Create Interactive Tour

Windows Analysis Report https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1scv1300x175.png

Overview

General Information

Sample URL:	https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png
Analysis ID:	443563
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Process Tree

System is w10x64

iexplore.exe (PID: 2940 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)

iexplore.exe (PID: 4344 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2940 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

• Compliance
• Networking
• System Summary

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.dr	String found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)

Source: unknown

DNS traffic detected: queries for: d2cli4kgl5uxre.cloudfront.net

Source: msapplication.xml.1.dr	String found in binary or memory: http://www.amazon.com/
Source: msapplication.xml1.1.dr	String found in binary or memory: http://www.google.com/
Source: msapplication.xml2.1.dr	String found in binary or memory: http://www.live.com/
Source: msapplication.xml3.1.dr	String found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.dr	String found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.dr	String found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.dr	String found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.dr	String found in binary or memory: http://www.youtube.com/
Source: ~DF60B379D76751B6AC.TMP.1.dr	String found in binary or memory: https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png
Source: {BF8839AD-DB90-11EB-90E5-ECF4BB570DC9}.dat.1.dr	String found in binary or memory: https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.pngRoot

Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49703 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.224.99.64:443 -> 192.168.2.5:49712 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@3/16@2/1

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF8839AB-DB90-11EB-90E5-ECF4BB570DC9}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DFD6477A1275EEC8CA.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2940 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2940 CREDAT:17410 /prefetch:2	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading1	OS Credential Dumping	File and Directory Discovery1	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png	0%	Virustotal		Browse
https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png	0%	Avira URL Cloud	safe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe
http://www.wikipedia.com/	0%	URL Reputation	safe

Domains and IPs Download Network PCAP: filtered – full

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
d2cli4kgl5uxre.cloudfront.net	13.224.99.64	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.wikipedia.com/	msapplication.xml6.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.amazon.com/	msapplication.xml.1.dr	false		high
http://www.nytimes.com/	msapplication.xml3.1.dr	false		high
http://www.live.com/	msapplication.xml2.1.dr	false		high
http://www.reddit.com/	msapplication.xml4.1.dr	false		high
http://www.twitter.com/	msapplication.xml5.1.dr	false		high
http://www.youtube.com/	msapplication.xml7.1.dr	false		high
https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png	~DF60B379D76751B6AC.TMP.1.dr	false		high
https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.pngRoot	{BF8839AD-DB90-11EB-90E5-ECF4BB570DC9}.dat.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
13.224.99.64	d2cli4kgl5uxre.cloudfront.net	United States		16509	AMAZON-02US	false

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	443563
Start date:	02.07.2021
Start time:	16:53:02
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 2m 55s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean0.win@3/16@2/1
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): taskhostw.exe, BackgroundTransferHost.exe, ielowutil.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe Excluded IPs from analysis (whitelisted): 204.79.197.200, 13.107.21.200, 20.82.210.154, 93.184.220.29, 23.211.6.115, 104.43.139.144, 23.203.80.193, 13.64.90.137, 23.211.4.86, 152.199.19.161, 20.50.102.62 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, e12564.dspb.akamaiedge.net, go.microsoft.com, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, skypedataprdcolcus16.cloudapp.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, cs9.wpc.v0cdn.net Not all processes where analyzed, report is missing behavior information

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BF8839AB-DB90-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	30296
Entropy (8bit):	1.8548942045953742
Encrypted:	false
SSDEEP:	96:reZlZt28WrtzbfkfFOKMP9Oq+vOQsxfpfKO6X:reZlZt28WrtnfktXM1tQfifpynX
MD5:	E9CD487242D19F87435C74D37F0A3604
SHA1:	E19E40EDCB5F004C5374AF47B58A201C213FB302
SHA-256:	1F3A6796E33641EA3400A96B3A4CB2107B3A65FD45C44DCCF7B46F53EE282AD9
SHA-512:	33757591C3DC1214FC97FA3D4EFD684A4A27BA4A5CB459C12F162D3C2D6C4647D89D7E3596A6B97E892DB122F73418CDC3E34A7D265419BF967B30C884B190FA
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF8839AD-DB90-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	24296
Entropy (8bit):	1.6544028327925744
Encrypted:	false
SSDEEP:	48:Iwe1GcprkOGwpaX1G4pQ5nGrapbSZdGQpBCGHHpckgTGUp8kjUGzYpmkl3GopdSM:rUZnQX6FBSVjZ2FWRMmzf6gMg
MD5:	1F0C1316C2A8A364D8662E6E035BF321
SHA1:	A70E9538BBC2C2D21D25276796E26F0E7E328D3A
SHA-256:	A4737EC6239C639F8AF5292A917C273829D16556D0DABCBBB42C66498B7F90CB
SHA-512:	54871939555C060ECF2A4ECA159A5055FA359A9097DC4CE7F3963727F12DE98798E3788F9DF06F77329109134791043CFAC123F1B8D84331D758E46B61B85C06
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF8839AE-DB90-11EB-90E5-ECF4BB570DC9}.dat Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	Microsoft Word Document
Category:	dropped
Size (bytes):	16984
Entropy (8bit):	1.5645745218068567
Encrypted:	false
SSDEEP:	48:IwW0GcprofGwpaO0G4pQ8mGrapbSkGQpKfG7HpRQTGIpG:rhZCQV6TBS8AuTEA
MD5:	8CBE73E92376FA8308C0B19FC237DF01
SHA1:	533E32A4E7CA1461EBDB07B7532D0EA0D592D520
SHA-256:	AD5F2BD6D56DD0613FC441E9BDB5426D4CDC02E2C1F08364FEC94DB4F00FD415
SHA-512:	2374B81C3F83D7C552DE3C51F78B47248CACD82BECDDD4D6EDCC7809A3A8113BCDDEE1A5552E7147DE111FE02C97E517924BF756F7AE65D476FB9661FEC6FDD8
Malicious:	false
Reputation:	low
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.106143785729734
Encrypted:	false
SSDEEP:	12:TMHdNMNxOEUCnWimI002EtM3MHdNMNxOEUCnWimI00ONVbkEtMb:2d6NxOzCSZHKd6NxOzCSZ7Qb
MD5:	3D04950652AB42B4BA9659296C440537
SHA1:	507934C00ACC2C841EB8D71B049D8DF19FD98060
SHA-256:	B7B44783ECAC51500417C8A6E1D6306D7E00FD5871C28A9208C75F24C7735898
SHA-512:	75176C6110527EDD7B2A6C5C755F05322E98E375E9E84DAC8B7EC346AAA609A59164DFD65A552242E63186453C442671E9192ED29F9129BEDF9A82C7F8AA63BB
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.097779253590866
Encrypted:	false
SSDEEP:	12:TMHdNMNxe2kF1YCnWimI002EtM3MHdNMNxe2kF1YCnWimI00ONkak6EtMb:2d6NxrK1YCSZHKd6NxrK1YCSZ72a7b
MD5:	B42FFBCA7189FE9DF5CD852C7F6E6999
SHA1:	0473C8843320C7D7CEA5DCA433C5101BE252F845
SHA-256:	2DCA7D092F6B3485D25B0078401BD100BCFD34099598784AAE00A1503943489F
SHA-512:	C4D18501107C80973A517110CEE66103CF0F0E7FC63C201638B55A4A5E5132B3EB2F9E37A9CB1BC54B4ABD9D43B2F5793F3C4696464903A056DDCE037C86139A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x950a9ff7,0x01d76f9d</date><accdate>0x950a9ff7,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x950a9ff7,0x01d76f9d</date><accdate>0x950a9ff7,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	663
Entropy (8bit):	5.124764022858371
Encrypted:	false
SSDEEP:	12:TMHdNMNxvLUCnWimI002EtM3MHdNMNxvLUCnWimI00ONmZEtMb:2d6Nxv4CSZHKd6Nxv4CSZ7Ub
MD5:	8E2706BBFF8A1F14B372058DED73092A
SHA1:	47A748F5A9500CB03FD1BBC8359DC30A10ED7EFA
SHA-256:	2777F881B333C2D238A2A6844EA730F483AB4A8C7FA0B465AF4EA9B379EF15AB
SHA-512:	4C363C42B9A09CDB640002F30321B754BF715E3FEB8A88783640DE0197E33C13AD13D59BFAD59AEF89628FB720B93927664D18A47B8A3AD81B108086A165EF90
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	648
Entropy (8bit):	5.133862254393244
Encrypted:	false
SSDEEP:	12:TMHdNMNxiiCnWimI002EtM3MHdNMNxiiCnWimI00ONd5EtMb:2d6NxzCSZHKd6NxzCSZ7njb
MD5:	9DEF6F4929C0BBE7663AC4CFA6B5D874
SHA1:	0459D0B94F864C68BFBC870BF3E8642CFD703A6E
SHA-256:	4DC04E01B1A6B0DD98E28B9B3D6EAC90A57170268CC5EAF47ACEB184A50DA548
SHA-512:	FFBB344ED7430D98132FDF666469DB78CC03527BF8531E2DAF99E1731DB22DAB80F1FCEB1102C7C0605D1A691F128224C07F3D530CFC01B60B9C1612D6E91CF6
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.140393029680655
Encrypted:	false
SSDEEP:	12:TMHdNMNxhGwUCnWimI002EtM3MHdNMNxhGwUCnWimI00ON8K075EtMb:2d6NxQPCSZHKd6NxQPCSZ7uKajb
MD5:	12668332F394C5A8C4E1A3BB9A10BD65
SHA1:	FF9F6D30A942B666E0B847CFC17720A21670C62D
SHA-256:	2B3542AB7F7C7E54F384C076330C4C5892C129EAD518498F90422D2D3C183B2D
SHA-512:	0A28E6AFFD8E555152A129DEE033CB450539B756BC4D828C602B03A7B287F82406FCD038FFB8B052FC71F0F4C8FC1EA4B2B8AE742BE5229A580F8769943CCF2D
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.107399741424728
Encrypted:	false
SSDEEP:	12:TMHdNMNx0nUCnWimI002EtM3MHdNMNx0nUCnWimI00ONxEtMb:2d6Nx0UCSZHKd6Nx0UCSZ7Vb
MD5:	04BC9D28DFA251E2052BB9092AE1023A
SHA1:	A3EB8BFBA7C8A400FB3A2F5A18A204DFF0A54BDE
SHA-256:	85F67C3D2019B5434F0465F945EB4B27308DDF1897927670360E9D1F9749AD5D
SHA-512:	0AE54E3FDD99A2582A06FB4FE5553BB3C1F729D5DA6D668D4BE7C5761961831B2E64AB60B6FA2961A546E6FBFA1874D5FD81CDC59F72D9D60924EB023D398018
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x9519e237,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	657
Entropy (8bit):	5.158228667241834
Encrypted:	false
SSDEEP:	12:TMHdNMNxxiCnWimI002EtM3MHdNMNxxHCnWimI00ON6Kq5EtMb:2d6NxICSZHKd6NxhCSZ7ub
MD5:	C24DF3B4319CDC0FFC3EBFF74C4821F1
SHA1:	4F2CE6CA4F804F464F97E8B1E7B69ADE0E43CFE2
SHA-256:	0462EC227EBC3D23046C3A86BE00481EBB57474A1AD766CAF6C87A2FDEA18E45
SHA-512:	47C2F6583CD1F5B240BE34B493F822A5029CC9BB4A8A57FC3C749A55FEC4C09A01D4AA300947A89BA7B14617C31D8CA9B164EC16DB662E39FD27EA872B4A6DDE
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x9519e237,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	660
Entropy (8bit):	5.137709306440082
Encrypted:	false
SSDEEP:	12:TMHdNMNxciCnWimI002EtM3MHdNMNxciCnWimI00ONVEtMb:2d6NxhCSZHKd6NxhCSZ71b
MD5:	F0E7C5714B1ED2D8BBB216028AB51AE7
SHA1:	274D9BEFB8439BE1F0163BD0F0F6D57A0BC52319
SHA-256:	3954B7C061C8326EED86C40F71135827379A78758F9CF20A6AD630CB09D4B380
SHA-512:	C45BB9DA29C7E8807165C4233E59AECA158E12669156770EEB3CD326232C0BD383F816AB777298FFC2BAE651C8EBB48D387C0C63CD32460C9C95E17D8AA66D0C
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	654
Entropy (8bit):	5.1189133877605935
Encrypted:	false
SSDEEP:	12:TMHdNMNxfniCnWimI002EtM3MHdNMNxfniCnWimI00ONe5EtMb:2d6Nx6CSZHKd6Nx6CSZ7Ejb
MD5:	206DD354000E9E2FA07A602B151DBC2C
SHA1:	523A4C108ADD465DA809DBBA6E3F3D19C0B4439C
SHA-256:	456FA8C3E816E196AD5B1FC6F1B881F6964EF349F9B319C21BD70B8710E54640
SHA-512:	A9B468CB200F7F32759D21023D8B9DC4326280972110626ADEEF96C8E114A5748612A835B2DE349048065867C4F015855C1B6E1D6E1C7EDFC80705B26195722A
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x95124117,0x01d76f9d</date><accdate>0x95124117,0x01d76f9d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\f4abf7670d580d0656263b3baab7a6f1__scv1__300x175[1].png Download File
Process:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type:	PNG image data, 300 x 175, 8-bit/color RGB, non-interlaced
Category:	downloaded
Size (bytes):	88765
Entropy (8bit):	7.983016813082584
Encrypted:	false
SSDEEP:	1536:8iCorDMT1X3VldMQ0hfjo3Hth1iQFsRzj+fGHG5xHGbFsrCKu3Fm5ziG:xCoHMTp3VMTLo3HtHFsl+f9G5sQs5ziG
MD5:	4770EE6ECF7E3B3D21797BE56511E6A3
SHA1:	AFCF7D60D2A0F29816207701E7086632858CF348
SHA-256:	B44FD11DD1C8670FA2E83BE9BBEA19D3845A6891A8C68A50D9B034BCBEB77D73
SHA-512:	F1B0FBD52B52B26D7A0C75311719DD229C4C051F628653239967EB3B985A7AD67C868581BE336B12820D334020F5702087EF61798208BDBF73381F0CB3693409
Malicious:	false
Reputation:	low
IE Cache URL:	https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png
Preview:	.PNG........IHDR...,..........Lt.....IDATx.....f.q.....o...3....`..0I.c...v.$U.$?..q*U..b.1-.-QT.N$R.........`.....,...~.w/HJe..\...~.9.y..y..........#Pv........-.A0@.. ....3.... .k.@..{........s$.c.....@..2..c..7......c...S..h....=Q2hb..d-.c..-......U....>....Zk\.1...2..9.s.}L.....ry....%C...C....3X[.\r&;K..4.l..R2d....r"..E.E.{..O.......M....'0.B.r.%..9.n..in.....k...w.y....?\|.umS.a.....L..2)..3.%Xy......O.0d........iS...4u...;9>..'>.O..?....k...^O...s.8D.T;_U..<..(gH...&.I.+.........o.syyz..3.V.i.4....s>..s..X............./.g.......=\|x.i........T.{.7.R.k.s.g.%..#.~y.k.........W.(..R..7.. Z.<$..;..5.>s&......[=....X.....y...Yt.+dy.9.....".D).h.&.l..u.W.y...2..rO..:..F>. ...M.c.z...^.0......{k.....H~D.EP...kt.RJ.f.d.\..&}y.n..s..=V.%..A..^.:.......l~.%;.l2Z.9.....V.,&g....L..T.....IE..&U.....g{.........{`..(D........\|.............O.......g...~........Q........P.H.. .P.c.............B.&/e&H....9.\./....>..W..Y..{.........

C:\Users\user\AppData\Local\Temp\~DF3CCF126109EE1559.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	25441
Entropy (8bit):	0.27918767598683664
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRx/9lRJ9lTb9lTb9lSSU9lSSU9laAa/9laA:kBqoxxJhHWSVSEab
MD5:	AB889A32AB9ACD33E816C2422337C69A
SHA1:	1190C6B34DED2D295827C2A88310D10A8B90B59B
SHA-256:	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
SHA-512:	BD250855747BB4CEC61814D0E44F810156D390E3E9F120A12935EFDF80ACA33C4777AD66257CCA4E4003FEF0741692894980B9298F01C4CDD2D8A9C7BB522FB6
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DF60B379D76751B6AC.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	34489
Entropy (8bit):	0.3733841462271264
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9lRg9lRA9lTS9lTy9lSSd9lSSd9lwE9lw09l2kd9l2kd9lL:kBqoxKAuvScS+XZkYkpklIklPSlbS611
MD5:	E4FFEEF64B2610E7EDD894EDCDC5CBFB
SHA1:	A52492469160CD0EA45F06832EE40A895903441F
SHA-256:	C835500A071C9AC7619E4BAC1AE688ED228FA02034D332E142368F39B2D3B37E
SHA-512:	863A3FD54359C45981BC716AA754B5211A67037B01A7E5EDAA2A942F598245521669A96DD0344BA19D15BD0AA822471DDBECB13910389780A6DC7983E82B3294
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\~DFD6477A1275EEC8CA.TMP Download File
Process:	C:\Program Files\internet explorer\iexplore.exe
File Type:	data
Category:	dropped
Size (bytes):	13029
Entropy (8bit):	0.47803240630797317
Encrypted:	false
SSDEEP:	24:c9lLh9lLh9lIn9lIn9loQ9log9lWxrxyO:kBqoIrNxFyO
MD5:	5C2CCA3A34EC01B118C3FF2820BF7037
SHA1:	C4FDC046322622D6E672CBC5086336F0CC1717CC
SHA-256:	31B337AC49DB93EE3D6FA0F04E5D211B09313371B6C46923726CC1B074C978C9
SHA-512:	107F50E276E0FFE1102295336230858BD98D8A28A99228B05A3B23D9AF15FD54A30C97ADC22AA37B8B4F4B33BC2E22E84A9796AFFA74D2ED9311A74E96165311
Malicious:	false
Reputation:	low
Preview:	.............................%..H..M..{y..+.0...(................... ...............................................%..H..M..{y..+.0...(................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

No static file info

Network Behavior

Download Network PCAP: filtered – full

Network Port Distribution

Total Packets: 140
• 443 (HTTPS)
• 53 (DNS)

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2021 16:53:53.146476030 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.146687984 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.185610056 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.185682058 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.185734987 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.185786963 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.193001032 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.193095922 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.231689930 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.231759071 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.231813908 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.231856108 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.231878042 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.231880903 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.231925011 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.231937885 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.231973886 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.232023954 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.232028008 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.232068062 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.232081890 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.232120037 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.233426094 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.233529091 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.234044075 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.234117031 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.279977083 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.280819893 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.287254095 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.287358046 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.288144112 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.318384886 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.318475008 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.318517923 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.318548918 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.318578005 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.319412947 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.319505930 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.319564104 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.319590092 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.319631100 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.320122004 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.320672989 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.326442003 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.326499939 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.326587915 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.326754093 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.326802015 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.326848984 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.326859951 CEST	49702	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.330497026 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.330553055 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.330590963 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.330601931 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.330609083 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.330650091 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.330666065 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.330704927 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.331244946 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.331301928 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.331320047 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.331366062 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.332309008 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.332361937 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.332385063 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.332421064 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.333422899 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.333479881 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.333509922 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.333542109 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.335979939 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336031914 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336055994 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.336081982 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336129904 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336157084 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.336191893 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.336199045 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.336729050 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336783886 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.336869001 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.336913109 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.337990046 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.338038921 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.338177919 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.338282108 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.339000940 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.339059114 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.339076996 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.339145899 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.340018988 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.340071917 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.340081930 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.340122938 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.341068029 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.341123104 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.341192007 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.341209888 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.342700005 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.342758894 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.342787981 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.342828035 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.360040903 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.360105991 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.360167027 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.360205889 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.361313105 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.361377001 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.361397982 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.361423969 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.361476898 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.361613035 CEST	443	49702	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.365667105 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.365734100 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.365765095 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.365802050 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.369055986 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.369154930 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.369285107 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.369352102 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.369569063 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.369621038 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.369636059 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.369676113 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.370953083 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.371036053 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.371320009 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.371458054 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.371510029 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.371521950 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.371557951 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.372752905 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.372814894 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.372839928 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.372862101 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.373725891 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.373805046 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.374620914 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.374769926 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.374798059 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.374844074 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.374871016 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.374905109 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.375976086 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.376291037 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.376332045 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.376364946 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.376960993 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.377019882 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.377041101 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.377098083 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.378990889 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.379051924 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.379075050 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.379108906 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.379129887 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.379189968 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.379225016 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.379254103 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.381437063 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.381491899 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.381526947 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.381541967 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.381545067 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.381591082 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.381592989 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.381648064 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.382502079 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.382560968 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.382575035 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.382612944 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.384188890 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.384243011 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.384258032 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.384285927 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.385090113 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.385143995 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.385162115 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.385198116 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.385734081 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.385786057 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.385799885 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.385835886 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.387330055 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:53.387415886 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.693218946 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:53:53.735294104 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:54.319628954 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:54.319649935 CEST	443	49703	13.224.99.64	192.168.2.5
Jul 2, 2021 16:53:54.319742918 CEST	49703	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.405842066 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.446203947 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.446301937 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.448170900 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.488208055 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.488405943 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.488440037 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.488471031 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.488527060 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.488554955 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.488558054 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.490216970 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.490313053 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.496279955 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.537292004 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.537775040 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:09.537887096 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.539995909 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:09.578460932 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:10.175225973 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:10.175257921 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:10.175359011 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:10.175498009 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:10.176018953 CEST	49712	443	192.168.2.5	13.224.99.64
Jul 2, 2021 16:54:10.215719938 CEST	443	49712	13.224.99.64	192.168.2.5
Jul 2, 2021 16:54:10.215869904 CEST	49712	443	192.168.2.5	13.224.99.64

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2021 16:53:41.914885998 CEST	54302	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:41.957325935 CEST	53784	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:41.979867935 CEST	53	54302	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:42.027436018 CEST	53	53784	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:42.119311094 CEST	65307	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:42.133737087 CEST	64344	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:42.182598114 CEST	53	64344	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:42.187057972 CEST	53	65307	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:44.390999079 CEST	62060	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:44.447403908 CEST	53	62060	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:49.131194115 CEST	61805	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:49.178563118 CEST	53	61805	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:50.977763891 CEST	54795	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:51.031366110 CEST	53	54795	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:51.808376074 CEST	49557	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:51.862929106 CEST	53	49557	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:52.131309032 CEST	61733	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:52.178903103 CEST	53	61733	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:53.075203896 CEST	65447	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:53.135827065 CEST	53	65447	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:53.192220926 CEST	52441	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:53.249068022 CEST	53	52441	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:54.131989002 CEST	62176	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:54.180099964 CEST	53	62176	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:55.288147926 CEST	59596	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:55.344865084 CEST	53	59596	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:56.693172932 CEST	65296	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:56.740639925 CEST	53	65296	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:57.936172962 CEST	63183	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:57.984045982 CEST	53	63183	8.8.8.8	192.168.2.5
Jul 2, 2021 16:53:58.927349091 CEST	60151	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:53:58.982105017 CEST	53	60151	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:00.888005018 CEST	56969	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:00.935303926 CEST	53	56969	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:02.287689924 CEST	55161	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:02.336441994 CEST	53	55161	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:09.339073896 CEST	54757	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:09.402959108 CEST	53	54757	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:12.244457006 CEST	49992	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:12.303044081 CEST	53	49992	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:21.809102058 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:21.865552902 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:22.147732973 CEST	55016	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:22.219686985 CEST	53	55016	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:22.506256104 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:22.558799982 CEST	53	64345	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:22.799690962 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:22.845679045 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:23.501136065 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:23.558669090 CEST	53	64345	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:23.815785885 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:23.861638069 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:24.516052008 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:24.567344904 CEST	53	64345	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:25.902900934 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:25.949779987 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:26.534333944 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:26.583252907 CEST	53	64345	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:29.907428026 CEST	60075	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:29.955662012 CEST	53	60075	8.8.8.8	192.168.2.5
Jul 2, 2021 16:54:30.547861099 CEST	64345	53	192.168.2.5	8.8.8.8
Jul 2, 2021 16:54:30.611287117 CEST	53	64345	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 2, 2021 16:53:53.075203896 CEST	192.168.2.5	8.8.8.8	0xa901	Standard query (0)	d2cli4kgl5uxre.cloudfront.net	A (IP address)	IN (0x0001)
Jul 2, 2021 16:54:09.339073896 CEST	192.168.2.5	8.8.8.8	0xe3d0	Standard query (0)	d2cli4kgl5uxre.cloudfront.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jul 2, 2021 16:53:53.135827065 CEST	8.8.8.8	192.168.2.5	0xa901	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.64	A (IP address)	IN (0x0001)
Jul 2, 2021 16:53:53.135827065 CEST	8.8.8.8	192.168.2.5	0xa901	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.2	A (IP address)	IN (0x0001)
Jul 2, 2021 16:53:53.135827065 CEST	8.8.8.8	192.168.2.5	0xa901	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.4	A (IP address)	IN (0x0001)
Jul 2, 2021 16:53:53.135827065 CEST	8.8.8.8	192.168.2.5	0xa901	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.35	A (IP address)	IN (0x0001)
Jul 2, 2021 16:54:09.402959108 CEST	8.8.8.8	192.168.2.5	0xe3d0	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.64	A (IP address)	IN (0x0001)
Jul 2, 2021 16:54:09.402959108 CEST	8.8.8.8	192.168.2.5	0xe3d0	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.4	A (IP address)	IN (0x0001)
Jul 2, 2021 16:54:09.402959108 CEST	8.8.8.8	192.168.2.5	0xe3d0	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.2	A (IP address)	IN (0x0001)
Jul 2, 2021 16:54:09.402959108 CEST	8.8.8.8	192.168.2.5	0xe3d0	No error (0)	d2cli4kgl5uxre.cloudfront.net	13.224.99.35	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jul 2, 2021 16:53:53.233426094 CEST	13.224.99.64	443	192.168.2.5	49703	CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jul 2, 2021 16:53:53.234044075 CEST	13.224.99.64	443	192.168.2.5	49702	CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0	9e10692f1b7f78228b2d4e424db3a98c
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034
Jul 2, 2021 16:54:09.490216970 CEST	13.224.99.64	443	192.168.2.5	49712	CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009	Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Amazon, OU=Server CA 1B, O=Amazon, C=US	CN=Amazon Root CA 1, O=Amazon, C=US	Thu Oct 22 02:00:00 CEST 2015	Sun Oct 19 02:00:00 CEST 2025
					CN=Amazon Root CA 1, O=Amazon, C=US	CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	Mon May 25 14:00:00 CEST 2015	Thu Dec 31 02:00:00 CET 2037
					CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US	OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US	Wed Sep 02 02:00:00 CEST 2009	Wed Jun 28 19:39:16 CEST 2034

Code Manipulations

Statistics

CPU Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Memory Usage

• iexplore.exe
• iexplore.exe

Click to jump to process

Behavior

• iexplore.exe
• iexplore.exe

Click to jump to process

System Behavior

Analysis Process: iexplore.exe PID: 2940 Parent PID: 792

Function Logs

General

Start time:	16:53:50
Start date:	02/07/2021
Path:	C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase:	0x7ff605660000
File size:	823560 bytes
MD5 hash:	6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Language or Locale ID Queried

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Window UI Enumerated

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Analysis Process: iexplore.exe PID: 4344 Parent PID: 2940

Function Logs

General

Start time:	16:53:51
Start date:	02/07/2021
Path:	C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:2940 CREDAT:17410 /prefetch:2
Imagebase:	0xe60000
File size:	822536 bytes
MD5 hash:	071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

File Activities

Show Windows behavior

Section Activities

Sections loaded by Windows

Show Windows behavior

Registry Activities

Show Windows behavior

Mutex Activities

Show Windows behavior

Process Activities

Process Information Set

Show Windows behavior

Thread Activities

Thread Information Set

Show Windows behavior

Memory Activities

Memory Usage Statistics

Show Windows behavior

System Activities

Show Windows behavior

Timing Activities

Show Windows behavior

Windows UI Activities

Show Windows behavior

Network Activities

Show Windows behavior

Object Security Activities

Show Windows behavior

LPC Port Activities

Chronological Activities

Disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1__scv1__300x175.png

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Signature Overview

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: iexplore.exe PID: 2940 Parent PID: 792

General

File Activities

File Opened

File Created

File Written

File Read

File Attributes Queried

Directory Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Registry Activities

Key Opened

Key Value Created

Key Value Modified

Key Value Deleted

Windows Analysis Report https://d2cli4kgl5uxre.cloudfront.net/ML/f4abf7670d580d0656263b3baab7a6f1scv1300x175.png