Play interactive tourEdit tour
Analysis Report 4AtUJN8Hdu.exe
Overview
General Information
Detection
GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Contains functionality to hide a thread from the debugger
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected VB6 Downloader Generic
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found WSH timer for Javascript or VBS script (likely evasive script)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_VB6DownloaderGeneric | Yara detected VB6 Downloader Generic | Joe Security | ||
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for dropped file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Source: | IP Address: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Process Stats: |
Source: | Code function: | 26_2_00566C80 | |
Source: | Code function: | 26_2_00566766 | |
Source: | Code function: | 26_2_0056631A | |
Source: | Code function: | 26_2_00560534 | |
Source: | Code function: | 26_2_00566E75 | |
Source: | Code function: | 26_2_0056061B | |
Source: | Code function: | 26_2_005606D3 | |
Source: | Code function: | 26_2_00560EDD | |
Source: | Code function: | 26_2_00566EDB | |
Source: | Code function: | 26_2_005668F5 | |
Source: | Code function: | 26_2_00566CE5 | |
Source: | Code function: | 26_2_0056069F | |
Source: | Code function: | 26_2_00566C99 | |
Source: | Code function: | 26_2_00566EA3 | |
Source: | Code function: | 26_2_00560743 | |
Source: | Code function: | 26_2_00566D6A | |
Source: | Code function: | 26_2_00560F68 | |
Source: | Code function: | 26_2_005605DE | |
Source: | Code function: | 26_2_00566DD9 | |
Source: | Code function: | 26_2_005659CD | |
Source: | Code function: | 26_2_00560DBD | |
Source: | Code function: | 26_2_00560FA1 | |
Source: | Code function: | 26_2_00566DAB |
Source: | Code function: | 0_2_00402BF9 | |
Source: | Code function: | 26_2_00564B29 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Yara detected VB6 Downloader Generic | Show sources |
Source: | File source: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 0_2_00405471 | |
Source: | Code function: | 0_2_0040488A | |
Source: | Code function: | 0_2_0040769B |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File opened / queried: | Jump to behavior |
Source: | Code function: | 26_2_00560A8C |
Source: | Window found: | Jump to behavior |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Contains functionality to hide a thread from the debugger | Show sources |
Source: | Code function: | 26_2_0056631A |
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 26_2_00560A8C |
Source: | Code function: | 26_2_00563623 |
Source: | Code function: | 26_2_0056229F | |
Source: | Code function: | 26_2_0056631A | |
Source: | Code function: | 26_2_00561AD5 | |
Source: | Code function: | 26_2_005662DB | |
Source: | Code function: | 26_2_005654F7 | |
Source: | Code function: | 26_2_005622AB | |
Source: | Code function: | 26_2_00564D4A | |
Source: | Code function: | 26_2_0056632D | |
Source: | Code function: | 26_2_00562FEA | |
Source: | Code function: | 26_2_00565582 |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 26_2_00560ABC |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting11 | Registry Run Keys / Startup Folder1 | Process Injection12 | Masquerading1 | Input Capture1 | Query Registry1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Registry Run Keys / Startup Folder1 | Virtualization/Sandbox Evasion22 | LSASS Memory | Security Software Discovery531 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Virtualization/Sandbox Evasion22 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting11 | NTDS | Process Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol12 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery22 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
36% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
36% | Virustotal | Browse | ||
43% | ReversingLabs | Win32.Trojan.Razy |
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mtspsmjeli.sch.id | 103.150.60.242 | true | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.150.60.242 | unknown | unknown | 45325 | PC24NET-AS-IDPTPC24TelekomunikasiIndonesiaID | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356514 |
Start date: | 23.02.2021 |
Start time: | 09:15:52 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 4AtUJN8Hdu.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 33 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@11/3@1/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:20:29 | Autostart | |
09:20:37 | Autostart |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.150.60.242 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
mtspsmjeli.sch.id | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PC24NET-AS-IDPTPC24TelekomunikasiIndonesiaID | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\4AtUJN8Hdu.exe |
File Type: | |
Category: | modified |
Size (bytes): | 400 |
Entropy (8bit): | 3.4932995649361622 |
Encrypted: | false |
SSDEEP: | 12:4D8o++ugypjBQMBvFQ4lOAMJnAGF0M/0aimi:4Dh+S0FNOj7F0Nait |
MD5: | 69339977F20CBF10E59B9609355FDAD1 |
SHA1: | 28275BF11AF1EAA7B41AB836BBFD85F9A59C99EF |
SHA-256: | 180976FE30D7F115FF9112B387D7CC4B533B2E58EDCDC6EFA18121C590C59D9A |
SHA-512: | 17A8ABD09E280000D4CADB466777CDF83387D7021572FFC8360A01CDD2B13FC5A81351FA2708AC74B441B0C7DE2B0A9ACF0CF28EDCAE7C12101268C541288764 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\4AtUJN8Hdu.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 5.230002912507913 |
Encrypted: | false |
SSDEEP: | 1536:gJ2bp/9/xkVSY5anKZRaTa5BXJMtpEL2bp/9/x:0J6Krd5BkWL |
MD5: | D7E81ABCE9332847471B89E50B241172 |
SHA1: | A6455D3A4FB9C2E5627DCBF46702A4E16C2492DA |
SHA-256: | 6141EFB6F1598E2205806C5A788E61C489440DFC942984EE1688BB68AD0F18DF |
SHA-512: | 5847AEDD8D283CEA10D87C290ABCA0CF0B4D2C1BBDC102236675539A92FA02C10A756CF61CC55390A6D89CD30951876971C8791F75E8F368A7FAE7324C9A112C |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\4AtUJN8Hdu.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.230002912507913 |
TrID: |
|
File name: | 4AtUJN8Hdu.exe |
File size: | 106496 |
MD5: | d7e81abce9332847471b89e50b241172 |
SHA1: | a6455d3a4fb9c2e5627dcbf46702a4e16c2492da |
SHA256: | 6141efb6f1598e2205806c5a788e61c489440dfc942984ee1688bb68ad0f18df |
SHA512: | 5847aedd8d283cea10d87c290abca0cf0b4d2c1bbdc102236675539a92fa02c10a756cf61cc55390a6d89cd30951876971c8791f75e8f368a7fae7324c9a112c |
SSDEEP: | 1536:gJ2bp/9/xkVSY5anKZRaTa5BXJMtpEL2bp/9/x:0J6Krd5BkWL |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......W.x.....................\...T...%.......Rich............................PE..L......S.................@...p......x........P....@ |
File Icon |
---|
Icon Hash: | d8d490d4c4bcdef9 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401378 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x538FC9BC [Thu Jun 5 01:37:00 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 5fb04c04dc9621084e24b4642ca2fed6 |
Entrypoint Preview |
---|
Instruction |
---|
push 004101B4h |
call 00007F1ED08C0F45h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edi+0BC44A38h], al |
jnl 00007F1ED08C0F8Dh |
dec esi |
mov ecx, F0416DF8h |
in eax, dx |
xchg eax, edi |
adc eax, dword ptr [eax] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+66h], al |
jbe 00007F1ED08C0FBBh |
insb |
jnc 00007F1ED08C0FB7h |
outsb |
jc 00007F1ED08C0FC1h |
outsd |
imul ax, word ptr [eax], 0000h |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
or eax, 09262CFCh |
aad FDh |
inc ax |
mov si, fs |
ror dh, 1 |
inc eax |
mov dh, 29h |
cmp esp, dword ptr [edx+55C5B56Bh] |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x14214 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18000 | 0x309c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x238 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x114 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x136dc | 0x14000 | False | 0.342736816406 | data | 5.75844927708 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0x2560 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18000 | 0x309c | 0x4000 | False | 0.113586425781 | data | 3.24841708527 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x193f4 | 0x1ca8 | data | ||
RT_ICON | 0x1874c | 0xca8 | data | ||
RT_ICON | 0x183e4 | 0x368 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x183b4 | 0x30 | data | ||
RT_VERSION | 0x18150 | 0x264 | data | Hungarian | Hungary |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaLateMemSt, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x040e 0x04b0 |
InternalName | Ridgepieceudtrreu |
FileVersion | 1.00 |
CompanyName | ColdStone |
Comments | ColdStone |
ProductName | ColdStone |
ProductVersion | 1.00 |
OriginalFilename | Ridgepieceudtrreu.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Hungarian | Hungary |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 09:20:25.306189060 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.546380997 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.546622038 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.547291040 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.785558939 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785808086 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785835981 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785864115 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785896063 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785933971 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785979986 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.785988092 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786012888 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786014080 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.786031961 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786050081 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.786082983 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.786094904 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786125898 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:25.786132097 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786165953 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:25.786194086 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.024648905 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024682045 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024698019 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024723053 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024744034 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024766922 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024792910 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024822950 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024846077 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024872065 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024893999 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024916887 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024924040 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.024940968 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024965048 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.024967909 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.024969101 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.024991989 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025003910 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.025022984 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025043964 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.025049925 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025073051 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025084019 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.025094032 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025118113 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.025125027 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.025166988 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263392925 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263434887 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263458967 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263484001 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263510942 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263537884 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263562918 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263591051 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263614893 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263617992 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263648987 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263674974 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263675928 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263703108 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263725996 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263734102 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263761044 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263771057 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263787985 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263813972 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.263830900 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.263887882 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264000893 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264030933 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264058113 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264084101 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264087915 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264111042 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264141083 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264162064 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264168024 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264197111 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264195919 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264225006 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264246941 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264348984 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264554977 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264586926 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264614105 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264641047 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264640093 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264668941 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264693975 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264704943 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264722109 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264746904 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264771938 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264799118 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264800072 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264827013 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264843941 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264858007 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.264892101 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264942884 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.264992952 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.265019894 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.265058994 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.265103102 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.265125036 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.265175104 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502198935 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502230883 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502252102 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502274990 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502296925 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502316952 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502340078 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502361059 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502367020 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502388000 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502430916 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502464056 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502506971 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502528906 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502552032 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502573967 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502598047 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502619028 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502643108 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502664089 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502686977 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502727032 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502731085 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502742052 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502743959 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502747059 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502748966 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502753019 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502777100 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502778053 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502800941 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502815962 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502825022 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502854109 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502862930 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502882004 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.502904892 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502948046 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.502990007 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.503022909 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.503046989 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.503046989 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.503066063 CET | 80 | 49744 | 103.150.60.242 | 192.168.2.5 |
Feb 23, 2021 09:20:26.503087044 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:26.503117085 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
Feb 23, 2021 09:20:29.932291985 CET | 49744 | 80 | 192.168.2.5 | 103.150.60.242 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 23, 2021 09:16:35.875375032 CET | 54302 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:35.920758009 CET | 53784 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:35.924000978 CET | 53 | 54302 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:35.970035076 CET | 53 | 53784 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:36.036746025 CET | 65307 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:36.056230068 CET | 64344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:36.088133097 CET | 53 | 65307 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:36.104971886 CET | 53 | 64344 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:36.110393047 CET | 62060 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:36.140278101 CET | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:36.158941984 CET | 53 | 62060 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:36.188792944 CET | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:37.256527901 CET | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:37.313708067 CET | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:38.418143034 CET | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:38.469527960 CET | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:39.499136925 CET | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:39.549823046 CET | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:40.508593082 CET | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:40.570327044 CET | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:41.166428089 CET | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:41.216890097 CET | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:42.329469919 CET | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:42.381705999 CET | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:43.563045025 CET | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:43.614485979 CET | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:45.872351885 CET | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:45.923912048 CET | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:47.141741991 CET | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:47.190421104 CET | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:48.148422956 CET | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:48.199995995 CET | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:16:49.148196936 CET | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:16:49.199858904 CET | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:17:00.655234098 CET | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:17:00.717153072 CET | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:17:31.297343016 CET | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:17:31.358980894 CET | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:17:31.649241924 CET | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:17:31.706415892 CET | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:17:40.235011101 CET | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:17:40.284209013 CET | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:17:58.219697952 CET | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:17:58.278436899 CET | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:18:42.023427010 CET | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:18:42.072043896 CET | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:08.678245068 CET | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:08.743278980 CET | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:24.523102045 CET | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:24.592647076 CET | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:25.511943102 CET | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:25.571974993 CET | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:27.038763046 CET | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:27.096163988 CET | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:27.591542959 CET | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:27.677416086 CET | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:28.470954895 CET | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:28.528254032 CET | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:29.725474119 CET | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:29.782422066 CET | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:30.400315046 CET | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:30.457479954 CET | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:31.863471985 CET | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:31.924844027 CET | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:33.234102011 CET | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:33.291179895 CET | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:19:33.741686106 CET | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:19:33.798862934 CET | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
Feb 23, 2021 09:20:24.687385082 CET | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
Feb 23, 2021 09:20:25.205091000 CET | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 23, 2021 09:20:24.687385082 CET | 192.168.2.5 | 8.8.8.8 | 0xf2e7 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 23, 2021 09:20:25.205091000 CET | 8.8.8.8 | 192.168.2.5 | 0xf2e7 | No error (0) | 103.150.60.242 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49744 | 103.150.60.242 | 80 | C:\Users\user\Desktop\4AtUJN8Hdu.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Feb 23, 2021 09:20:25.547291040 CET | 6237 | OUT | |
Feb 23, 2021 09:20:25.785808086 CET | 6239 | IN |