| MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:18 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff748630000 |
| File size: | 163840 bytes |
| MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:20 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:20 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7ecfc0000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:20 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
General |
|---|
| Start time: | 19:40:20 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:21 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wbem\WMIC.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff637bc0000 |
| File size: | 521728 bytes |
| MD5 hash: | EC80E603E0090B3AC3C1234C2BA43A0F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:21 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7ecfc0000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:26 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff748630000 |
| File size: | 163840 bytes |
| MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:28 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:28 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7ecfc0000 |
| File size: | 625664 bytes |
| MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:29 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\cmd.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7eef80000 |
| File size: | 273920 bytes |
| MD5 hash: | 4E2ACF4F8A396486AB4268C94A6A245F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:29 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wbem\WMIC.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff637bc0000 |
| File size: | 521728 bytes |
| MD5 hash: | EC80E603E0090B3AC3C1234C2BA43A0F |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
General |
|---|
| Start time: | 19:40:33 |
| Start date: | 12/02/2021 |
| Path: | C:\Windows\System32\wscript.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff748630000 |
| File size: | 163840 bytes |
| MD5 hash: | 9A68ADD12EB50DDE7586782C3EB9FF9C |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Function 00007FFA1D93BE6D, Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C060, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93BF78, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93BF3E, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C54C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C44C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C34C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C24C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C14C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93BFB2, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C18C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C28C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C38C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C48C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93BFEC, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C1CC, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C2CC, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C3CC, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C4CC, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C026, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93BF04, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C20C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C10C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C30C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C40C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D93C50C, Relevance: .0, Instructions: 30COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D919D27, Relevance: .7, Instructions: 749COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9186BC, Relevance: .5, Instructions: 523COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E81BD, Relevance: .4, Instructions: 424COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E8251, Relevance: .2, Instructions: 179COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D911C59, Relevance: .2, Instructions: 171COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E4370, Relevance: .1, Instructions: 146COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D91749C, Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D916488, Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D917F4C, Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E4101, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E43BC, Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D911775, Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D91A008, Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D917BC8, Relevance: .0, Instructions: 24COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 00007FFA1D911958, Relevance: .4, Instructions: 374COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D919D27, Relevance: .7, Instructions: 740COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9186BC, Relevance: .5, Instructions: 523COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E81BD, Relevance: .4, Instructions: 443COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E6BBA, Relevance: .2, Instructions: 175COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9EB86A, Relevance: .2, Instructions: 174COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9EAAEA, Relevance: .2, Instructions: 170COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D91749C, Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D916488, Relevance: .1, Instructions: 101COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D917F4C, Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E40CF, Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9E43BC, Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D911775, Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D917BA8, Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D91A008, Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D919BA3, Relevance: .7, Instructions: 726COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9D81BD, Relevance: .4, Instructions: 440COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D91749C, Relevance: .1, Instructions: 117COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D917D9C, Relevance: .1, Instructions: 99COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9D40CF, Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9D43BC, Relevance: .1, Instructions: 62COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9185D8, Relevance: .1, Instructions: 55COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D911775, Relevance: .0, Instructions: 49COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D9179F8, Relevance: .0, Instructions: 41COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D919E58, Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00007FFA1D915BAD, Relevance: .0, Instructions: 20COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |