Play interactive tour
Edit tourAnalysis Report kMroyG6lXZ.exe
Overview
General Information
| Sample Name: | kMroyG6lXZ.exe |
| Analysis ID: | 399804 |
| MD5: | 9ce4c8a45c002bb230764b42b9211086 |
| SHA1: | 435e3955dfcfb36e60ab31bdd309bf72ab5de377 |
| SHA256: | a0faa82eeb65dec2d55e0041f18eb27652dafd93dc25e105927303e277cd8df6 |
| Tags: | exeRedLineStealer |
| Infos: | |
Most interesting Screenshot:  | |
Detection
RedLine
| Score: | 96 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected RedLine Stealer
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Enables debug privileges
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Classification
Startup |
|---|
|
Malware Configuration |
|---|
Threatname: RedLine |
|---|
{"C2 url": "bumblebee2021.store:80|trusmileveneers.store:80|lazerprojekt.store:80", "Bot Id": "118"}Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 1 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| JoeSecurity_RedLine | Yara detected RedLine Stealer | Joe Security | ||
| Click to see the 13 entries | ||||
Sigma Overview |
|---|
| No Sigma rule has matched |
|---|
Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: |   |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for domain / URL | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Machine Learning detection for sample | Show sources | ||
| Source: | Joe Sandbox ML: | ||
Compliance: | |
|---|
| Detected unpacking (overwrites its own PE header) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 0_2_00408C60 | |
| Source: | Code function: | 0_2_0040DC11 | |
| Source: | Code function: | 0_2_00407C3F | |
| Source: | Code function: | 0_2_00418CCC | |
| Source: | Code function: | 0_2_00406CA0 | |
| Source: | Code function: | 0_2_004028B0 | |
| Source: | Code function: | 0_2_0041A4BE | |
| Source: | Code function: | 0_2_00418244 | |
| Source: | Code function: | 0_2_00401650 | |
| Source: | Code function: | 0_2_00402F20 | |
| Source: | Code function: | 0_2_004193C4 | |
| Source: | Code function: | 0_2_00418788 | |
| Source: | Code function: | 0_2_00402F89 | |
| Source: | Code function: | 0_2_00402B90 | |
| Source: | Code function: | 0_2_004073A0 | |
| Source: | Code function: | 0_2_00437040 | |
| Source: | Code function: | 0_2_00437C30 | |
| Source: | Code function: | 0_2_00439D7C | |
| Source: | Code function: | 0_2_0043792B | |
| Source: | Code function: | 0_2_004365D1 | |
| Source: | Code function: | 0_2_00436AFC | |
| Source: | Code function: | 0_2_004376B0 | |
| Source: | Code function: | 0_2_0043570B | |
| Source: | Code function: | 0_2_02082B00 | |
| Source: | Code function: | 0_2_02087856 | |
| Source: | Code function: | 0_2_020818A0 | |
| Source: | Code function: | 0_2_02083170 | |
| Source: | Code function: | 0_2_020989D8 | |
| Source: | Code function: | 0_2_020831D9 | |
| Source: | Code function: | 0_2_0208DE61 | |
| Source: | Code function: | 0_2_02087E8F | |
| Source: | Code function: | 0_2_02088EB0 | |
| Source: | Code function: | 0_2_02086EF0 | |
| Source: | Code function: | 0_2_0209A70E | |
| Source: | Code function: | 0_2_02098F1C | |
| Source: | Code function: | 0_2_020877C2 | |
| Source: | Code function: | 0_2_02098494 | |
| Source: | Code function: | 0_2_02082DE0 | |
| Source: | Code function: | 0_2_022ADB28 | |
| Source: | Code function: | 0_2_022AF4D0 | |
| Source: | Code function: | 0_2_022ACDF0 | |
| Source: | Static PE information: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Command line argument: | 0_2_00413780 | |
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation: | |
|---|
| Detected unpacking (changes PE section rights) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Detected unpacking (overwrites its own PE header) | Show sources | ||
| Source: | Unpacked PE file: | ||
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 0_2_0041C4E2 | |
| Source: | Code function: | 0_2_00423179 | |
| Source: | Code function: | 0_2_0041C4E2 | |
| Source: | Code function: | 0_2_00423179 | |
| Source: | Code function: | 0_2_0040E230 | |
| Source: | Code function: | 0_2_0041C6BF | |
| Source: | Code function: | 0_2_0209C10F | |
| Source: | Code function: | 0_2_0209BF32 | |
| Source: | Code function: | 0_2_0209BF32 | |
| Source: | Code function: | 0_2_0208E480 | |
| Source: | Static PE information: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Thread sleep count: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_0040CE09 | |
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Code function: | 0_2_004019F0 | |
| Source: | Code function: | 0_2_0208092B | |
| Source: | Code function: | 0_2_02080D90 | |
| Source: | Code function: | 0_2_0040ADB0 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 0_2_0040CE09 | |
| Source: | Code function: | 0_2_0040E61C | |
| Source: | Code function: | 0_2_00416F6A | |
| Source: | Code function: | 0_2_004123F1 | |
| Source: | Code function: | 0_2_0208D059 | |
| Source: | Code function: | 0_2_0208E86C | |
| Source: | Code function: | 0_2_020971BA | |
| Source: | Code function: | 0_2_02092641 | |
| Source: | Memory allocated: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 0_2_00417A20 | |
| Source: | Code function: | 0_2_00433B40 | |
| Source: | Code function: | 0_2_02097C70 | |
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 0_2_00412A15 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information: | |
|---|
| Yara detected RedLine Stealer | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Found many strings related to Crypto-Wallets (likely being stolen) | Show sources | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Remote Access Functionality: | |
|---|
| Yara detected RedLine Stealer | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Command and Scripting Interpreter2 | Path Interception | Process Injection1 | Virtualization/Sandbox Evasion1 | OS Credential Dumping | System Time Discovery1 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Security Software Discovery31 | Remote Desktop Protocol | Data from Local System1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information3 | LSA Secrets | Remote System Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing22 | Cached Domain Credentials | System Information Discovery23 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 28% | Virustotal | Browse | ||
| 36% | ReversingLabs | Win32.Trojan.Pwsx | ||
| 100% | Joe Sandbox ML |
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 10% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| bumblebee2021.store | unknown | unknown | true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| true |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| true |
| low | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| true |
| unknown |
Contacted IPs |
|---|
General Information |
|---|
| Joe Sandbox Version: | 32.0.0 Black Diamond |
| Analysis ID: | 399804 |
| Start date: | 29.04.2021 |
| Start time: | 09:35:34 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 6m 1s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | kMroyG6lXZ.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 24 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal96.troj.spyw.evad.winEXE@1/0@103/1 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| No simulations |
|---|
Joe Sandbox View / Context |
|---|
Created / dropped Files |
|---|
| No created / dropped files found |
|---|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 7.371549573822333 |
| TrID: |
|
| File name: | kMroyG6lXZ.exe |
| File size: | 278016 |
| MD5: | 9ce4c8a45c002bb230764b42b9211086 |
| SHA1: | 435e3955dfcfb36e60ab31bdd309bf72ab5de377 |
| SHA256: | a0faa82eeb65dec2d55e0041f18eb27652dafd93dc25e105927303e277cd8df6 |
| SHA512: | 17c3d1931456cc8d4561407bcdd88637c43b39bb24544cf432b59648dc8d7e44d436e317e865f70b21f1cb7b8c8e6a00d5402a5afd2d7f87e3ca6c49c1d296cf |
| SSDEEP: | 6144:mML+VLuD3aAeEqFRBMR6mU8Mzv4VeYPh:mMiVLYaAaZMR6T44Y |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L...~..^........... |
File Icon |
|---|
 | |
| Icon Hash: | dab1e4d0e4b9c7b8 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x40179a |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x5E10F77E [Sat Jan 4 20:37:18 2020 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 20a3b8299db6e8582c3eb04a6c72e959 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| call 00007F257CB177FEh |
| jmp 00007F257CB1495Eh |
| mov edi, edi |
| push ebp |
| mov ebp, esp |
| sub esp, 00000328h |
| mov dword ptr [0043ED48h], eax |
| mov dword ptr [0043ED44h], ecx |
| mov dword ptr [0043ED40h], edx |
| mov dword ptr [0043ED3Ch], ebx |
| mov dword ptr [0043ED38h], esi |
| mov dword ptr [0043ED34h], edi |
| mov word ptr [0043ED60h], ss |
| mov word ptr [0043ED54h], cs |
| mov word ptr [0043ED30h], ds |
| mov word ptr [0043ED2Ch], es |
| mov word ptr [0043ED28h], fs |
| mov word ptr [0043ED24h], gs |
| pushfd |
| pop dword ptr [0043ED58h] |
| mov eax, dword ptr [ebp+00h] |
| mov dword ptr [0043ED4Ch], eax |
| mov eax, dword ptr [ebp+04h] |
| mov dword ptr [0043ED50h], eax |
| lea eax, dword ptr [ebp+08h] |
| mov dword ptr [0043ED5Ch], eax |
| mov eax, dword ptr [ebp-00000320h] |
| mov dword ptr [0043EC98h], 00010001h |
| mov eax, dword ptr [0043ED50h] |
| mov dword ptr [0043EC4Ch], eax |
| mov dword ptr [0043EC40h], C0000409h |
| mov dword ptr [0043EC44h], 00000001h |
| mov eax, dword ptr [0043A008h] |
| mov dword ptr [ebp-00000328h], eax |
| mov eax, dword ptr [0043A00Ch] |
| mov dword ptr [ebp-00000324h], eax |
| call dword ptr [000000A8h] |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x5b37c | 0x50 | .new |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5c000 | 0x1a4b | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x5e000 | 0xf54 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x5aec8 | 0x18 | .new |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x5ae80 | 0x40 | .new |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x59000 | 0x194 | .new |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x38f4a | 0x39000 | False | 0.817417077851 | data | 7.72713604414 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .data | 0x3a000 | 0x1d57c | 0x4c00 | False | 0.0931846217105 | data | 1.06359330765 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .tls | 0x58000 | 0x9 | 0x200 | False | 0.02734375 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .new | 0x59000 | 0x2cba | 0x2e00 | False | 0.380180027174 | data | 5.50122652142 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x5c000 | 0x1a4b | 0x1c00 | False | 0.651227678571 | data | 5.86992914626 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x5e000 | 0x11ee | 0x1200 | False | 0.718315972222 | data | 6.11975303823 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x5c178 | 0x10a8 | data | English | United States |
| RT_STRING | 0x5d220 | 0x44c | data | Uzbek | Cyrillic |
| RT_GROUP_ICON | 0x5d66c | 0x14 | data | English | United States |
| RT_VERSION | 0x5d680 | 0x1b8 | COM executable for DOS | ||
| RT_MANIFEST | 0x5d838 | 0x213 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators |
Imports |
|---|
| DLL | Import |
|---|---|
| KERNEL32.dll | FreeLibrary, SystemTimeToTzSpecificLocalTime, GetConsoleAliasA, GetModuleHandleExW, GetTickCount, SetFileTime, TerminateThread, GetLocaleInfoW, SetSystemTimeAdjustment, GetFileAttributesA, SetTimeZoneInformation, GetAtomNameW, ReadFile, lstrcatA, RaiseException, FindResourceW, SetLastError, GetProcAddress, OpenWaitableTimerA, LocalAlloc, SetConsoleOutputCP, GlobalFindAtomW, SetConsoleCursorInfo, GetModuleHandleA, LoadLibraryExA, FindAtomW, FileTimeToLocalFileTime, GetCurrentProcessId, CompareStringW, CompareStringA, LCMapStringA, MapViewOfFile, GetModuleHandleW, Sleep, ExitProcess, GetStartupInfoW, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, HeapAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, GetCurrentThreadId, GetLastError, InterlockedDecrement, GetCurrentThread, WriteFile, GetStdHandle, GetModuleFileNameA, DeleteCriticalSection, LeaveCriticalSection, FatalAppExitA, EnterCriticalSection, SetConsoleCtrlHandler, InterlockedExchange, LoadLibraryA, InitializeCriticalSectionAndSpinCount, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, SetHandleCount, GetFileType, GetStartupInfoA, HeapCreate, HeapDestroy, VirtualFree, HeapFree, QueryPerformanceCounter, GetSystemTimeAsFileTime, VirtualAlloc, HeapReAlloc, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, RtlUnwind, GetLocaleInfoA, WideCharToMultiByte, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetTimeFormatA, GetDateFormatA, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, GetTimeZoneInformation, SetEnvironmentVariableA |
| USER32.dll | GetDesktopWindow |
| ADVAPI32.dll | RegCreateKeyW |
Version Infos |
|---|
| Description | Data |
|---|---|
| LegalCopyright | Wsekde |
| InternalNames | galimatimot |
| FileVersion | 7.0.2.54 |
| ProductVersion | 7.0.21.21 |
| Translations | 0x0138 0x23db |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
| Uzbek | Cyrillic |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Apr 29, 2021 09:36:15.601258993 CEST | 61805 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:15.623291016 CEST | 54795 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:15.663424969 CEST | 53 | 61805 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:15.672071934 CEST | 53 | 54795 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:16.711689949 CEST | 49557 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:16.761795044 CEST | 53 | 49557 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:17.898091078 CEST | 61733 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:17.949779987 CEST | 53 | 61733 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:18.219690084 CEST | 65447 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:18.286431074 CEST | 53 | 65447 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:19.195116997 CEST | 52441 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:19.259819031 CEST | 53 | 52441 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:20.520008087 CEST | 62176 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:20.571738958 CEST | 53 | 62176 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:21.707788944 CEST | 59596 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:21.756819010 CEST | 53 | 59596 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:23.275639057 CEST | 65296 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:23.327249050 CEST | 53 | 65296 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:25.139672041 CEST | 63183 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:25.188421011 CEST | 53 | 63183 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:33.088907003 CEST | 60151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:33.137464046 CEST | 53 | 60151 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:40.628509998 CEST | 56969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:40.696099997 CEST | 53 | 56969 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:41.919467926 CEST | 55161 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:41.977837086 CEST | 53 | 55161 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:42.996382952 CEST | 54757 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:43.056457043 CEST | 53 | 54757 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:43.901494026 CEST | 49992 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:43.960371971 CEST | 53 | 49992 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:44.072454929 CEST | 60075 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:44.137850046 CEST | 53 | 60075 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:45.152812958 CEST | 55016 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:45.218120098 CEST | 53 | 55016 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:46.231065989 CEST | 64345 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:46.282701015 CEST | 53 | 64345 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:47.291459084 CEST | 57128 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:47.353504896 CEST | 53 | 57128 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:48.371990919 CEST | 54791 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:48.429337025 CEST | 53 | 54791 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:49.450680017 CEST | 50463 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:49.511034966 CEST | 53 | 50463 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:50.423269987 CEST | 50394 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:50.472033024 CEST | 53 | 50394 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:50.528054953 CEST | 58530 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:50.577120066 CEST | 53 | 58530 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:51.105251074 CEST | 53813 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:51.153918028 CEST | 53 | 53813 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:51.591278076 CEST | 63732 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:51.648607969 CEST | 53 | 63732 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:52.669107914 CEST | 57344 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:52.728991032 CEST | 53 | 57344 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:53.748435974 CEST | 54450 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:53.808140039 CEST | 53 | 54450 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:54.823678017 CEST | 59261 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:54.883788109 CEST | 53 | 59261 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:55.950654984 CEST | 57151 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:56.008039951 CEST | 53 | 57151 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:57.031265020 CEST | 59413 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:57.079885960 CEST | 53 | 59413 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:58.091598034 CEST | 60516 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:58.142530918 CEST | 53 | 60516 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:36:59.155226946 CEST | 51649 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:36:59.203886032 CEST | 53 | 51649 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:00.216177940 CEST | 65086 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:00.281080008 CEST | 53 | 65086 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:01.298650980 CEST | 56432 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:01.347467899 CEST | 53 | 56432 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:02.373189926 CEST | 52929 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:02.425292969 CEST | 53 | 52929 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:03.453123093 CEST | 64317 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:03.514009953 CEST | 53 | 64317 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:04.198031902 CEST | 61004 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:04.257018089 CEST | 53 | 61004 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:04.526851892 CEST | 56895 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:04.577481985 CEST | 53 | 56895 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:05.589729071 CEST | 62372 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:05.638453007 CEST | 53 | 62372 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:06.655792952 CEST | 61515 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:06.704515934 CEST | 53 | 61515 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:07.718151093 CEST | 56675 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:07.766802073 CEST | 53 | 56675 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:08.792973995 CEST | 57172 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:08.841676950 CEST | 53 | 57172 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:09.858259916 CEST | 55267 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:09.920234919 CEST | 53 | 55267 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:10.839021921 CEST | 50969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:10.901300907 CEST | 53 | 50969 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:10.972268105 CEST | 64362 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:11.034277916 CEST | 53 | 64362 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:12.060050964 CEST | 54766 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:12.117002010 CEST | 53 | 54766 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:13.156163931 CEST | 61446 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:13.205365896 CEST | 53 | 61446 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:14.218056917 CEST | 57515 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:14.266755104 CEST | 53 | 57515 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:15.281007051 CEST | 58199 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:15.329826117 CEST | 53 | 58199 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:16.343281984 CEST | 65221 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:16.400477886 CEST | 53 | 65221 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:16.907025099 CEST | 61573 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:16.975141048 CEST | 53 | 61573 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:17.421150923 CEST | 56562 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:17.473615885 CEST | 53 | 56562 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:18.503036022 CEST | 53591 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:18.551865101 CEST | 53 | 53591 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:19.576890945 CEST | 59688 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:19.637216091 CEST | 53 | 59688 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:20.653213024 CEST | 56032 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:20.716054916 CEST | 53 | 56032 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:21.734050989 CEST | 61150 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:21.787277937 CEST | 53 | 61150 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:22.811992884 CEST | 63458 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:22.860687971 CEST | 53 | 63458 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:23.872435093 CEST | 50422 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:23.935782909 CEST | 53 | 50422 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:24.950942993 CEST | 53247 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:24.999854088 CEST | 53 | 53247 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:26.283773899 CEST | 58544 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:26.335926056 CEST | 53 | 58544 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:27.367322922 CEST | 53814 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:27.416110992 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:29.264879942 CEST | 51305 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:29.313549042 CEST | 53 | 51305 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:29.508533955 CEST | 53670 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:29.557468891 CEST | 53 | 53670 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:30.328706026 CEST | 55160 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:30.377540112 CEST | 53 | 55160 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:31.388675928 CEST | 61414 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:31.437453032 CEST | 53 | 61414 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:32.370733023 CEST | 63847 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:32.429219007 CEST | 53 | 63847 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:32.454027891 CEST | 61523 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:32.502860069 CEST | 53 | 61523 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:33.533271074 CEST | 50551 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:33.595529079 CEST | 53 | 50551 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:34.609956980 CEST | 62847 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:34.671885967 CEST | 53 | 62847 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:35.701538086 CEST | 57712 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:35.750441074 CEST | 53 | 57712 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:36.765933990 CEST | 61064 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:36.814707041 CEST | 53 | 61064 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:37.829710960 CEST | 61891 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:37.889035940 CEST | 53 | 61891 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:38.909440041 CEST | 61585 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:38.958317995 CEST | 53 | 61585 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:39.968091965 CEST | 65163 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:40.019736052 CEST | 53 | 65163 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:41.077944994 CEST | 58969 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:41.126734018 CEST | 53 | 58969 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:42.141897917 CEST | 53977 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:42.190783978 CEST | 53 | 53977 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:43.204859972 CEST | 57147 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:43.262434959 CEST | 53 | 57147 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:44.287538052 CEST | 52381 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:44.336582899 CEST | 53 | 52381 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:45.359333992 CEST | 49231 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:45.410193920 CEST | 53 | 49231 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:46.429312944 CEST | 53217 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:46.480979919 CEST | 53 | 53217 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:47.500066996 CEST | 52554 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:47.548886061 CEST | 53 | 52554 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:48.570590019 CEST | 49603 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:48.638433933 CEST | 53 | 49603 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:49.666399956 CEST | 64476 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:49.715212107 CEST | 53 | 64476 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:50.737039089 CEST | 49975 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:50.785711050 CEST | 53 | 49975 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:51.799034119 CEST | 57701 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:51.850562096 CEST | 53 | 57701 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:52.884354115 CEST | 60334 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:52.933252096 CEST | 53 | 60334 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:53.955312014 CEST | 64958 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:54.006902933 CEST | 53 | 64958 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:55.034225941 CEST | 58504 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:55.083106995 CEST | 53 | 58504 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:56.171680927 CEST | 64971 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:56.220948935 CEST | 53 | 64971 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:57.234450102 CEST | 58041 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:57.283407927 CEST | 53 | 58041 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:58.300098896 CEST | 57764 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:58.362298965 CEST | 53 | 57764 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:37:59.382193089 CEST | 57973 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:37:59.431893110 CEST | 53 | 57973 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:00.453543901 CEST | 63286 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:00.502186060 CEST | 53 | 63286 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:01.523121119 CEST | 52589 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:01.583367109 CEST | 53 | 52589 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:02.601742983 CEST | 54875 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:02.653369904 CEST | 53 | 54875 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:03.679702044 CEST | 49862 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:03.731318951 CEST | 53 | 49862 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:04.751127958 CEST | 50119 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:04.813162088 CEST | 53 | 50119 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:05.145750999 CEST | 60159 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:05.194540024 CEST | 53 | 60159 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:05.830193043 CEST | 49464 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:05.881654024 CEST | 53 | 49464 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:06.894558907 CEST | 64650 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:06.958498955 CEST | 53 | 64650 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:07.131725073 CEST | 52633 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:07.194919109 CEST | 53 | 52633 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:07.971875906 CEST | 56124 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:08.023605108 CEST | 53 | 56124 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:09.054613113 CEST | 55552 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:09.106296062 CEST | 53 | 55552 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:10.143424034 CEST | 60813 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:10.195126057 CEST | 53 | 60813 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:11.246550083 CEST | 50930 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:11.295403957 CEST | 53 | 50930 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:12.314327955 CEST | 51582 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:12.363383055 CEST | 53 | 51582 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:13.382867098 CEST | 56831 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:13.434422970 CEST | 53 | 56831 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:14.465912104 CEST | 56981 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:14.517735004 CEST | 53 | 56981 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:15.535269976 CEST | 63599 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:15.584081888 CEST | 53 | 63599 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:16.597927094 CEST | 61009 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:16.655867100 CEST | 53 | 61009 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:17.746831894 CEST | 57676 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:17.798640966 CEST | 53 | 57676 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:19.348176003 CEST | 50687 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:19.399764061 CEST | 53 | 50687 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:20.427498102 CEST | 53246 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:20.476300955 CEST | 53 | 53246 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:21.488270044 CEST | 60242 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:21.537230015 CEST | 53 | 60242 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:22.556349993 CEST | 49674 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:22.605225086 CEST | 53 | 49674 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:23.634371042 CEST | 50811 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:23.683135033 CEST | 53 | 50811 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:24.706573009 CEST | 64331 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:24.755409956 CEST | 53 | 64331 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:25.802284002 CEST | 56789 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:25.851155996 CEST | 53 | 56789 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:26.880825996 CEST | 63680 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:26.932420015 CEST | 53 | 63680 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:27.936113119 CEST | 59706 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:27.993590117 CEST | 53 | 59706 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:28.999044895 CEST | 55029 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:29.050687075 CEST | 53 | 55029 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:30.064757109 CEST | 51986 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:30.116643906 CEST | 53 | 51986 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:31.123653889 CEST | 64913 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:31.173271894 CEST | 53 | 64913 | 8.8.8.8 | 192.168.2.5 |
| Apr 29, 2021 09:38:32.186258078 CEST | 58438 | 53 | 192.168.2.5 | 8.8.8.8 |
| Apr 29, 2021 09:38:32.237885952 CEST | 53 | 58438 | 8.8.8.8 | 192.168.2.5 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Apr 29, 2021 09:36:40.628509998 CEST | 192.168.2.5 | 8.8.8.8 | 0x54d6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:41.919467926 CEST | 192.168.2.5 | 8.8.8.8 | 0x4cb1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:42.996382952 CEST | 192.168.2.5 | 8.8.8.8 | 0x11d4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:44.072454929 CEST | 192.168.2.5 | 8.8.8.8 | 0x9131 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:45.152812958 CEST | 192.168.2.5 | 8.8.8.8 | 0x5e12 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:46.231065989 CEST | 192.168.2.5 | 8.8.8.8 | 0xbda7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:47.291459084 CEST | 192.168.2.5 | 8.8.8.8 | 0x10d1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:48.371990919 CEST | 192.168.2.5 | 8.8.8.8 | 0xa2d4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:49.450680017 CEST | 192.168.2.5 | 8.8.8.8 | 0xd9d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:50.528054953 CEST | 192.168.2.5 | 8.8.8.8 | 0x3516 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:51.591278076 CEST | 192.168.2.5 | 8.8.8.8 | 0xa387 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:52.669107914 CEST | 192.168.2.5 | 8.8.8.8 | 0x866b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:53.748435974 CEST | 192.168.2.5 | 8.8.8.8 | 0xf68 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:54.823678017 CEST | 192.168.2.5 | 8.8.8.8 | 0x5129 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:55.950654984 CEST | 192.168.2.5 | 8.8.8.8 | 0x8c46 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:57.031265020 CEST | 192.168.2.5 | 8.8.8.8 | 0x3847 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:58.091598034 CEST | 192.168.2.5 | 8.8.8.8 | 0x8499 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:59.155226946 CEST | 192.168.2.5 | 8.8.8.8 | 0x9088 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:00.216177940 CEST | 192.168.2.5 | 8.8.8.8 | 0xdbd7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:01.298650980 CEST | 192.168.2.5 | 8.8.8.8 | 0x6cc3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:02.373189926 CEST | 192.168.2.5 | 8.8.8.8 | 0xd576 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:03.453123093 CEST | 192.168.2.5 | 8.8.8.8 | 0x52d2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:04.526851892 CEST | 192.168.2.5 | 8.8.8.8 | 0xf27a | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:05.589729071 CEST | 192.168.2.5 | 8.8.8.8 | 0x1d75 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:06.655792952 CEST | 192.168.2.5 | 8.8.8.8 | 0x1613 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:07.718151093 CEST | 192.168.2.5 | 8.8.8.8 | 0x4cbd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:08.792973995 CEST | 192.168.2.5 | 8.8.8.8 | 0x8eef | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:09.858259916 CEST | 192.168.2.5 | 8.8.8.8 | 0x5652 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:10.972268105 CEST | 192.168.2.5 | 8.8.8.8 | 0x9b4f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:12.060050964 CEST | 192.168.2.5 | 8.8.8.8 | 0xcbaa | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:13.156163931 CEST | 192.168.2.5 | 8.8.8.8 | 0x5bcd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:14.218056917 CEST | 192.168.2.5 | 8.8.8.8 | 0x750e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:15.281007051 CEST | 192.168.2.5 | 8.8.8.8 | 0x14ad | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:16.343281984 CEST | 192.168.2.5 | 8.8.8.8 | 0x44e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:17.421150923 CEST | 192.168.2.5 | 8.8.8.8 | 0xfc13 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:18.503036022 CEST | 192.168.2.5 | 8.8.8.8 | 0x2f6c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:19.576890945 CEST | 192.168.2.5 | 8.8.8.8 | 0x3329 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:20.653213024 CEST | 192.168.2.5 | 8.8.8.8 | 0x9bef | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:21.734050989 CEST | 192.168.2.5 | 8.8.8.8 | 0x8361 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:22.811992884 CEST | 192.168.2.5 | 8.8.8.8 | 0x48ab | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:23.872435093 CEST | 192.168.2.5 | 8.8.8.8 | 0xb047 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:24.950942993 CEST | 192.168.2.5 | 8.8.8.8 | 0x8c5b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:26.283773899 CEST | 192.168.2.5 | 8.8.8.8 | 0x392 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:27.367322922 CEST | 192.168.2.5 | 8.8.8.8 | 0x730e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:29.264879942 CEST | 192.168.2.5 | 8.8.8.8 | 0xa4c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:30.328706026 CEST | 192.168.2.5 | 8.8.8.8 | 0xdd90 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:31.388675928 CEST | 192.168.2.5 | 8.8.8.8 | 0x2066 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:32.454027891 CEST | 192.168.2.5 | 8.8.8.8 | 0x2bed | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:33.533271074 CEST | 192.168.2.5 | 8.8.8.8 | 0x70d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:34.609956980 CEST | 192.168.2.5 | 8.8.8.8 | 0x15e6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:35.701538086 CEST | 192.168.2.5 | 8.8.8.8 | 0x27b2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:36.765933990 CEST | 192.168.2.5 | 8.8.8.8 | 0x9890 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:37.829710960 CEST | 192.168.2.5 | 8.8.8.8 | 0xe2a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:38.909440041 CEST | 192.168.2.5 | 8.8.8.8 | 0x275f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:39.968091965 CEST | 192.168.2.5 | 8.8.8.8 | 0x341e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:41.077944994 CEST | 192.168.2.5 | 8.8.8.8 | 0x2545 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:42.141897917 CEST | 192.168.2.5 | 8.8.8.8 | 0xd2f9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:43.204859972 CEST | 192.168.2.5 | 8.8.8.8 | 0x4c82 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:44.287538052 CEST | 192.168.2.5 | 8.8.8.8 | 0x8f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:45.359333992 CEST | 192.168.2.5 | 8.8.8.8 | 0xdd94 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:46.429312944 CEST | 192.168.2.5 | 8.8.8.8 | 0x7d27 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:47.500066996 CEST | 192.168.2.5 | 8.8.8.8 | 0xeb95 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:48.570590019 CEST | 192.168.2.5 | 8.8.8.8 | 0xb0e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:49.666399956 CEST | 192.168.2.5 | 8.8.8.8 | 0xa1f6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:50.737039089 CEST | 192.168.2.5 | 8.8.8.8 | 0x8443 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:51.799034119 CEST | 192.168.2.5 | 8.8.8.8 | 0x3650 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:52.884354115 CEST | 192.168.2.5 | 8.8.8.8 | 0x146d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:53.955312014 CEST | 192.168.2.5 | 8.8.8.8 | 0x3fd7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:55.034225941 CEST | 192.168.2.5 | 8.8.8.8 | 0xf49 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:56.171680927 CEST | 192.168.2.5 | 8.8.8.8 | 0x1a8c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:57.234450102 CEST | 192.168.2.5 | 8.8.8.8 | 0x9477 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:58.300098896 CEST | 192.168.2.5 | 8.8.8.8 | 0x57ca | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:59.382193089 CEST | 192.168.2.5 | 8.8.8.8 | 0x9a08 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:00.453543901 CEST | 192.168.2.5 | 8.8.8.8 | 0x6dac | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:01.523121119 CEST | 192.168.2.5 | 8.8.8.8 | 0xdb4b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:02.601742983 CEST | 192.168.2.5 | 8.8.8.8 | 0xacd | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:03.679702044 CEST | 192.168.2.5 | 8.8.8.8 | 0x67a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:04.751127958 CEST | 192.168.2.5 | 8.8.8.8 | 0xdebb | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:05.830193043 CEST | 192.168.2.5 | 8.8.8.8 | 0x7fb4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:06.894558907 CEST | 192.168.2.5 | 8.8.8.8 | 0xd0fb | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:07.971875906 CEST | 192.168.2.5 | 8.8.8.8 | 0xd771 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:09.054613113 CEST | 192.168.2.5 | 8.8.8.8 | 0x5591 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:10.143424034 CEST | 192.168.2.5 | 8.8.8.8 | 0xbc39 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:11.246550083 CEST | 192.168.2.5 | 8.8.8.8 | 0x1f13 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:12.314327955 CEST | 192.168.2.5 | 8.8.8.8 | 0xd52c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:13.382867098 CEST | 192.168.2.5 | 8.8.8.8 | 0xc8ee | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:14.465912104 CEST | 192.168.2.5 | 8.8.8.8 | 0xa2f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:15.535269976 CEST | 192.168.2.5 | 8.8.8.8 | 0x21de | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:16.597927094 CEST | 192.168.2.5 | 8.8.8.8 | 0xf805 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:17.746831894 CEST | 192.168.2.5 | 8.8.8.8 | 0xdcc7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:19.348176003 CEST | 192.168.2.5 | 8.8.8.8 | 0x6dd8 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:20.427498102 CEST | 192.168.2.5 | 8.8.8.8 | 0x746e | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:21.488270044 CEST | 192.168.2.5 | 8.8.8.8 | 0x4a5c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:22.556349993 CEST | 192.168.2.5 | 8.8.8.8 | 0xcc8c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:23.634371042 CEST | 192.168.2.5 | 8.8.8.8 | 0xd136 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:24.706573009 CEST | 192.168.2.5 | 8.8.8.8 | 0xafee | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:25.802284002 CEST | 192.168.2.5 | 8.8.8.8 | 0x3c0b | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:26.880825996 CEST | 192.168.2.5 | 8.8.8.8 | 0xfde3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:27.936113119 CEST | 192.168.2.5 | 8.8.8.8 | 0x3249 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:28.999044895 CEST | 192.168.2.5 | 8.8.8.8 | 0x6c35 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:30.064757109 CEST | 192.168.2.5 | 8.8.8.8 | 0x4a25 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:31.123653889 CEST | 192.168.2.5 | 8.8.8.8 | 0x2a87 | Standard query (0) | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:32.186258078 CEST | 192.168.2.5 | 8.8.8.8 | 0x47a0 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Apr 29, 2021 09:36:40.696099997 CEST | 8.8.8.8 | 192.168.2.5 | 0x54d6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:41.977837086 CEST | 8.8.8.8 | 192.168.2.5 | 0x4cb1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:43.056457043 CEST | 8.8.8.8 | 192.168.2.5 | 0x11d4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:44.137850046 CEST | 8.8.8.8 | 192.168.2.5 | 0x9131 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:45.218120098 CEST | 8.8.8.8 | 192.168.2.5 | 0x5e12 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:46.282701015 CEST | 8.8.8.8 | 192.168.2.5 | 0xbda7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:47.353504896 CEST | 8.8.8.8 | 192.168.2.5 | 0x10d1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:48.429337025 CEST | 8.8.8.8 | 192.168.2.5 | 0xa2d4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:49.511034966 CEST | 8.8.8.8 | 192.168.2.5 | 0xd9d3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:50.577120066 CEST | 8.8.8.8 | 192.168.2.5 | 0x3516 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:51.648607969 CEST | 8.8.8.8 | 192.168.2.5 | 0xa387 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:52.728991032 CEST | 8.8.8.8 | 192.168.2.5 | 0x866b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:53.808140039 CEST | 8.8.8.8 | 192.168.2.5 | 0xf68 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:54.883788109 CEST | 8.8.8.8 | 192.168.2.5 | 0x5129 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:56.008039951 CEST | 8.8.8.8 | 192.168.2.5 | 0x8c46 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:57.079885960 CEST | 8.8.8.8 | 192.168.2.5 | 0x3847 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:58.142530918 CEST | 8.8.8.8 | 192.168.2.5 | 0x8499 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:36:59.203886032 CEST | 8.8.8.8 | 192.168.2.5 | 0x9088 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:00.281080008 CEST | 8.8.8.8 | 192.168.2.5 | 0xdbd7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:01.347467899 CEST | 8.8.8.8 | 192.168.2.5 | 0x6cc3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:02.425292969 CEST | 8.8.8.8 | 192.168.2.5 | 0xd576 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:03.514009953 CEST | 8.8.8.8 | 192.168.2.5 | 0x52d2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:04.577481985 CEST | 8.8.8.8 | 192.168.2.5 | 0xf27a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:05.638453007 CEST | 8.8.8.8 | 192.168.2.5 | 0x1d75 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:06.704515934 CEST | 8.8.8.8 | 192.168.2.5 | 0x1613 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:07.766802073 CEST | 8.8.8.8 | 192.168.2.5 | 0x4cbd | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:08.841676950 CEST | 8.8.8.8 | 192.168.2.5 | 0x8eef | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:09.920234919 CEST | 8.8.8.8 | 192.168.2.5 | 0x5652 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:11.034277916 CEST | 8.8.8.8 | 192.168.2.5 | 0x9b4f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:12.117002010 CEST | 8.8.8.8 | 192.168.2.5 | 0xcbaa | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:13.205365896 CEST | 8.8.8.8 | 192.168.2.5 | 0x5bcd | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:14.266755104 CEST | 8.8.8.8 | 192.168.2.5 | 0x750e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:15.329826117 CEST | 8.8.8.8 | 192.168.2.5 | 0x14ad | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:16.400477886 CEST | 8.8.8.8 | 192.168.2.5 | 0x44e1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:17.473615885 CEST | 8.8.8.8 | 192.168.2.5 | 0xfc13 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:18.551865101 CEST | 8.8.8.8 | 192.168.2.5 | 0x2f6c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:19.637216091 CEST | 8.8.8.8 | 192.168.2.5 | 0x3329 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:20.716054916 CEST | 8.8.8.8 | 192.168.2.5 | 0x9bef | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:21.787277937 CEST | 8.8.8.8 | 192.168.2.5 | 0x8361 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:22.860687971 CEST | 8.8.8.8 | 192.168.2.5 | 0x48ab | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:23.935782909 CEST | 8.8.8.8 | 192.168.2.5 | 0xb047 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:24.999854088 CEST | 8.8.8.8 | 192.168.2.5 | 0x8c5b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:26.335926056 CEST | 8.8.8.8 | 192.168.2.5 | 0x392 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:27.416110992 CEST | 8.8.8.8 | 192.168.2.5 | 0x730e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:29.313549042 CEST | 8.8.8.8 | 192.168.2.5 | 0xa4c5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:30.377540112 CEST | 8.8.8.8 | 192.168.2.5 | 0xdd90 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:31.437453032 CEST | 8.8.8.8 | 192.168.2.5 | 0x2066 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:32.502860069 CEST | 8.8.8.8 | 192.168.2.5 | 0x2bed | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:33.595529079 CEST | 8.8.8.8 | 192.168.2.5 | 0x70d5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:34.671885967 CEST | 8.8.8.8 | 192.168.2.5 | 0x15e6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:35.750441074 CEST | 8.8.8.8 | 192.168.2.5 | 0x27b2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:36.814707041 CEST | 8.8.8.8 | 192.168.2.5 | 0x9890 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:37.889035940 CEST | 8.8.8.8 | 192.168.2.5 | 0xe2a7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:38.958317995 CEST | 8.8.8.8 | 192.168.2.5 | 0x275f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:40.019736052 CEST | 8.8.8.8 | 192.168.2.5 | 0x341e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:41.126734018 CEST | 8.8.8.8 | 192.168.2.5 | 0x2545 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:42.190783978 CEST | 8.8.8.8 | 192.168.2.5 | 0xd2f9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:43.262434959 CEST | 8.8.8.8 | 192.168.2.5 | 0x4c82 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:44.336582899 CEST | 8.8.8.8 | 192.168.2.5 | 0x8f7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:45.410193920 CEST | 8.8.8.8 | 192.168.2.5 | 0xdd94 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:46.480979919 CEST | 8.8.8.8 | 192.168.2.5 | 0x7d27 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:47.548886061 CEST | 8.8.8.8 | 192.168.2.5 | 0xeb95 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:48.638433933 CEST | 8.8.8.8 | 192.168.2.5 | 0xb0e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:49.715212107 CEST | 8.8.8.8 | 192.168.2.5 | 0xa1f6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:50.785711050 CEST | 8.8.8.8 | 192.168.2.5 | 0x8443 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:51.850562096 CEST | 8.8.8.8 | 192.168.2.5 | 0x3650 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:52.933252096 CEST | 8.8.8.8 | 192.168.2.5 | 0x146d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:54.006902933 CEST | 8.8.8.8 | 192.168.2.5 | 0x3fd7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:55.083106995 CEST | 8.8.8.8 | 192.168.2.5 | 0xf49 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:56.220948935 CEST | 8.8.8.8 | 192.168.2.5 | 0x1a8c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:57.283407927 CEST | 8.8.8.8 | 192.168.2.5 | 0x9477 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:58.362298965 CEST | 8.8.8.8 | 192.168.2.5 | 0x57ca | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:37:59.431893110 CEST | 8.8.8.8 | 192.168.2.5 | 0x9a08 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:00.502186060 CEST | 8.8.8.8 | 192.168.2.5 | 0x6dac | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:01.583367109 CEST | 8.8.8.8 | 192.168.2.5 | 0xdb4b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:02.653369904 CEST | 8.8.8.8 | 192.168.2.5 | 0xacd | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:03.731318951 CEST | 8.8.8.8 | 192.168.2.5 | 0x67a3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:04.813162088 CEST | 8.8.8.8 | 192.168.2.5 | 0xdebb | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:05.881654024 CEST | 8.8.8.8 | 192.168.2.5 | 0x7fb4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:06.958498955 CEST | 8.8.8.8 | 192.168.2.5 | 0xd0fb | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:08.023605108 CEST | 8.8.8.8 | 192.168.2.5 | 0xd771 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:09.106296062 CEST | 8.8.8.8 | 192.168.2.5 | 0x5591 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:10.195126057 CEST | 8.8.8.8 | 192.168.2.5 | 0xbc39 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:11.295403957 CEST | 8.8.8.8 | 192.168.2.5 | 0x1f13 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:12.363383055 CEST | 8.8.8.8 | 192.168.2.5 | 0xd52c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:13.434422970 CEST | 8.8.8.8 | 192.168.2.5 | 0xc8ee | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:14.517735004 CEST | 8.8.8.8 | 192.168.2.5 | 0xa2f7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:15.584081888 CEST | 8.8.8.8 | 192.168.2.5 | 0x21de | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:16.655867100 CEST | 8.8.8.8 | 192.168.2.5 | 0xf805 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:17.798640966 CEST | 8.8.8.8 | 192.168.2.5 | 0xdcc7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:19.399764061 CEST | 8.8.8.8 | 192.168.2.5 | 0x6dd8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:20.476300955 CEST | 8.8.8.8 | 192.168.2.5 | 0x746e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:21.537230015 CEST | 8.8.8.8 | 192.168.2.5 | 0x4a5c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:22.605225086 CEST | 8.8.8.8 | 192.168.2.5 | 0xcc8c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:23.683135033 CEST | 8.8.8.8 | 192.168.2.5 | 0xd136 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:24.755409956 CEST | 8.8.8.8 | 192.168.2.5 | 0xafee | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:25.851155996 CEST | 8.8.8.8 | 192.168.2.5 | 0x3c0b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:26.932420015 CEST | 8.8.8.8 | 192.168.2.5 | 0xfde3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:27.993590117 CEST | 8.8.8.8 | 192.168.2.5 | 0x3249 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:29.050687075 CEST | 8.8.8.8 | 192.168.2.5 | 0x6c35 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:30.116643906 CEST | 8.8.8.8 | 192.168.2.5 | 0x4a25 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:31.173271894 CEST | 8.8.8.8 | 192.168.2.5 | 0x2a87 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
| Apr 29, 2021 09:38:32.237885952 CEST | 8.8.8.8 | 192.168.2.5 | 0x47a0 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
|---|
Statistics |
|---|
CPU Usage |
|---|
Click to jump to process
Memory Usage |
|---|
Click to jump to process
High Level Behavior Distribution |
|---|
back
Click to dive into process behavior distribution
System Behavior |
|---|
General |
|---|
| Start time: | 09:36:21 |
| Start date: | 29/04/2021 |
| Path: | C:\Users\user\Desktop\kMroyG6lXZ.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 278016 bytes |
| MD5 hash: | 9CE4C8A45C002BB230764B42B9211086 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | low |
Disassembly |
|---|
Code Analysis |
|---|
Executed Functions |
|---|
Function 004019F0, Relevance: 146.0, APIs: 34, Strings: 49, Instructions: 747comprocessCOMMON
Download Yara Rule
| C-Code - Quality: 77% |
|
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ADB28, Relevance: 2.0, Strings: 1, Instructions: 753COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
Download Yara Rule
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004018F0, Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Download Yara Rule
| C-Code - Quality: 84% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AF66, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
Download Yara Rule
| C-Code - Quality: 63% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A60, Relevance: 6.0, APIs: 4, Instructions: 22librarymemorystringCOMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02080DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AC560, Relevance: 2.8, Strings: 2, Instructions: 347COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6B40, Relevance: 2.0, Instructions: 1973COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6B31, Relevance: 2.0, Instructions: 1971COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A0490, Relevance: 1.5, Strings: 1, Instructions: 299COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A03A8, Relevance: 1.5, Strings: 1, Instructions: 287COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02080E28, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040D534, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AF152, Relevance: 1.5, Strings: 1, Instructions: 267COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A0481, Relevance: 1.5, Strings: 1, Instructions: 247COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABAA0, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AC551, Relevance: 1.4, Strings: 1, Instructions: 184COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433A30, Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AD6A7, Relevance: .4, Instructions: 404COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A0878, Relevance: .4, Instructions: 361COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AE151, Relevance: .3, Instructions: 297COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6010, Relevance: .3, Instructions: 267COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AFBA2, Relevance: .2, Instructions: 210COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A21F0, Relevance: .2, Instructions: 165COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AB888, Relevance: .2, Instructions: 153COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AC921, Relevance: .1, Instructions: 140COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A4E30, Relevance: .1, Instructions: 136COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A3CE8, Relevance: .1, Instructions: 132COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABD80, Relevance: .1, Instructions: 126COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABA8F, Relevance: .1, Instructions: 108COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6380, Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9318, Relevance: .1, Instructions: 93COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A64F0, Relevance: .1, Instructions: 88COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9328, Relevance: .1, Instructions: 85COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A2FE7, Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A3D68, Relevance: .1, Instructions: 83COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6A10, Relevance: .1, Instructions: 80COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A96BF, Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A242E, Relevance: .1, Instructions: 78COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020FD5D8, Relevance: .1, Instructions: 75COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A2FF8, Relevance: .1, Instructions: 72COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ACB80, Relevance: .1, Instructions: 65COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A8BA3, Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9FA0, Relevance: .1, Instructions: 60COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A06F8, Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A2458, Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A3F70, Relevance: .1, Instructions: 59COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AB360, Relevance: .1, Instructions: 57COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020FD5D3, Relevance: .1, Instructions: 56COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AB370, Relevance: .1, Instructions: 51COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A1D58, Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020FD01D, Relevance: .0, Instructions: 45COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020FD007, Relevance: .0, Instructions: 44COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9F8F, Relevance: .0, Instructions: 43COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AAAEE, Relevance: .0, Instructions: 39COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AAAF0, Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A6108, Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A4F68, Relevance: .0, Instructions: 36COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AA060, Relevance: .0, Instructions: 34COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A64D9, Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9E60, Relevance: .0, Instructions: 33COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9E00, Relevance: .0, Instructions: 32COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABA5D, Relevance: .0, Instructions: 31COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9E10, Relevance: .0, Instructions: 26COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABEA8, Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A2DC8, Relevance: .0, Instructions: 25COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A9DB8, Relevance: .0, Instructions: 21COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ABEB8, Relevance: .0, Instructions: 19COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A8D83, Relevance: .0, Instructions: 18COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A0800, Relevance: .0, Instructions: 17COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A8D90, Relevance: .0, Instructions: 16COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A2BE8, Relevance: .0, Instructions: 15COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A8D63, Relevance: .0, Instructions: 7COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
|---|
Function 0040CE09, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208D059, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02088EB0, Relevance: 4.1, Strings: 3, Instructions: 377COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208092B, Relevance: 3.8, Strings: 3, Instructions: 90COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 100% |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040ADB0, Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022AF4D0, Relevance: 1.6, Strings: 1, Instructions: 376COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022ACDF0, Relevance: 1.6, Strings: 1, Instructions: 375COMMON
Download Yara Rule
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004123F1, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02092641, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00407C3F, Relevance: .8, Instructions: 783COMMONCrypto
Download Yara Rule
| C-Code - Quality: 87% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02087E8F, Relevance: .8, Instructions: 783COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004073A0, Relevance: .6, Instructions: 633COMMONCrypto
Download Yara Rule
| C-Code - Quality: 87% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020877C2, Relevance: .4, Instructions: 419COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00406CA0, Relevance: .4, Instructions: 401COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02086EF0, Relevance: .4, Instructions: 401COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02087856, Relevance: .3, Instructions: 310COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402B90, Relevance: .2, Instructions: 212COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02082DE0, Relevance: .2, Instructions: 212COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004028B0, Relevance: .2, Instructions: 184COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02082B00, Relevance: .2, Instructions: 184COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00401650, Relevance: .1, Instructions: 111COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020818A0, Relevance: .1, Instructions: 111COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F20, Relevance: .1, Instructions: 103COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02083170, Relevance: .1, Instructions: 103COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00402F89, Relevance: .1, Instructions: 77COMMONCrypto
Download Yara Rule
| C-Code - Quality: 100% |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020831D9, Relevance: .1, Instructions: 77COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02080D90, Relevance: .0, Instructions: 38COMMON
Download Yara Rule
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00417081, Relevance: 31.8, APIs: 21, Instructions: 340COMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020972D1, Relevance: 22.8, APIs: 15, Instructions: 340COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00433C50, Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 158timeCOMMON
Download Yara Rule
| APIs |
|
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
|
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 83% |
|
| APIs |
|
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BCC2, Relevance: 10.7, APIs: 7, Instructions: 189COMMON
Download Yara Rule
| C-Code - Quality: 85% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208BF12, Relevance: 10.7, APIs: 7, Instructions: 189COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A4179, Relevance: 8.9, Strings: 7, Instructions: 115COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 022A45B1, Relevance: 8.9, Strings: 7, Instructions: 112COMMON
Download Yara Rule
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| C-Code - Quality: 90% |
|
| APIs |
| Strings |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C73D, Relevance: 7.6, APIs: 5, Instructions: 64COMMON
Download Yara Rule
| C-Code - Quality: 77% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413FCC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
Download Yara Rule
| C-Code - Quality: 89% |
|
| APIs |
|
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0209421C, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
| APIs |
| Strings |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00413610, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
Download Yara Rule
| C-Code - Quality: 65% |
|
| APIs |
| Strings |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02081B40, Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
Download Yara Rule
| APIs |
|
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040C748, Relevance: 6.1, APIs: 4, Instructions: 148COMMON
Download Yara Rule
| C-Code - Quality: 86% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208C998, Relevance: 6.1, APIs: 4, Instructions: 148COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00405D00, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| C-Code - Quality: 97% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0040BAAA, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| C-Code - Quality: 91% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 02085F50, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0208BCFA, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0041529F, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 020954EF, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 004134DB, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| C-Code - Quality: 100% |
|
| APIs |
| Memory Dump Source |
|
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 00434BB9, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |
Function 0209372B, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
Download Yara Rule
| APIs |
| Memory Dump Source |
|
| Similarity |
|
| Uniqueness |
Uniqueness Score: -1.00% |