Play interactive tour

Edit tour

Analysis Report unpacked.bin

Overview

General Information

Sample Name:	unpacked.bin (renamed file extension from bin to exe)
Analysis ID:	431544
MD5:	1917f888cacd48b9a8d4832449e8d34f
SHA1:	d732e6a78ea44b77943c1e74e19c9ea92d0b7a28
SHA256:	3deeb55fefe05f51c41b1724780e5de1e33a432e01f455e3ab5d2af5ca655464
Tags:	exelokibot
Infos:
Most interesting Screenshot:

Detection

Lokibot

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Yara detected Lokibot

C2 URLs / IPs found in malware configuration

Machine Learning detection for sample

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Mail credentials (via file access)

Tries to steal Mail credentials (via file registry)

Yara detected aPLib compressed binary

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Enables debug privileges

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Sample execution stops while process was sleeping (likely an evasion)

Tries to resolve domain names, but no domain seems valid (expired dropper behavior)

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

unpacked.exe (PID: 6916 cmdline: 'C:\Users\user\Desktop\unpacked.exe' MD5: 1917F888CACD48B9A8D4832449E8D34F)

cleanup

Malware Configuration

Threatname: Lokibot

{"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
unpacked.exe	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
unpacked.exe	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
unpacked.exe	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
unpacked.exe	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
unpacked.exe	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
unpacked.exe	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 1 entries

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Process Memory Space: unpacked.exe PID: 6916	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: unpacked.exe PID: 6916	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
Process Memory Space: unpacked.exe PID: 6916	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
Click to see the 4 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.unpacked.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.2.unpacked.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.2.unpacked.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.2.unpacked.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.2.unpacked.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
0.0.unpacked.exe.400000.0.unpack	SUSP_XORed_URL_in_EXE	Detects an XORed URL in an executable	Florian Roth	0x13e78:$s1: http:// 0x17633:$s1: http:// 0x13e80:$s2: https:// 0x18074:$s2: \x97\x8B\x8B\x8F\x8C\xC5\xD0\xD0 0x13e78:$f1: http:// 0x17633:$f1: http:// 0x13e80:$f2: https://
0.0.unpacked.exe.400000.0.unpack	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
0.0.unpacked.exe.400000.0.unpack	JoeSecurity_aPLib_compressed_binary	Yara detected aPLib compressed binary	Joe Security
0.0.unpacked.exe.400000.0.unpack	JoeSecurity_Lokibot	Yara detected Lokibot	Joe Security
0.0.unpacked.exe.400000.0.unpack	Loki_1	Loki Payload	kevoreilly	0x13db4:$a1: DlRycq1tP2vSeaogj5bEUFzQiHT9dmKCn6uf7xsOY0hpwr43VINX8JGBAkLMZW 0x13ffc:$a2: last_compatible_version
0.0.unpacked.exe.400000.0.unpack	Lokibot	detect Lokibot in memory	JPCERT/CC Incident Response Group	0x12fff:$des3: 68 03 66 00 00 0x173f0:$param: MAC=%02X%02X%02XINSTALL=%08X%08X 0x174bc:$string: 2D 00 75 00 00 00 46 75 63 6B 61 76 2E 72 75 00 00
Click to see the 6 entries

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: unpacked.exe

Avira: detected

Found malware configuration

Show sources

Source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp

Malware Configuration Extractor: Lokibot {"C2 list": ["http://kbfvzoboss.bid/alien/fre.php", "http://alphastand.trade/alien/fre.php", "http://alphastand.win/alien/fre.php", "http://alphastand.top/alien/fre.php"]}

Multi AV Scanner detection for domain / URL

Show sources

Source: firenzelavori.lt	Virustotal: Detection: 10%			Perma Link
Source: https://firenzelavori.lt/loki/Panel/five/fre.php	Virustotal: Detection: 9%			Perma Link

Machine Learning detection for sample

Show sources

Source: unpacked.exe

Joe Sandbox ML: detected

Source: unpacked.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: http://kbfvzoboss.bid/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.trade/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.win/alien/fre.php
Source: Malware configuration extractor	URLs: http://alphastand.top/alien/fre.php

Source: unknown

DNS traffic detected: query: firenzelavori.lt replaycode: Server failure (2)

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_00404ED4 recv,

Source: unknown

DNS traffic detected: queries for: firenzelavori.lt

Source: unpacked.exe	String found in binary or memory: http://www.ibsensoftware.com/
Source: unpacked.exe, 00000000.00000002.907795683.00000000004A0000.00000004.00020000.sdmp	String found in binary or memory: https://firenzelavori.lt/loki/Panel/five/fre.php

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: unpacked.exe, type: SAMPLE	Matched rule: Loki Payload Author: kevoreilly
Source: unpacked.exe, type: SAMPLE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group
Source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki Payload Author: kevoreilly
Source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group

Source: C:\Users\user\Desktop\unpacked.exe	Code function: 0_2_0040549C
Source: C:\Users\user\Desktop\unpacked.exe	Code function: 0_2_004029D4

Source: C:\Users\user\Desktop\unpacked.exe	Code function: String function: 0041219C appears 45 times
Source: C:\Users\user\Desktop\unpacked.exe	Code function: String function: 00405B6F appears 41 times

Source: unpacked.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: unpacked.exe, type: SAMPLE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: unpacked.exe, type: SAMPLE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: unpacked.exe, type: SAMPLE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research
Source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_XORed_URL_in_EXE date = 2020-03-09, author = Florian Roth, description = Detects an XORed URL in an executable, reference = https://twitter.com/stvemillertime/status/1237035794973560834, score = , modified = 2021-05-27
Source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload
Source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/2@157/0

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_0040650A LookupPrivilegeValueW,AdjustTokenPrivileges,

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_0040434D CoInitialize,CoCreateInstance,VariantInit,SysAllocString,VariantInit,VariantInit,SysAllocString,VariantInit,SysFreeString,SysFreeString,CoUninitialize,

Source: C:\Users\user\Desktop\unpacked.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Crypto

Jump to behavior

Source: C:\Users\user\Desktop\unpacked.exe

Mutant created: \Sessions\1\BaseNamedObjects\8F9C4E9C79A3B52B3F739430

Source: unpacked.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\unpacked.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: C:\Users\user\Desktop\unpacked.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\unpacked.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\unpacked.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\unpacked.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\unpacked.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook

Data Obfuscation:

Yara detected aPLib compressed binary

Show sources

Source: Yara match	File source: unpacked.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: unpacked.exe PID: 6916, type: MEMORY
Source: Yara match	File source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE

Source: unpacked.exe

Static PE information: section name: .x

Source: C:\Users\user\Desktop\unpacked.exe	Code function: 0_2_00402AC0 push eax; ret
Source: C:\Users\user\Desktop\unpacked.exe	Code function: 0_2_00402AC0 push eax; ret

Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX
Source: C:\Users\user\Desktop\unpacked.exe	Process information set: NOGPFAULTERRORBOX

Source: C:\Users\user\Desktop\unpacked.exe TID: 6920

Thread sleep time: -1500000s >= -30000s

Source: C:\Users\user\Desktop\unpacked.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\unpacked.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_00403D74 FindFirstFileW,FindNextFileW,FindFirstFileW,FindNextFileW,

Source: C:\Users\user\Desktop\unpacked.exe

Thread delayed: delay time: 60000

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_0040317B mov eax, dword ptr fs:[00000030h]

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_00402B7C GetProcessHeap,RtlAllocateHeap,

Source: C:\Users\user\Desktop\unpacked.exe

Process token adjusted: Debug

Source: unpacked.exe, 00000000.00000002.908028408.0000000000E20000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: unpacked.exe, 00000000.00000002.908028408.0000000000E20000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: unpacked.exe, 00000000.00000002.908028408.0000000000E20000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: unpacked.exe, 00000000.00000002.908028408.0000000000E20000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\unpacked.exe

Code function: 0_2_00406069 GetUserNameW,

Source: C:\Users\user\Desktop\unpacked.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Stealing of Sensitive Information:

Yara detected Lokibot

Show sources

Source: Yara match	File source: unpacked.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: unpacked.exe PID: 6916, type: MEMORY
Source: Yara match	File source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\unpacked.exe	Key opened: HKEY_CURRENT_USER\Software\9bis.com\KiTTY\Sessions
Source: C:\Users\user\Desktop\unpacked.exe	Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\unpacked.exe

File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data

Tries to harvest and steal ftp login credentials

Show sources

Source: C:\Users\user\Desktop\unpacked.exe	File opened: HKEY_CURRENT_USER\Software\Far2\Plugins\FTP\Hosts
Source: C:\Users\user\Desktop\unpacked.exe	File opened: HKEY_CURRENT_USER\Software\NCH Software\ClassicFTP\FTPAccounts
Source: C:\Users\user\Desktop\unpacked.exe	File opened: HKEY_CURRENT_USER\Software\FlashPeak\BlazeFtp\Settings
Source: C:\Users\user\Desktop\unpacked.exe	File opened: HKEY_CURRENT_USER\Software\Far\Plugins\FTP\Hosts

Tries to steal Mail credentials (via file access)

Show sources

Source: C:\Users\user\Desktop\unpacked.exe	Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
Source: C:\Users\user\Desktop\unpacked.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook

Tries to steal Mail credentials (via file registry)

Show sources

Source: C:\Users\user\Desktop\unpacked.exe	Code function: PopPassword
Source: C:\Users\user\Desktop\unpacked.exe	Code function: SmtpPassword

Source: Yara match	File source: unpacked.exe, type: SAMPLE
Source: Yara match	File source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: unpacked.exe PID: 6916, type: MEMORY
Source: Yara match	File source: 0.2.unpacked.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.0.unpacked.exe.400000.0.unpack, type: UNPACKEDPE

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Access Token Manipulation1	Masquerading1	OS Credential Dumping2	Security Software Discovery1	Remote Services	Email Collection1	Exfiltration Over Other Network Medium	Encrypted Channel1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Process Injection1	Virtualization/Sandbox Evasion11	Credentials in Registry2	Process Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Ingress Tool Transfer1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Access Token Manipulation1	Security Account Manager	Virtualization/Sandbox Evasion11	SMB/Windows Admin Shares	Data from Local System2	Automated Exfiltration	Non-Application Layer Protocol1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection1	NTDS	Account Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol11	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Deobfuscate/Decode Files or Information1	LSA Secrets	System Owner/User Discovery1	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information2	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery3	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
unpacked.exe	100%	Avira	TR/Crypt.XPACK.Gen
unpacked.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.0.unpacked.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File
0.2.unpacked.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen		Download File

Domains

Source	Detection	Scanner	Label	Link
firenzelavori.lt	10%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://kbfvzoboss.bid/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.win/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
http://alphastand.trade/alien/fre.php	0%	URL Reputation	safe
https://firenzelavori.lt/loki/Panel/five/fre.php	10%	Virustotal		Browse
https://firenzelavori.lt/loki/Panel/five/fre.php	0%	Avira URL Cloud	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://alphastand.top/alien/fre.php	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe
http://www.ibsensoftware.com/	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
firenzelavori.lt	unknown	unknown	true	10%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://kbfvzoboss.bid/alien/fre.php	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://alphastand.win/alien/fre.php	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://alphastand.trade/alien/fre.php	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://alphastand.top/alien/fre.php	true	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://firenzelavori.lt/loki/Panel/five/fre.php	unpacked.exe, 00000000.00000002.907795683.00000000004A0000.00000004.00020000.sdmp	true	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.ibsensoftware.com/	unpacked.exe	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown

Contacted IPs

No contacted IP infos

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	431544
Start date:	08.06.2021
Start time:	21:45:03
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 44s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	unpacked.bin (renamed file extension from bin to exe)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/2@157/0
EGA Information:	Failed
HDC Information:	Successful, ratio: 100% (good quality ratio 95.9%) Quality average: 76.9% Quality standard deviation: 28.7%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.82.210.154, 52.147.198.201, 204.79.197.200, 13.107.21.200, 168.61.161.212, 23.54.113.53, 13.88.21.125, 13.64.90.137, 40.88.32.150, 104.43.193.48, 20.54.7.98, 20.54.26.129, 8.248.145.254, 8.241.9.126, 8.241.11.254, 8.248.135.254, 8.253.95.121, 20.54.104.15, 92.122.213.247, 92.122.213.194 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, www.bing.com, skypedataprdcolwus17.cloudapp.net, dual-a-0001.a-msedge.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, ctldl.windowsupdate.com, consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net, skypedataprdcolcus15.cloudapp.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net, neu-consumerrp-displaycatalog-aks2aks-europe.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:46:02	API Interceptor	26x Sleep call for process: unpacked.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Roaming\C79A3B\B52B3F.lck Download File
Process:	C:\Users\user\Desktop\unpacked.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1

C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3853321935-2125563209-4053062332-1002\bc49718863ee53e026d805ec372039e9_d06ed635-68f6-4e9a-955c-4899f5f57b9a Download File
Process:	C:\Users\user\Desktop\unpacked.exe
File Type:	data
Category:	dropped
Size (bytes):	10718
Entropy (8bit):	0.6039339853994985
Encrypted:	false
SSDEEP:	12:4/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/g/gg:w
MD5:	C7ADD3D3A64EBD1148853BB23AFBA9BB
SHA1:	B5D425C10D7730DB432E9B0DCC74707132299F86
SHA-256:	AF8070E934B1B40B485E661925D15D2A5B362A6924B3B7F7FFF6AF9373BAF7BA
SHA-512:	19D4BA9560BE7F43FC7F2F86A5F9BE2CE3F11D46F99EF4FA0652364702FF42A62E9E363CA25B9B0319F1D5508B3BB5C9850266C6CAC086A74005A1A99697A8EC
Malicious:	false
Reputation:	low
Preview:	........................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user.......................................................................................user...................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.054379657980403
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	unpacked.exe
File size:	106496
MD5:	1917f888cacd48b9a8d4832449e8d34f
SHA1:	d732e6a78ea44b77943c1e74e19c9ea92d0b7a28
SHA256:	3deeb55fefe05f51c41b1724780e5de1e33a432e01f455e3ab5d2af5ca655464
SHA512:	901b095813605c89945e1b5354fef210b0a68d94a79156b5d405116c5f00a15571046a0e9d65830cdaea8a3deda657a6d4ac6744ecef30cca6b26033d8b61b55
SSDEEP:	1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........x.....................K.K.............=2......................................=2......=2......Rich............PE..L.....lW...

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x4139de
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x576C0885 [Thu Jun 23 16:04:21 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	0239fd611af3d0e9b0c46c5837c80e09

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ecx
and dword ptr [ebp-04h], 00000000h
lea eax, dword ptr [ebp-04h]
push esi
push edi
push eax
call 00007F59A47A49D9h
push eax
call 00007F59A47A49B6h
xor esi, esi
mov edi, eax
pop ecx
pop ecx
cmp dword ptr [ebp-04h], esi
jle 00007F59A47A4B96h
push 004188BCh
push dword ptr [edi+esi*4]
call 00007F59A4797065h
pop ecx
pop ecx
test eax, eax
je 00007F59A47A4B7Dh
push 00002710h
call 00007F59A479791Ah
pop ecx
inc esi
cmp esi, dword ptr [ebp-04h]
jl 00007F59A47A4B4Eh
push 00000000h
call 00007F59A47A49AEh
push 00000000h
call 00007F59A47A4CC2h
pop ecx
pop edi
xor eax, eax
pop esi
mov esp, ebp
pop ebp
retn 0010h
push ebp
mov ebp, esp
xor eax, eax
push eax
push eax
push E567384Dh
push eax
call 00007F59A4794309h
push dword ptr [ebp+08h]
call eax
pop ebp
ret
push ebp
mov ebp, esp
push esi
mov esi, dword ptr [ebp+08h]
test esi, esi
je 00007F59A47A4BD4h
push esi
call 00007F59A4796E30h
pop ecx
test eax, eax
je 00007F59A47A4BC9h
push esi
call 00007F59A4794E6Ch
pop ecx
test eax, eax
je 00007F59A47A4BBEh
mov eax, dword ptr [0049FDECh]
cmp dword ptr [ebp+10h], 00000000h
cmovne eax, dword ptr [ebp+10h]
push eax
push dword ptr [0049FDE8h]
call 00007F59A4796864h
push dword ptr [ebp+0Ch]
push dword ptr [0049FDE8h]
call 00007F59A4796856h
push 00000000h
push 00000000h
push esi

Rich Headers

Programming Language:

[ASM] VS2008 SP1 build 30729
[ASM] VS2003 (.NET) build 3077
[ C ] VS2008 SP1 build 30729
[LNK] VS2013 UPD5 build 40629
[C++] VS2013 UPD5 build 40629
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x18ed0	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x15000	0x5c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x136f5	0x13800	False	0.568509615385	data	6.49204829439	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x15000	0x4060	0x4200	False	0.365944602273	data	4.25599948305	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x1a000	0x85e24	0x200	False	0.056640625	data	0.321716074313	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.x	0xa0000	0x2000	0x2000	False	0.0194091796875	data	0.215612772574	IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
WS2_32.dll	getaddrinfo, freeaddrinfo, closesocket, WSAStartup, socket, send, recv, connect
KERNEL32.dll	GetProcessHeap, HeapFree, HeapAlloc, SetLastError, GetLastError
ole32.dll	CoCreateInstance, CoInitialize, CoUninitialize
OLEAUT32.dll	VariantInit, SysFreeString, SysAllocString

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source IP	Dest IP
06/08/21-21:45:54.964981	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:45:56.099009	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:45:57.298036	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:45:58.656733	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:00.751806	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:01.754117	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:02.956035	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:04.041251	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:05.052317	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:06.495672	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:07.523806	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:08.667938	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:10.878494	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:11.909233	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:13.112330	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:14.141931	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:15.412834	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:16.459862	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:17.552955	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:18.558916	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:20.849702	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:22.067990	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:22.966525	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:24.303998	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:25.381509	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:26.549659	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:27.582089	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:29.147828	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:30.159692	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:31.392048	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:32.534581	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:34.568874	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:36.930081	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:39.055318	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:41.273154	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:42.322420	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:43.383142	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:44.412509	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:46.192174	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:48.177418	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:49.217508	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:50.474508	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:51.461367	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:52.631150	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:53.835880	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:55.850179	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:56.895356	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:57.928431	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:46:59.167510	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:00.166543	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:01.306661	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:02.311429	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:03.650406	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:04.635429	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:05.742289	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:06.741761	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:09.007209	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:10.111150	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:11.101358	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:12.360436	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:13.478896	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:15.729908	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:16.714200	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:18.537071	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:21.017088	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:23.136770	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:24.175057	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:25.384551	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:26.427195	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:27.523031	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:28.824177	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:29.824469	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:30.916586	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:33.152055	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:34.167246	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:35.231782	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:36.266106	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:37.494183	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:38.520658	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:39.622604	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:41.862796	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:44.070337	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:45.015619	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:46.256576	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:47.254045	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:48.341446	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:49.365798	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:50.575788	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:52.731560	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:53.965149	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8
06/08/21-21:47:56.097590	ICMP	402	ICMP Destination Unreachable Port Unreachable	192.168.2.4	8.8.8.8

Network Port Distribution

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jun 8, 2021 21:45:43.562550068 CEST	53723	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:43.606097937 CEST	53	53723	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:43.945187092 CEST	64646	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:43.989876986 CEST	53	64646	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:44.016258955 CEST	65298	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:44.075732946 CEST	53	65298	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:44.701061010 CEST	59123	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:44.743454933 CEST	53	59123	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:45.622090101 CEST	54531	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:45.665627003 CEST	53	54531	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:47.177716970 CEST	49714	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:47.222187042 CEST	53	49714	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:51.877125025 CEST	58028	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:52.904454947 CEST	58028	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:53.949357033 CEST	58028	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:54.031042099 CEST	53	58028	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:54.131951094 CEST	53097	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:54.964849949 CEST	53	58028	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:55.152808905 CEST	53097	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:55.283318996 CEST	53	53097	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:55.462305069 CEST	49257	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:56.096419096 CEST	53	58028	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:56.496690035 CEST	49257	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:57.297934055 CEST	53	53097	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:57.530993938 CEST	53	49257	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:57.594887972 CEST	62389	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:58.606086016 CEST	62389	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:58.656579018 CEST	53	49257	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:59.606571913 CEST	62389	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:45:59.748205900 CEST	53	62389	8.8.8.8	192.168.2.4
Jun 8, 2021 21:45:59.883620977 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:00.751663923 CEST	53	62389	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:00.903748035 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:01.754004955 CEST	53	62389	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:01.950437069 CEST	49910	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:01.954190969 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:02.012041092 CEST	55854	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:02.955827951 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:02.997443914 CEST	55854	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:03.166112900 CEST	53	55854	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:03.437616110 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:04.041093111 CEST	53	49910	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:04.434828997 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:05.052217960 CEST	53	55854	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:05.453898907 CEST	64549	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:05.497453928 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:05.570528984 CEST	63153	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:06.495476007 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:06.612905025 CEST	63153	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:07.523649931 CEST	53	64549	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:07.637537956 CEST	53	63153	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:07.839531898 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:08.667673111 CEST	53	63153	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:08.827095032 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:09.857043028 CEST	52991	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:09.898715973 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:09.970566988 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:10.878359079 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:10.966896057 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:11.909037113 CEST	53	52991	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:11.998529911 CEST	53700	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:12.116466045 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:12.360927105 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:13.111957073 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:13.357603073 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:14.141757011 CEST	53	53700	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:14.404340982 CEST	51726	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:14.428513050 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:14.492835999 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:15.412590027 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:15.482626915 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:16.459697962 CEST	53	51726	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:16.498698950 CEST	56794	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:16.559284925 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:16.765202045 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:17.551523924 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:17.682575941 CEST	56627	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:17.735291958 CEST	53	56627	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:17.779926062 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:18.558773994 CEST	53	56794	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:18.795504093 CEST	56534	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:18.817079067 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:18.845583916 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:18.877701044 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:18.956360102 CEST	63116	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:19.000189066 CEST	53	63116	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:19.768825054 CEST	64078	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:19.811077118 CEST	53	64078	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:19.904709101 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:20.849522114 CEST	53	56534	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:20.905123949 CEST	56621	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:21.023518085 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:21.058989048 CEST	64801	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:21.102824926 CEST	53	64801	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:21.246056080 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:21.963789940 CEST	51255	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:22.006076097 CEST	53	51255	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:22.067851067 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:22.248971939 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:22.966429949 CEST	53	56621	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:23.330734015 CEST	61721	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:23.406764984 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:23.491897106 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:23.585839033 CEST	52337	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:23.630388975 CEST	53	52337	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:24.303822994 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:24.499166965 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:25.381407022 CEST	53	61721	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:25.520415068 CEST	61522	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:25.544979095 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:26.081139088 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:26.364808083 CEST	49612	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:26.406956911 CEST	53	49612	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:26.549565077 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:27.093158960 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:27.170964956 CEST	49285	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:27.213892937 CEST	53	49285	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:27.578676939 CEST	53	61522	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:28.108696938 CEST	55046	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:28.133059978 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:28.202702045 CEST	50601	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:28.381675005 CEST	60875	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:28.425586939 CEST	53	60875	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:29.147697926 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:29.203473091 CEST	56448	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:29.245816946 CEST	53	56448	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:29.249587059 CEST	50601	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:30.001235962 CEST	59172	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:30.044305086 CEST	53	59172	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:30.159603119 CEST	53	55046	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:30.252590895 CEST	53	50601	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:30.471527100 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:30.915079117 CEST	60579	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:30.971255064 CEST	53	60579	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:31.391915083 CEST	53	50601	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:31.468352079 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:32.398669004 CEST	50183	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:32.441801071 CEST	53	50183	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:32.499547005 CEST	62420	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:32.521692991 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:32.534461021 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:32.584973097 CEST	61531	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:33.267777920 CEST	49228	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:33.310291052 CEST	53	49228	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:33.609155893 CEST	61531	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:34.200391054 CEST	59794	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:34.243145943 CEST	53	59794	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:34.568773985 CEST	53	62420	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:34.649571896 CEST	53	61531	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:34.676616907 CEST	53	61531	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:34.842267036 CEST	55916	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:35.876543045 CEST	55916	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:35.903491020 CEST	53	55916	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:35.967943907 CEST	52752	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:36.132097006 CEST	60542	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:36.174747944 CEST	53	60542	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:36.929928064 CEST	53	55916	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:37.000228882 CEST	52752	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:37.725966930 CEST	60689	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:37.768333912 CEST	53	60689	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:38.005538940 CEST	64206	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:38.021327019 CEST	53	52752	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:38.135736942 CEST	53	64206	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:38.201216936 CEST	50904	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:38.594966888 CEST	57525	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:38.638233900 CEST	53	57525	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:38.755841017 CEST	53814	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:38.764880896 CEST	53418	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:38.800532103 CEST	53	53814	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:38.810175896 CEST	53	53418	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:39.055157900 CEST	53	52752	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:39.203886986 CEST	50904	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:39.227360010 CEST	62833	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:39.269656897 CEST	53	62833	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:39.923281908 CEST	59260	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:40.042031050 CEST	53	59260	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:40.251085043 CEST	50904	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:40.255594969 CEST	53	50904	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:40.319829941 CEST	49944	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:40.473319054 CEST	63300	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:40.610764027 CEST	53	63300	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:41.185889959 CEST	61449	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:41.229986906 CEST	53	61449	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:41.272996902 CEST	53	50904	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:41.328957081 CEST	49944	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:41.882488966 CEST	51275	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:41.927103996 CEST	53	51275	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:42.322325945 CEST	53	50904	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:42.362428904 CEST	49944	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:42.377063036 CEST	53	49944	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:42.412216902 CEST	63492	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:42.601085901 CEST	53	63492	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:43.006941080 CEST	58945	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:43.381939888 CEST	53	49944	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:44.133902073 CEST	58945	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:44.412440062 CEST	53	49944	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:44.795120001 CEST	60779	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:44.921123981 CEST	53	60779	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:45.058058977 CEST	53	58945	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:45.122220993 CEST	64014	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:45.813216925 CEST	57091	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:45.858104944 CEST	53	57091	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:46.111083984 CEST	64014	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:46.191679001 CEST	53	58945	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:46.504319906 CEST	55904	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:46.546845913 CEST	53	55904	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:47.157222033 CEST	64014	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:47.190107107 CEST	53	64014	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:47.389873028 CEST	52109	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:48.177098989 CEST	53	64014	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:48.407136917 CEST	52109	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:49.217385054 CEST	53	64014	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:49.407537937 CEST	52109	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:49.458240032 CEST	53	52109	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:49.508212090 CEST	54450	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:50.473567009 CEST	53	52109	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:50.549647093 CEST	54450	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:51.460020065 CEST	53	52109	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:51.563159943 CEST	53	54450	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:51.747528076 CEST	49374	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:52.630448103 CEST	53	54450	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:52.751557112 CEST	49374	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:53.798799992 CEST	49374	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:53.799050093 CEST	53	49374	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:53.833877087 CEST	53	49374	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:53.847084999 CEST	50436	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:54.845546007 CEST	50436	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:55.848917961 CEST	53	49374	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:55.860851049 CEST	50436	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:55.906429052 CEST	53	50436	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:56.081727028 CEST	62605	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:56.270961046 CEST	54256	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:56.317353964 CEST	53	54256	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:56.895240068 CEST	53	50436	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:57.111162901 CEST	62605	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:57.927381039 CEST	53	50436	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:58.111620903 CEST	62605	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:58.141593933 CEST	53	62605	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:58.231235981 CEST	52189	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:46:59.167232990 CEST	53	62605	8.8.8.8	192.168.2.4
Jun 8, 2021 21:46:59.252168894 CEST	52189	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:00.166117907 CEST	53	62605	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:00.252022982 CEST	52189	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:00.375360012 CEST	53	52189	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:00.577198029 CEST	56131	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:01.303164005 CEST	53	52189	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:01.580754995 CEST	56131	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:02.311242104 CEST	53	52189	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:02.580833912 CEST	56131	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:02.639693975 CEST	53	56131	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:02.692893028 CEST	62992	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:03.650212049 CEST	53	56131	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:03.689793110 CEST	62992	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:04.635265112 CEST	53	56131	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:04.690243959 CEST	62992	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:04.753757954 CEST	53	62992	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:04.949143887 CEST	54432	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:05.742089987 CEST	53	62992	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:05.940279007 CEST	54432	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:06.741580009 CEST	53	62992	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:06.955763102 CEST	54432	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:06.995599985 CEST	53	54432	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:06.999622107 CEST	53	54432	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:07.054735899 CEST	57227	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:08.049606085 CEST	57227	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:09.006959915 CEST	53	54432	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:09.050389051 CEST	57227	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:09.118876934 CEST	53	57227	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:09.295856953 CEST	58383	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:10.110972881 CEST	53	57227	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:10.299781084 CEST	58383	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:10.346471071 CEST	53	58383	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:10.411015987 CEST	63136	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:11.101150036 CEST	53	57227	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:11.410487890 CEST	63136	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:12.360198021 CEST	53	58383	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:12.409337044 CEST	63136	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:12.463222027 CEST	53	63136	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:12.634934902 CEST	50911	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:13.478159904 CEST	53	63136	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:13.478791952 CEST	53	63136	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:13.659801006 CEST	50911	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:14.659584045 CEST	50911	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:14.685441971 CEST	53	50911	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:15.185108900 CEST	63409	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:15.729770899 CEST	53	50911	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:16.481981039 CEST	63409	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:16.714116096 CEST	53	50911	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:17.254282951 CEST	53	63409	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:17.961178064 CEST	59185	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:18.536780119 CEST	53	63409	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:18.956878901 CEST	59185	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:20.004018068 CEST	59185	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:20.016000032 CEST	53	59185	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:20.076462984 CEST	64236	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:21.015921116 CEST	53	59185	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:21.054079056 CEST	53	59185	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:21.066327095 CEST	64236	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:22.113267899 CEST	64236	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:22.136045933 CEST	53	64236	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:22.336220980 CEST	56157	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:23.136607885 CEST	53	64236	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:23.332197905 CEST	56157	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:24.174911976 CEST	53	64236	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:24.363570929 CEST	56157	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:24.389036894 CEST	53	56157	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:24.449955940 CEST	55601	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:25.384382963 CEST	53	56157	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:25.457873106 CEST	55601	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:25.519726038 CEST	53	55601	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:25.612840891 CEST	52984	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:25.666011095 CEST	53	52984	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:25.717809916 CEST	51141	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:26.427104950 CEST	53	56157	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:26.754235029 CEST	51141	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:27.041246891 CEST	53610	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:27.093954086 CEST	53	53610	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:27.522811890 CEST	53	55601	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:27.754870892 CEST	51141	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:27.780371904 CEST	53	51141	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:27.845082045 CEST	61247	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:28.824048042 CEST	53	51141	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:28.863986969 CEST	61247	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:29.824358940 CEST	53	51141	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:29.909408092 CEST	53	61247	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:30.084748030 CEST	65165	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:30.916280031 CEST	53	61247	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:31.083328962 CEST	65165	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:32.114192009 CEST	65165	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:32.136877060 CEST	53	65165	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:32.189172983 CEST	52076	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:33.151773930 CEST	53	65165	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:33.176843882 CEST	52076	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:34.166973114 CEST	53	65165	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:34.208899021 CEST	52076	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:34.240186930 CEST	53	52076	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:34.429323912 CEST	54903	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:35.231642962 CEST	53	52076	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:35.443193913 CEST	54903	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:36.265803099 CEST	53	52076	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:36.458527088 CEST	54903	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:36.501844883 CEST	53	54903	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:36.563122034 CEST	55045	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:37.493937969 CEST	53	54903	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:37.552800894 CEST	55045	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:38.519963026 CEST	53	54903	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:38.613956928 CEST	53	55045	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:38.807032108 CEST	54464	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:39.622416973 CEST	53	55045	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:39.802510023 CEST	54464	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:40.864825010 CEST	54464	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:40.868098021 CEST	53	54464	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:40.934251070 CEST	50970	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:41.862596035 CEST	53	54464	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:41.915184021 CEST	53	54464	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:41.927423000 CEST	50970	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:42.958767891 CEST	50970	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:43.001543045 CEST	53	50970	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:43.184807062 CEST	55261	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:44.070219040 CEST	53	50970	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:44.193227053 CEST	55261	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:45.015480042 CEST	53	50970	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:45.193996906 CEST	55261	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:45.244647980 CEST	53	55261	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:45.297132015 CEST	59809	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:46.256390095 CEST	53	55261	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:46.287997961 CEST	59809	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:47.253948927 CEST	53	55261	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:47.303075075 CEST	59809	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:47.349199057 CEST	53	59809	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:47.535079002 CEST	51278	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:48.341305017 CEST	53	59809	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:48.522089958 CEST	51278	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:48.602914095 CEST	53	51278	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:48.657644987 CEST	51932	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:49.365561962 CEST	53	59809	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:49.647190094 CEST	51932	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:50.575690985 CEST	53	51278	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:50.662636995 CEST	51932	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:50.713604927 CEST	53	51932	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:50.718641043 CEST	53	51932	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:50.917951107 CEST	59494	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:51.912719011 CEST	59494	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:52.731357098 CEST	53	51932	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:52.959919930 CEST	59494	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:52.988394976 CEST	53	59494	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:53.047916889 CEST	55915	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:53.964979887 CEST	53	59494	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:54.010020018 CEST	53	59494	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:54.037939072 CEST	55915	53	192.168.2.4	8.8.8.8
Jun 8, 2021 21:47:54.116904020 CEST	53	55915	8.8.8.8	192.168.2.4
Jun 8, 2021 21:47:56.097395897 CEST	53	55915	8.8.8.8	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jun 8, 2021 21:45:54.964981079 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:45:56.099009037 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:45:57.298036098 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:45:58.656733036 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:00.751806021 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:01.754117012 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:02.956034899 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:04.041250944 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:05.052316904 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:06.495671988 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:07.523806095 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:08.667937994 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:10.878494024 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:11.909233093 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:13.112329960 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:14.141931057 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:15.412833929 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:16.459861994 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:17.552954912 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:18.558916092 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:20.849701881 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:22.067990065 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:22.966525078 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:24.303997993 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:25.381509066 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:26.549659014 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:27.582088947 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:29.147828102 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:30.159692049 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:31.392047882 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:32.534580946 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:34.568873882 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:36.930080891 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:39.055318117 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:41.273154020 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:42.322419882 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:43.383141994 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:44.412508965 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:46.192173958 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:48.177417994 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:49.217508078 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:50.474508047 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:51.461366892 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:52.631150007 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:53.835880041 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:55.850178957 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:56.895355940 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:57.928431034 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:46:59.167510033 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:00.166543007 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:01.306660891 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:02.311429024 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:03.650405884 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:04.635428905 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:05.742289066 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:06.741760969 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:09.007209063 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:10.111150026 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:11.101357937 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:12.360435963 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:13.478895903 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:15.729907990 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:16.714200020 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:18.537070990 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:21.017087936 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:23.136770010 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:24.175056934 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:25.384551048 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:26.427195072 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:27.523030996 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:28.824177027 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:29.824469090 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:30.916585922 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:33.152055025 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:34.167246103 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:35.231781960 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:36.266105890 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:37.494183064 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:38.520658016 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:39.622603893 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:41.862796068 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:44.070337057 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:45.015619040 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:46.256576061 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:47.254045010 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:48.341445923 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:49.365797997 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:50.575788021 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:52.731559992 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:53.965148926 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable
Jun 8, 2021 21:47:56.097589970 CEST	192.168.2.4	8.8.8.8	cff4	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jun 8, 2021 21:45:51.877125025 CEST	192.168.2.4	8.8.8.8	0xbfee	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:52.904454947 CEST	192.168.2.4	8.8.8.8	0xbfee	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:53.949357033 CEST	192.168.2.4	8.8.8.8	0xbfee	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:54.131951094 CEST	192.168.2.4	8.8.8.8	0xbfff	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:55.152808905 CEST	192.168.2.4	8.8.8.8	0xbfff	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:55.462305069 CEST	192.168.2.4	8.8.8.8	0xdba7	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:56.496690035 CEST	192.168.2.4	8.8.8.8	0xdba7	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:57.594887972 CEST	192.168.2.4	8.8.8.8	0xa13a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:58.606086016 CEST	192.168.2.4	8.8.8.8	0xa13a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:59.606571913 CEST	192.168.2.4	8.8.8.8	0xa13a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:59.883620977 CEST	192.168.2.4	8.8.8.8	0xe1e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:00.903748035 CEST	192.168.2.4	8.8.8.8	0xe1e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:01.950437069 CEST	192.168.2.4	8.8.8.8	0xe1e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:02.012041092 CEST	192.168.2.4	8.8.8.8	0x2348	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:02.997443914 CEST	192.168.2.4	8.8.8.8	0x2348	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:03.437616110 CEST	192.168.2.4	8.8.8.8	0x3944	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:04.434828997 CEST	192.168.2.4	8.8.8.8	0x3944	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:05.453898907 CEST	192.168.2.4	8.8.8.8	0x3944	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:05.570528984 CEST	192.168.2.4	8.8.8.8	0x7d6	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:06.612905025 CEST	192.168.2.4	8.8.8.8	0x7d6	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:07.839531898 CEST	192.168.2.4	8.8.8.8	0x9c1f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:08.827095032 CEST	192.168.2.4	8.8.8.8	0x9c1f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:09.857043028 CEST	192.168.2.4	8.8.8.8	0x9c1f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:09.970566988 CEST	192.168.2.4	8.8.8.8	0x70ed	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:10.966896057 CEST	192.168.2.4	8.8.8.8	0x70ed	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:11.998529911 CEST	192.168.2.4	8.8.8.8	0x70ed	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:12.360927105 CEST	192.168.2.4	8.8.8.8	0xbbc0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:13.357603073 CEST	192.168.2.4	8.8.8.8	0xbbc0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:14.404340982 CEST	192.168.2.4	8.8.8.8	0xbbc0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:14.492835999 CEST	192.168.2.4	8.8.8.8	0x38f9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:15.482626915 CEST	192.168.2.4	8.8.8.8	0x38f9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:16.498698950 CEST	192.168.2.4	8.8.8.8	0x38f9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:16.765202045 CEST	192.168.2.4	8.8.8.8	0x5abe	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:17.779926062 CEST	192.168.2.4	8.8.8.8	0x5abe	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:18.795504093 CEST	192.168.2.4	8.8.8.8	0x5abe	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:18.877701044 CEST	192.168.2.4	8.8.8.8	0x87d9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:19.904709101 CEST	192.168.2.4	8.8.8.8	0x87d9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:20.905123949 CEST	192.168.2.4	8.8.8.8	0x87d9	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:21.246056080 CEST	192.168.2.4	8.8.8.8	0xaa5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:22.248971939 CEST	192.168.2.4	8.8.8.8	0xaa5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:23.330734015 CEST	192.168.2.4	8.8.8.8	0xaa5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:23.491897106 CEST	192.168.2.4	8.8.8.8	0x671c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:24.499166965 CEST	192.168.2.4	8.8.8.8	0x671c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:25.520415068 CEST	192.168.2.4	8.8.8.8	0x671c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:26.081139088 CEST	192.168.2.4	8.8.8.8	0xf9eb	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:27.093158960 CEST	192.168.2.4	8.8.8.8	0xf9eb	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:28.108696938 CEST	192.168.2.4	8.8.8.8	0xf9eb	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:28.202702045 CEST	192.168.2.4	8.8.8.8	0x465b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:29.249587059 CEST	192.168.2.4	8.8.8.8	0x465b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:30.471527100 CEST	192.168.2.4	8.8.8.8	0x6046	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:31.468352079 CEST	192.168.2.4	8.8.8.8	0x6046	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:32.499547005 CEST	192.168.2.4	8.8.8.8	0x6046	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:32.584973097 CEST	192.168.2.4	8.8.8.8	0xe466	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:33.609155893 CEST	192.168.2.4	8.8.8.8	0xe466	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:34.842267036 CEST	192.168.2.4	8.8.8.8	0x1ca4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:35.876543045 CEST	192.168.2.4	8.8.8.8	0x1ca4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:35.967943907 CEST	192.168.2.4	8.8.8.8	0xb8fe	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:37.000228882 CEST	192.168.2.4	8.8.8.8	0xb8fe	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:38.201216936 CEST	192.168.2.4	8.8.8.8	0x4458	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:39.203886986 CEST	192.168.2.4	8.8.8.8	0x4458	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:40.251085043 CEST	192.168.2.4	8.8.8.8	0x4458	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:40.319829941 CEST	192.168.2.4	8.8.8.8	0xfd45	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:41.328957081 CEST	192.168.2.4	8.8.8.8	0xfd45	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:42.362428904 CEST	192.168.2.4	8.8.8.8	0xfd45	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:43.006941080 CEST	192.168.2.4	8.8.8.8	0xdf11	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:44.133902073 CEST	192.168.2.4	8.8.8.8	0xdf11	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:45.122220993 CEST	192.168.2.4	8.8.8.8	0xe24a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:46.111083984 CEST	192.168.2.4	8.8.8.8	0xe24a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:47.157222033 CEST	192.168.2.4	8.8.8.8	0xe24a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:47.389873028 CEST	192.168.2.4	8.8.8.8	0x967d	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:48.407136917 CEST	192.168.2.4	8.8.8.8	0x967d	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:49.407537937 CEST	192.168.2.4	8.8.8.8	0x967d	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:49.508212090 CEST	192.168.2.4	8.8.8.8	0x498d	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:50.549647093 CEST	192.168.2.4	8.8.8.8	0x498d	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:51.747528076 CEST	192.168.2.4	8.8.8.8	0xcdd8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:52.751557112 CEST	192.168.2.4	8.8.8.8	0xcdd8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:53.798799992 CEST	192.168.2.4	8.8.8.8	0xcdd8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:53.847084999 CEST	192.168.2.4	8.8.8.8	0x92e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:54.845546007 CEST	192.168.2.4	8.8.8.8	0x92e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:55.860851049 CEST	192.168.2.4	8.8.8.8	0x92e4	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:56.081727028 CEST	192.168.2.4	8.8.8.8	0xef23	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:57.111162901 CEST	192.168.2.4	8.8.8.8	0xef23	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:58.111620903 CEST	192.168.2.4	8.8.8.8	0xef23	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:58.231235981 CEST	192.168.2.4	8.8.8.8	0x94f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:59.252168894 CEST	192.168.2.4	8.8.8.8	0x94f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:00.252022982 CEST	192.168.2.4	8.8.8.8	0x94f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:00.577198029 CEST	192.168.2.4	8.8.8.8	0xa055	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:01.580754995 CEST	192.168.2.4	8.8.8.8	0xa055	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:02.580833912 CEST	192.168.2.4	8.8.8.8	0xa055	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:02.692893028 CEST	192.168.2.4	8.8.8.8	0xa7f0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:03.689793110 CEST	192.168.2.4	8.8.8.8	0xa7f0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:04.690243959 CEST	192.168.2.4	8.8.8.8	0xa7f0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:04.949143887 CEST	192.168.2.4	8.8.8.8	0xb68e	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:05.940279007 CEST	192.168.2.4	8.8.8.8	0xb68e	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:06.955763102 CEST	192.168.2.4	8.8.8.8	0xb68e	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:07.054735899 CEST	192.168.2.4	8.8.8.8	0x17b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:08.049606085 CEST	192.168.2.4	8.8.8.8	0x17b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:09.050389051 CEST	192.168.2.4	8.8.8.8	0x17b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:09.295856953 CEST	192.168.2.4	8.8.8.8	0x24d0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:10.299781084 CEST	192.168.2.4	8.8.8.8	0x24d0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:10.411015987 CEST	192.168.2.4	8.8.8.8	0x94d3	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:11.410487890 CEST	192.168.2.4	8.8.8.8	0x94d3	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:12.409337044 CEST	192.168.2.4	8.8.8.8	0x94d3	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:12.634934902 CEST	192.168.2.4	8.8.8.8	0x8f0b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:13.659801006 CEST	192.168.2.4	8.8.8.8	0x8f0b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:14.659584045 CEST	192.168.2.4	8.8.8.8	0x8f0b	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:15.185108900 CEST	192.168.2.4	8.8.8.8	0x366a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:16.481981039 CEST	192.168.2.4	8.8.8.8	0x366a	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:17.961178064 CEST	192.168.2.4	8.8.8.8	0xd515	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:18.956878901 CEST	192.168.2.4	8.8.8.8	0xd515	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:20.004018068 CEST	192.168.2.4	8.8.8.8	0xd515	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:20.076462984 CEST	192.168.2.4	8.8.8.8	0x6df5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:21.066327095 CEST	192.168.2.4	8.8.8.8	0x6df5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:22.113267899 CEST	192.168.2.4	8.8.8.8	0x6df5	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:22.336220980 CEST	192.168.2.4	8.8.8.8	0x5d9f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:23.332197905 CEST	192.168.2.4	8.8.8.8	0x5d9f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:24.363570929 CEST	192.168.2.4	8.8.8.8	0x5d9f	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:24.449955940 CEST	192.168.2.4	8.8.8.8	0x28c7	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:25.457873106 CEST	192.168.2.4	8.8.8.8	0x28c7	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:25.717809916 CEST	192.168.2.4	8.8.8.8	0xb6fc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:26.754235029 CEST	192.168.2.4	8.8.8.8	0xb6fc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:27.754870892 CEST	192.168.2.4	8.8.8.8	0xb6fc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:27.845082045 CEST	192.168.2.4	8.8.8.8	0xf0e0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:28.863986969 CEST	192.168.2.4	8.8.8.8	0xf0e0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:30.084748030 CEST	192.168.2.4	8.8.8.8	0x11f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:31.083328962 CEST	192.168.2.4	8.8.8.8	0x11f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:32.114192009 CEST	192.168.2.4	8.8.8.8	0x11f1	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:32.189172983 CEST	192.168.2.4	8.8.8.8	0xd4a0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:33.176843882 CEST	192.168.2.4	8.8.8.8	0xd4a0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:34.208899021 CEST	192.168.2.4	8.8.8.8	0xd4a0	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:34.429323912 CEST	192.168.2.4	8.8.8.8	0x6de8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:35.443193913 CEST	192.168.2.4	8.8.8.8	0x6de8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:36.458527088 CEST	192.168.2.4	8.8.8.8	0x6de8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:36.563122034 CEST	192.168.2.4	8.8.8.8	0x466e	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:37.552800894 CEST	192.168.2.4	8.8.8.8	0x466e	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:38.807032108 CEST	192.168.2.4	8.8.8.8	0xd63c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:39.802510023 CEST	192.168.2.4	8.8.8.8	0xd63c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:40.864825010 CEST	192.168.2.4	8.8.8.8	0xd63c	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:40.934251070 CEST	192.168.2.4	8.8.8.8	0xebf8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:41.927423000 CEST	192.168.2.4	8.8.8.8	0xebf8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:42.958767891 CEST	192.168.2.4	8.8.8.8	0xebf8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:43.184807062 CEST	192.168.2.4	8.8.8.8	0x3cb8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:44.193227053 CEST	192.168.2.4	8.8.8.8	0x3cb8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:45.193996906 CEST	192.168.2.4	8.8.8.8	0x3cb8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:45.297132015 CEST	192.168.2.4	8.8.8.8	0xd6db	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:46.287997961 CEST	192.168.2.4	8.8.8.8	0xd6db	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:47.303075075 CEST	192.168.2.4	8.8.8.8	0xd6db	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:47.535079002 CEST	192.168.2.4	8.8.8.8	0x6347	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:48.522089958 CEST	192.168.2.4	8.8.8.8	0x6347	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:48.657644987 CEST	192.168.2.4	8.8.8.8	0x1cdc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:49.647190094 CEST	192.168.2.4	8.8.8.8	0x1cdc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:50.662636995 CEST	192.168.2.4	8.8.8.8	0x1cdc	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:50.917951107 CEST	192.168.2.4	8.8.8.8	0x52ab	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:51.912719011 CEST	192.168.2.4	8.8.8.8	0x52ab	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:52.959919930 CEST	192.168.2.4	8.8.8.8	0x52ab	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:53.047916889 CEST	192.168.2.4	8.8.8.8	0x6bb8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:54.037939072 CEST	192.168.2.4	8.8.8.8	0x6bb8	Standard query (0)	firenzelavori.lt	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jun 8, 2021 21:45:54.031042099 CEST	8.8.8.8	192.168.2.4	0xbfee	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:54.964849949 CEST	8.8.8.8	192.168.2.4	0xbfee	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:55.283318996 CEST	8.8.8.8	192.168.2.4	0xbfff	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:56.096419096 CEST	8.8.8.8	192.168.2.4	0xbfee	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:57.297934055 CEST	8.8.8.8	192.168.2.4	0xbfff	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:57.530993938 CEST	8.8.8.8	192.168.2.4	0xdba7	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:58.656579018 CEST	8.8.8.8	192.168.2.4	0xdba7	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:45:59.748205900 CEST	8.8.8.8	192.168.2.4	0xa13a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:00.751663923 CEST	8.8.8.8	192.168.2.4	0xa13a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:01.754004955 CEST	8.8.8.8	192.168.2.4	0xa13a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:01.954190969 CEST	8.8.8.8	192.168.2.4	0xe1e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:02.955827951 CEST	8.8.8.8	192.168.2.4	0xe1e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:03.166112900 CEST	8.8.8.8	192.168.2.4	0x2348	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:04.041093111 CEST	8.8.8.8	192.168.2.4	0xe1e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:05.052217960 CEST	8.8.8.8	192.168.2.4	0x2348	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:05.497453928 CEST	8.8.8.8	192.168.2.4	0x3944	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:06.495476007 CEST	8.8.8.8	192.168.2.4	0x3944	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:07.523649931 CEST	8.8.8.8	192.168.2.4	0x3944	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:07.637537956 CEST	8.8.8.8	192.168.2.4	0x7d6	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:08.667673111 CEST	8.8.8.8	192.168.2.4	0x7d6	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:09.898715973 CEST	8.8.8.8	192.168.2.4	0x9c1f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:10.878359079 CEST	8.8.8.8	192.168.2.4	0x9c1f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:11.909037113 CEST	8.8.8.8	192.168.2.4	0x9c1f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:12.116466045 CEST	8.8.8.8	192.168.2.4	0x70ed	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:13.111957073 CEST	8.8.8.8	192.168.2.4	0x70ed	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:14.141757011 CEST	8.8.8.8	192.168.2.4	0x70ed	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:14.428513050 CEST	8.8.8.8	192.168.2.4	0xbbc0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:15.412590027 CEST	8.8.8.8	192.168.2.4	0xbbc0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:16.459697962 CEST	8.8.8.8	192.168.2.4	0xbbc0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:16.559284925 CEST	8.8.8.8	192.168.2.4	0x38f9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:17.551523924 CEST	8.8.8.8	192.168.2.4	0x38f9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:18.558773994 CEST	8.8.8.8	192.168.2.4	0x38f9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:18.817079067 CEST	8.8.8.8	192.168.2.4	0x5abe	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:18.845583916 CEST	8.8.8.8	192.168.2.4	0x5abe	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:20.849522114 CEST	8.8.8.8	192.168.2.4	0x5abe	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:21.023518085 CEST	8.8.8.8	192.168.2.4	0x87d9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:22.067851067 CEST	8.8.8.8	192.168.2.4	0x87d9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:22.966429949 CEST	8.8.8.8	192.168.2.4	0x87d9	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:23.406764984 CEST	8.8.8.8	192.168.2.4	0xaa5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:24.303822994 CEST	8.8.8.8	192.168.2.4	0xaa5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:25.381407022 CEST	8.8.8.8	192.168.2.4	0xaa5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:25.544979095 CEST	8.8.8.8	192.168.2.4	0x671c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:26.549565077 CEST	8.8.8.8	192.168.2.4	0x671c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:27.578676939 CEST	8.8.8.8	192.168.2.4	0x671c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:28.133059978 CEST	8.8.8.8	192.168.2.4	0xf9eb	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:29.147697926 CEST	8.8.8.8	192.168.2.4	0xf9eb	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:30.159603119 CEST	8.8.8.8	192.168.2.4	0xf9eb	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:30.252590895 CEST	8.8.8.8	192.168.2.4	0x465b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:31.391915083 CEST	8.8.8.8	192.168.2.4	0x465b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:32.521692991 CEST	8.8.8.8	192.168.2.4	0x6046	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:32.534461021 CEST	8.8.8.8	192.168.2.4	0x6046	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:34.568773985 CEST	8.8.8.8	192.168.2.4	0x6046	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:34.649571896 CEST	8.8.8.8	192.168.2.4	0xe466	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:34.676616907 CEST	8.8.8.8	192.168.2.4	0xe466	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:35.903491020 CEST	8.8.8.8	192.168.2.4	0x1ca4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:36.929928064 CEST	8.8.8.8	192.168.2.4	0x1ca4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:38.021327019 CEST	8.8.8.8	192.168.2.4	0xb8fe	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:39.055157900 CEST	8.8.8.8	192.168.2.4	0xb8fe	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:40.255594969 CEST	8.8.8.8	192.168.2.4	0x4458	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:41.272996902 CEST	8.8.8.8	192.168.2.4	0x4458	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:42.322325945 CEST	8.8.8.8	192.168.2.4	0x4458	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:42.377063036 CEST	8.8.8.8	192.168.2.4	0xfd45	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:43.381939888 CEST	8.8.8.8	192.168.2.4	0xfd45	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:44.412440062 CEST	8.8.8.8	192.168.2.4	0xfd45	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:45.058058977 CEST	8.8.8.8	192.168.2.4	0xdf11	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:46.191679001 CEST	8.8.8.8	192.168.2.4	0xdf11	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:47.190107107 CEST	8.8.8.8	192.168.2.4	0xe24a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:48.177098989 CEST	8.8.8.8	192.168.2.4	0xe24a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:49.217385054 CEST	8.8.8.8	192.168.2.4	0xe24a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:49.458240032 CEST	8.8.8.8	192.168.2.4	0x967d	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:50.473567009 CEST	8.8.8.8	192.168.2.4	0x967d	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:51.460020065 CEST	8.8.8.8	192.168.2.4	0x967d	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:51.563159943 CEST	8.8.8.8	192.168.2.4	0x498d	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:52.630448103 CEST	8.8.8.8	192.168.2.4	0x498d	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:53.799050093 CEST	8.8.8.8	192.168.2.4	0xcdd8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:53.833877087 CEST	8.8.8.8	192.168.2.4	0xcdd8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:55.848917961 CEST	8.8.8.8	192.168.2.4	0xcdd8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:55.906429052 CEST	8.8.8.8	192.168.2.4	0x92e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:56.895240068 CEST	8.8.8.8	192.168.2.4	0x92e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:57.927381039 CEST	8.8.8.8	192.168.2.4	0x92e4	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:58.141593933 CEST	8.8.8.8	192.168.2.4	0xef23	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:46:59.167232990 CEST	8.8.8.8	192.168.2.4	0xef23	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:00.166117907 CEST	8.8.8.8	192.168.2.4	0xef23	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:00.375360012 CEST	8.8.8.8	192.168.2.4	0x94f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:01.303164005 CEST	8.8.8.8	192.168.2.4	0x94f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:02.311242104 CEST	8.8.8.8	192.168.2.4	0x94f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:02.639693975 CEST	8.8.8.8	192.168.2.4	0xa055	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:03.650212049 CEST	8.8.8.8	192.168.2.4	0xa055	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:04.635265112 CEST	8.8.8.8	192.168.2.4	0xa055	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:04.753757954 CEST	8.8.8.8	192.168.2.4	0xa7f0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:05.742089987 CEST	8.8.8.8	192.168.2.4	0xa7f0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:06.741580009 CEST	8.8.8.8	192.168.2.4	0xa7f0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:06.995599985 CEST	8.8.8.8	192.168.2.4	0xb68e	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:06.999622107 CEST	8.8.8.8	192.168.2.4	0xb68e	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:09.006959915 CEST	8.8.8.8	192.168.2.4	0xb68e	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:09.118876934 CEST	8.8.8.8	192.168.2.4	0x17b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:10.110972881 CEST	8.8.8.8	192.168.2.4	0x17b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:10.346471071 CEST	8.8.8.8	192.168.2.4	0x24d0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:11.101150036 CEST	8.8.8.8	192.168.2.4	0x17b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:12.360198021 CEST	8.8.8.8	192.168.2.4	0x24d0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:12.463222027 CEST	8.8.8.8	192.168.2.4	0x94d3	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:13.478159904 CEST	8.8.8.8	192.168.2.4	0x94d3	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:13.478791952 CEST	8.8.8.8	192.168.2.4	0x94d3	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:14.685441971 CEST	8.8.8.8	192.168.2.4	0x8f0b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:15.729770899 CEST	8.8.8.8	192.168.2.4	0x8f0b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:16.714116096 CEST	8.8.8.8	192.168.2.4	0x8f0b	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:17.254282951 CEST	8.8.8.8	192.168.2.4	0x366a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:18.536780119 CEST	8.8.8.8	192.168.2.4	0x366a	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:20.016000032 CEST	8.8.8.8	192.168.2.4	0xd515	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:21.015921116 CEST	8.8.8.8	192.168.2.4	0xd515	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:21.054079056 CEST	8.8.8.8	192.168.2.4	0xd515	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:22.136045933 CEST	8.8.8.8	192.168.2.4	0x6df5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:23.136607885 CEST	8.8.8.8	192.168.2.4	0x6df5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:24.174911976 CEST	8.8.8.8	192.168.2.4	0x6df5	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:24.389036894 CEST	8.8.8.8	192.168.2.4	0x5d9f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:25.384382963 CEST	8.8.8.8	192.168.2.4	0x5d9f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:25.519726038 CEST	8.8.8.8	192.168.2.4	0x28c7	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:26.427104950 CEST	8.8.8.8	192.168.2.4	0x5d9f	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:27.522811890 CEST	8.8.8.8	192.168.2.4	0x28c7	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:27.780371904 CEST	8.8.8.8	192.168.2.4	0xb6fc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:28.824048042 CEST	8.8.8.8	192.168.2.4	0xb6fc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:29.824358940 CEST	8.8.8.8	192.168.2.4	0xb6fc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:29.909408092 CEST	8.8.8.8	192.168.2.4	0xf0e0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:30.916280031 CEST	8.8.8.8	192.168.2.4	0xf0e0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:32.136877060 CEST	8.8.8.8	192.168.2.4	0x11f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:33.151773930 CEST	8.8.8.8	192.168.2.4	0x11f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:34.166973114 CEST	8.8.8.8	192.168.2.4	0x11f1	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:34.240186930 CEST	8.8.8.8	192.168.2.4	0xd4a0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:35.231642962 CEST	8.8.8.8	192.168.2.4	0xd4a0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:36.265803099 CEST	8.8.8.8	192.168.2.4	0xd4a0	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:36.501844883 CEST	8.8.8.8	192.168.2.4	0x6de8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:37.493937969 CEST	8.8.8.8	192.168.2.4	0x6de8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:38.519963026 CEST	8.8.8.8	192.168.2.4	0x6de8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:38.613956928 CEST	8.8.8.8	192.168.2.4	0x466e	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:39.622416973 CEST	8.8.8.8	192.168.2.4	0x466e	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:40.868098021 CEST	8.8.8.8	192.168.2.4	0xd63c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:41.862596035 CEST	8.8.8.8	192.168.2.4	0xd63c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:41.915184021 CEST	8.8.8.8	192.168.2.4	0xd63c	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:43.001543045 CEST	8.8.8.8	192.168.2.4	0xebf8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:44.070219040 CEST	8.8.8.8	192.168.2.4	0xebf8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:45.015480042 CEST	8.8.8.8	192.168.2.4	0xebf8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:45.244647980 CEST	8.8.8.8	192.168.2.4	0x3cb8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:46.256390095 CEST	8.8.8.8	192.168.2.4	0x3cb8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:47.253948927 CEST	8.8.8.8	192.168.2.4	0x3cb8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:47.349199057 CEST	8.8.8.8	192.168.2.4	0xd6db	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:48.341305017 CEST	8.8.8.8	192.168.2.4	0xd6db	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:48.602914095 CEST	8.8.8.8	192.168.2.4	0x6347	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:49.365561962 CEST	8.8.8.8	192.168.2.4	0xd6db	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:50.575690985 CEST	8.8.8.8	192.168.2.4	0x6347	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:50.713604927 CEST	8.8.8.8	192.168.2.4	0x1cdc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:50.718641043 CEST	8.8.8.8	192.168.2.4	0x1cdc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:52.731357098 CEST	8.8.8.8	192.168.2.4	0x1cdc	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:52.988394976 CEST	8.8.8.8	192.168.2.4	0x52ab	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:53.964979887 CEST	8.8.8.8	192.168.2.4	0x52ab	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:54.010020018 CEST	8.8.8.8	192.168.2.4	0x52ab	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:54.116904020 CEST	8.8.8.8	192.168.2.4	0x6bb8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)
Jun 8, 2021 21:47:56.097395897 CEST	8.8.8.8	192.168.2.4	0x6bb8	Server failure (2)	firenzelavori.lt	none	none	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

System Behavior

Analysis Process: unpacked.exe PID: 6916 Parent PID: 5976

General

Start time:	21:45:49
Start date:	08/06/2021
Path:	C:\Users\user\Desktop\unpacked.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\unpacked.exe'
Imagebase:	0x400000
File size:	106496 bytes
MD5 hash:	1917F888CACD48B9A8D4832449E8D34F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000002.907785402.0000000000415000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_aPLib_compressed_binary, Description: Yara detected aPLib compressed binary, Source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Lokibot, Description: Yara detected Lokibot, Source: 00000000.00000000.643480909.0000000000415000.00000002.00020000.sdmp, Author: Joe Security
Reputation:	low

Disassembly

Code Analysis

Reset < >

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report unpacked.bin

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Lokibot

Yara Overview

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Overview

Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

System Behavior

Analysis Process: unpacked.exe PID: 6916 Parent PID: 5976