Windows Analysis Report file.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Cryptbot |
---|
{"Download URL": "http://bojwfi01.top/download.php?file=lv.exe", "C2 list": ["moresh01.top/index.php", "cemnit12.top/index.php"]}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Glupteba_1 | Yara detected Glupteba | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
JoeSecurity_Cryptbot | Yara detected Cryptbot | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Code function: | 0_2_00401220 |
Compliance: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00402680 | |
Source: | Code function: | 0_2_0042ABC1 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: | ||
Source: | URLs: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | Code function: | 0_2_0040DB70 |
Source: | Code function: | 0_2_0040AD20 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00414000 | |
Source: | Code function: | 0_2_0041B72F | |
Source: | Code function: | 0_2_004138F0 | |
Source: | Code function: | 0_2_0043030F | |
Source: | Code function: | 0_2_004223F0 | |
Source: | Code function: | 0_2_00420429 | |
Source: | Code function: | 0_2_0043042F | |
Source: | Code function: | 0_2_0041B4FD | |
Source: | Code function: | 0_2_00413580 | |
Source: | Code function: | 0_2_004327BD | |
Source: | Code function: | 0_2_00433800 | |
Source: | Code function: | 0_2_0041B994 | |
Source: | Code function: | 0_2_00411A10 | |
Source: | Code function: | 0_2_0042DAF1 | |
Source: | Code function: | 0_2_00410E50 | |
Source: | Code function: | 0_2_0044EA80 |
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00415BF0 | |
Source: | Command line argument: | 0_2_00432D90 |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Detected unpacking (overwrites its own PE header) | Show sources |
Source: | Unpacked PE file: |
Detected unpacking (changes PE section rights) | Show sources |
Source: | Unpacked PE file: |
Source: | Code function: | 0_2_00436696 | |
Source: | Code function: | 0_2_00408A77 | |
Source: | Code function: | 0_2_00416CC9 | |
Source: | Code function: | 0_2_019DB1DE |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040DB70 |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Last function: |
Source: | Registry key enumerated: |
Source: | Registry key queried: | Jump to behavior |
Source: | Code function: | 0_2_0040A6E3 |
Source: | Code function: | 0_2_00402680 | |
Source: | Code function: | 0_2_0042ABC1 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 0_2_0041D1DD |
Source: | Code function: | 0_2_0042C070 |
Source: | Code function: | 0_2_004230B1 | |
Source: | Code function: | 0_2_0042A824 |
Source: | Code function: | 0_2_0041D1DD | |
Source: | Code function: | 0_2_00416A61 | |
Source: | Code function: | 0_2_00416BF7 | |
Source: | Code function: | 0_2_00416E3D |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040DB70 |
Source: | Code function: | 0_2_00416891 |
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior | ||
Source: | Registry key value queried: | Jump to behavior |
Source: | Code function: | 0_2_00413A40 |
Source: | Code function: | 0_2_00429D74 |
Source: | Code function: | 0_2_0040AA30 |
Stealing of Sensitive Information: |
---|
Yara detected Cryptbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Glupteba | Show sources |
Source: | File source: |
Found many strings related to Crypto-Wallets (likely being stolen) | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Remote Access Functionality: |
---|
Yara detected Cryptbot | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Yara detected Glupteba | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Command and Scripting Interpreter2 | Path Interception | Process Injection1 | Deobfuscate/Decode Files or Information1 | OS Credential Dumping1 | System Time Discovery2 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Obfuscated Files or Information3 | Input Capture1 | Account Discovery1 | Remote Desktop Protocol | Data from Local System2 | Exfiltration Over Bluetooth | Encrypted Channel2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Software Packing21 | Security Account Manager | File and Directory Discovery3 | SMB/Windows Admin Shares | Screen Capture1 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Masquerading1 | NTDS | System Information Discovery53 | Distributed Component Object Model | Input Capture1 | Scheduled Transfer | Application Layer Protocol11 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Virtualization/Sandbox Evasion1 | LSA Secrets | Query Registry1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Process Injection1 | Cached Domain Credentials | Security Software Discovery31 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Virtualization/Sandbox Evasion1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Process Discovery11 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Owner/User Discovery1 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | Remote System Discovery1 | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
61% | ReversingLabs | Win32.Trojan.Krypter | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1103431 | Download File | ||
100% | Avira | HEUR/AGEN.1131354 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cemnit12.top | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| low | |
true |
| low |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 501609 |
Start date: | 13.10.2021 |
Start time: | 03:19:50 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | file.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@1/13@73/0 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
03:21:12 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 0.7006690334145785 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ |
MD5: | A7FE10DA330AD03BF22DC9AC76BBB3E4 |
SHA1: | 1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803 |
SHA-256: | 8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8 |
SHA-512: | 1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32 |
Entropy (8bit): | 4.9375 |
Encrypted: | false |
SSDEEP: | 3:Tydsb5i6Dn:qqi6D |
MD5: | 18962F5697042F84578AC7F855F38AC5 |
SHA1: | 3D7CC906C6F649EEBF0E0EBEC809B89B584033E1 |
SHA-256: | 7DDBE41709AE056CDAD2E15C357500D6E5BEBE27D8A708C4069D8C6863A5BE99 |
SHA-512: | 36F5BFEF91BFB07D2A45CFCA5D57126B6D2DCD05BE17AFF40E04B5F1EBB8E1D51A4584BA8F1F3326CA592D9A4D63E13A12C125674ECE0B052EED7B11C52AFF1D |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.792852251086831 |
Encrypted: | false |
SSDEEP: | 48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw |
MD5: | 81DB1710BB13DA3343FC0DF9F00BE49F |
SHA1: | 9B1F17E936D28684FFDFA962340C8872512270BB |
SHA-256: | 9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB |
SHA-512: | CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 1.1874185457069584 |
Encrypted: | false |
SSDEEP: | 96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq |
MD5: | 72A43D390E478BA9664F03951692D109 |
SHA1: | 482FE43725D7A1614F6E24429E455CD0A920DF7C |
SHA-256: | 593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C |
SHA-512: | FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20462 |
Entropy (8bit): | 3.5211663508533486 |
Encrypted: | false |
SSDEEP: | 384:Dq8UOpGQGXJ0eDcDDfZmEiv5bJtWmGu37mx1FqGbUpYR6PWhBzR6em7HQCV1Faob:DOOpR2J0eDcDDfZmEiv5bJtWmGu37mxw |
MD5: | 875AD312B785EF11D73066B85DBA49CD |
SHA1: | 1E6E26CE75CE9D66448E3C339C054ABB18DA56BE |
SHA-256: | 06008DED2AD0A3311698E1DE2D371F2C475A7EB02D120168D15C1E18B19CF106 |
SHA-512: | 6CD26F5514CBCACE3203AA569B400492FF1CCFE85AEBC1CBAD6CF21A6B6295B6F7B28111FF3F9807AEDF42532079F30F466B43F13CBFA27D136F807EC5722BA3 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78831 |
Entropy (8bit): | 7.847850529153669 |
Encrypted: | false |
SSDEEP: | 1536:IcAB4J5qfo2hlbsuveVJif3uiicy74xXSdNSnJ55d4U7JK:1Ao5qg7OfexcyBdNi3Lt7JK |
MD5: | F389B7CB3170C577214F0674A6FAD6D9 |
SHA1: | FC1ABCF8252A6DFB8493F08C495D88639960703E |
SHA-256: | 2F0FD80B1057549F47F3A27C1C2DAE1B230C4A9C5C71F81C6D24FC559DDD6242 |
SHA-512: | 9C4C740423336897488156EE014E755F446EE7CC3A5FB263027D5F1CDBA16BF211DC0B98B7A85B42709320A7D3F6A73012DDD2421553B3DFD3BEB925961E80C8 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20480 |
Entropy (8bit): | 0.7006690334145785 |
Encrypted: | false |
SSDEEP: | 24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ |
MD5: | A7FE10DA330AD03BF22DC9AC76BBB3E4 |
SHA1: | 1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803 |
SHA-256: | 8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8 |
SHA-512: | 1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32 |
Entropy (8bit): | 4.9375 |
Encrypted: | false |
SSDEEP: | 3:Tydsb5i6Dn:qqi6D |
MD5: | 18962F5697042F84578AC7F855F38AC5 |
SHA1: | 3D7CC906C6F649EEBF0E0EBEC809B89B584033E1 |
SHA-256: | 7DDBE41709AE056CDAD2E15C357500D6E5BEBE27D8A708C4069D8C6863A5BE99 |
SHA-512: | 36F5BFEF91BFB07D2A45CFCA5D57126B6D2DCD05BE17AFF40E04B5F1EBB8E1D51A4584BA8F1F3326CA592D9A4D63E13A12C125674ECE0B052EED7B11C52AFF1D |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 40960 |
Entropy (8bit): | 0.792852251086831 |
Encrypted: | false |
SSDEEP: | 48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw |
MD5: | 81DB1710BB13DA3343FC0DF9F00BE49F |
SHA1: | 9B1F17E936D28684FFDFA962340C8872512270BB |
SHA-256: | 9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB |
SHA-512: | CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 73728 |
Entropy (8bit): | 1.1874185457069584 |
Encrypted: | false |
SSDEEP: | 96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq |
MD5: | 72A43D390E478BA9664F03951692D109 |
SHA1: | 482FE43725D7A1614F6E24429E455CD0A920DF7C |
SHA-256: | 593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C |
SHA-512: | FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78831 |
Entropy (8bit): | 7.847850529153669 |
Encrypted: | false |
SSDEEP: | 1536:IcAB4J5qfo2hlbsuveVJif3uiicy74xXSdNSnJ55d4U7JK:1Ao5qg7OfexcyBdNi3Lt7JK |
MD5: | F389B7CB3170C577214F0674A6FAD6D9 |
SHA1: | FC1ABCF8252A6DFB8493F08C495D88639960703E |
SHA-256: | 2F0FD80B1057549F47F3A27C1C2DAE1B230C4A9C5C71F81C6D24FC559DDD6242 |
SHA-512: | 9C4C740423336897488156EE014E755F446EE7CC3A5FB263027D5F1CDBA16BF211DC0B98B7A85B42709320A7D3F6A73012DDD2421553B3DFD3BEB925961E80C8 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 20462 |
Entropy (8bit): | 3.5211663508533486 |
Encrypted: | false |
SSDEEP: | 384:Dq8UOpGQGXJ0eDcDDfZmEiv5bJtWmGu37mx1FqGbUpYR6PWhBzR6em7HQCV1Faob:DOOpR2J0eDcDDfZmEiv5bJtWmGu37mxw |
MD5: | 875AD312B785EF11D73066B85DBA49CD |
SHA1: | 1E6E26CE75CE9D66448E3C339C054ABB18DA56BE |
SHA-256: | 06008DED2AD0A3311698E1DE2D371F2C475A7EB02D120168D15C1E18B19CF106 |
SHA-512: | 6CD26F5514CBCACE3203AA569B400492FF1CCFE85AEBC1CBAD6CF21A6B6295B6F7B28111FF3F9807AEDF42532079F30F466B43F13CBFA27D136F807EC5722BA3 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\file.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 80867 |
Entropy (8bit): | 7.9957283100170224 |
Encrypted: | true |
SSDEEP: | 1536:ibCC8yErmu2qlHHMdw3kt6sq+RDAYZJsg32AUSh:OmyEau2qZMkz8cSh3mw |
MD5: | 470E7138C9C8FB931183D340A0D92BDE |
SHA1: | 423CB343F6CF3BF452A44C435AE9151B76C6BBA3 |
SHA-256: | E832A236BA8E8B7F74A6F0824F5623F231F9EE226AC248589CD2DE5ECDF4573D |
SHA-512: | 9180C7FEFC4BCCD7014483AB9C3558FFA85E91A117AB005E90C7EF1BDDB6D763B7E4066EAAC2A7F31DE12AF55648026C2D6222C63F40206C74103BA6DC78BA3F |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.549254081960864 |
TrID: |
|
File name: | file.exe |
File size: | 433664 |
MD5: | 6738381ddd3d2952312af2a0f2be5157 |
SHA1: | 40fa53df583e9b598bb2d7be716958b1f5bad0dc |
SHA256: | 84f4e2b346b6f5473e2c564a6f60985c5d20f621e70a982e9aafd21354ccc66f |
SHA512: | cf9e7f0ce2a58717d2a46983c75bfffb2ea102ec47d6a8a9c0bd609dd232b5a985918b4faa252bddccfd5197eab0c0fc5aa7e5aaa9c8bc1c6e87e05d98926ed9 |
SSDEEP: | 12288:fnp8alT211jBY5nqtMIfHC3XFySjwL4lJELjgChvMN:fp322RIfHqESj7N0M |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2&.tvG.'vG.'vG.'.1Q'mG.'.1d'DG.'.1e'.G.'.?\'sG.'vG.'.G.'.1`'wG.'.1U'wG.'.1R'wG.'RichvG.'................PE..L...J.._........... |
File Icon |
---|
Icon Hash: | 9066e198e6673142 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x433280 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, NX_COMPAT |
Time Stamp: | 0x5F12B24A [Sat Jul 18 08:26:50 2020 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | 596565906d53e0788494497e755c2e29 |
Entrypoint Preview |
---|
Instruction |
---|
mov edi, edi |
push ebp |
mov ebp, esp |
call 00007F9440A51D7Bh |
call 00007F9440A4B4D6h |
pop ebp |
ret |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
mov edi, edi |
push ebp |
mov ebp, esp |
push FFFFFFFEh |
push 00451380h |
push 00437600h |
mov eax, dword ptr fs:[00000000h] |
push eax |
add esp, FFFFFF98h |
push ebx |
push esi |
push edi |
mov eax, dword ptr [00453094h] |
xor dword ptr [ebp-08h], eax |
xor eax, ebp |
push eax |
lea eax, dword ptr [ebp-10h] |
mov dword ptr fs:[00000000h], eax |
mov dword ptr [ebp-18h], esp |
mov dword ptr [ebp-70h], 00000000h |
lea eax, dword ptr [ebp-60h] |
push eax |
call dword ptr [00401118h] |
cmp dword ptr [016C4D4Ch], 00000000h |
jne 00007F9440A4B4D0h |
push 00000000h |
push 00000000h |
push 00000001h |
push 00000000h |
call dword ptr [00401114h] |
call 00007F9440A4B653h |
mov dword ptr [ebp-6Ch], eax |
call 00007F9440A52CABh |
test eax, eax |
jne 00007F9440A4B4CCh |
push 0000001Ch |
call 00007F9440A4B610h |
add esp, 04h |
call 00007F9440A4FA38h |
test eax, eax |
jne 00007F9440A4B4CCh |
push 00000010h |
call 00007F9440A4B5FDh |
add esp, 04h |
push 00000001h |
call 00007F9440A4F763h |
add esp, 04h |
call 00007F9440A52C1Bh |
mov dword ptr [ebp-04h], 00000000h |
call 00007F9440A527FFh |
test eax, eax |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x51eb4 | 0x3c | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x12c6000 | 0x7308 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x12ce000 | 0x1c7c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x1230 | 0x1c | .text |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x2f190 | 0x40 | .text |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x1d8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x519b4 | 0x51a00 | False | 0.694319486983 | data | 7.34053606656 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x53000 | 0x1272d50 | 0x1c00 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x12c6000 | 0x7308 | 0x7400 | False | 0.417362607759 | data | 4.44908718493 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x12ce000 | 0xeeee | 0xf000 | False | 0.101676432292 | data | 1.28829968487 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x12c62b0 | 0xea8 | data | English | United States |
RT_ICON | 0x12c7158 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 12048293, next used block 8159857 | English | United States |
RT_ICON | 0x12c7a00 | 0x6c8 | data | English | United States |
RT_ICON | 0x12c80c8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x12c8630 | 0x25a8 | data | English | United States |
RT_ICON | 0x12cabd8 | 0x10a8 | data | English | United States |
RT_ICON | 0x12cbc80 | 0x988 | data | English | United States |
RT_ICON | 0x12cc608 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_STRING | 0x12ccc18 | 0x6ac | data | Divehi; Dhivehi; Maldivian | Maldives |
RT_STRING | 0x12cd2c8 | 0x3e | AmigaOS bitmap font | Divehi; Dhivehi; Maldivian | Maldives |
RT_GROUP_ICON | 0x12cca70 | 0x76 | data | English | United States |
RT_VERSION | 0x12ccae8 | 0x130 | data | Divehi; Dhivehi; Maldivian | Maldives |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.dll | UnregisterWait, FindFirstChangeNotificationW, InterlockedDecrement, CompareFileTime, SetFirmwareEnvironmentVariableA, GetSystemWindowsDirectoryW, AddConsoleAliasW, FlushViewOfFile, GetPrivateProfileStringW, GetSystemWow64DirectoryA, CreateActCtxW, GetSystemTimes, GetDriveTypeA, LoadLibraryW, _hread, SetSystemTimeAdjustment, GetVersionExW, VerifyVersionInfoA, GetModuleFileNameW, GetEnvironmentVariableA, lstrlenW, SetThreadPriority, GetStartupInfoA, IsDBCSLeadByteEx, GetCurrentDirectoryW, GetLongPathNameW, SetLastError, GetProcAddress, SetVolumeLabelW, CreateTimerQueueTimer, GetConsoleDisplayMode, SearchPathA, OpenMutexA, ProcessIdToSessionId, LocalAlloc, IsSystemResumeAutomatic, AddAtomW, SetCurrentDirectoryW, SetFileApisToANSI, WriteProfileSectionW, AddAtomA, HeapWalk, FindAtomA, GetModuleFileNameA, CreateIoCompletionPort, GetModuleHandleA, GetProcessShutdownParameters, QueryMemoryResourceNotification, FreeEnvironmentStringsW, VirtualProtect, CompareStringA, OutputDebugStringA, GetCPInfoExA, DeleteFileA, CloseHandle, CreateFileW, InterlockedIncrement, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, DecodePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, GetCommandLineA, HeapSetInformation, GetStartupInfoW, RaiseException, GetModuleHandleW, ExitProcess, GetLastError, WriteFile, GetStdHandle, IsProcessorFeaturePresent, InitializeCriticalSectionAndSpinCount, HeapValidate, IsBadReadPtr, TlsAlloc, TlsGetValue, TlsSetValue, GetCurrentThreadId, TlsFree, WriteConsoleW, GetFileType, OutputDebugStringW, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapCreate, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, RtlUnwind, HeapAlloc, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, MultiByteToWideChar, LCMapStringW, GetStringTypeW, SetFilePointer, GetConsoleCP, GetConsoleMode, SetStdHandle, FlushFileBuffers |
USER32.dll | GetMessageTime |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0150 0x0468 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Divehi; Dhivehi; Maldivian | Maldives |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
10/13/21-03:21:02.389161 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:07.457891 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:12.695170 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:14.200415 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:14.984804 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:19.954612 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:21.183279 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:22.913073 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:28.288693 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:30.426520 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:31.997254 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:37.881751 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:39.010380 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:43.851296 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:45.854525 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:50.210955 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:52.137066 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:21:56.197744 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:00.995929 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:05.278378 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:10.380976 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:11.515795 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:13.811274 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:19.217307 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:24.750132 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:30.705504 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:32.411972 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:34.170781 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:39.874576 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:41.081108 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:42.795458 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:45.078603 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:46.003920 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:49.749987 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 | ||
10/13/21-03:22:54.398039 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.4 | 8.8.8.8 |
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 03:21:00.244450092 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:01.308037996 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:01.583400011 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:02.389056921 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:04.875261068 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:05.885540009 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:05.974519968 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:07.457341909 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:10.324683905 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:11.339392900 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:11.700870991 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:11.837393045 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:12.694979906 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:12.839085102 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:13.886396885 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:13.898669958 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:14.200314045 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:14.984724045 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:17.879841089 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:18.886455059 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:18.955882072 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:19.066164017 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:19.952100992 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:20.106025934 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:20.366436005 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:20.515779972 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:21.183137894 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:21.544275999 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:21.881818056 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:22.912961960 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:25.910090923 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:26.934092045 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:27.011250019 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:27.128180981 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:28.137290955 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:28.199316978 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:28.288079023 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:28.338900089 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:29.217339993 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:29.341252089 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:29.749722958 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:29.861408949 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:30.426400900 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:30.903583050 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:30.939423084 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:31.997054100 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:35.692908049 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:36.700745106 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:36.781883001 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:36.926614046 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:37.881616116 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:37.936988115 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:37.987848997 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:39.009149075 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:41.521255970 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:42.544794083 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:42.901144028 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:43.019057989 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:43.851013899 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:44.060889006 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:44.115537882 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:45.854366064 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:48.075043917 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:49.092323065 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:49.850893974 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:49.974162102 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:50.210850954 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:51.030142069 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:51.072808981 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:52.136120081 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:54.113473892 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:55.124711037 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:55.217227936 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:56.197609901 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:21:58.650206089 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:59.686672926 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:21:59.739356995 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:00.993825912 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:03.208611965 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:04.203003883 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:04.321183920 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:05.278219938 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:08.183978081 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:09.187773943 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:09.427354097 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:09.558547974 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:10.380769014 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:10.594079018 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:10.836510897 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:10.961965084 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:11.515616894 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:12.000963926 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:12.187814951 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:13.810981989 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:16.967132092 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:17.969856024 CEST | 57525 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:18.229638100 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:19.216985941 CEST | 53 | 57525 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:21.821299076 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:22.959636927 CEST | 53814 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:23.716187954 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:24.749830961 CEST | 53 | 53814 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:28.369976044 CEST | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:29.392435074 CEST | 62833 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:29.688690901 CEST | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:29.810125113 CEST | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:30.705342054 CEST | 53 | 62833 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:30.845782995 CEST | 49944 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:31.735200882 CEST | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:31.870522022 CEST | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:32.411879063 CEST | 53 | 49944 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:32.892729998 CEST | 63300 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:33.751461983 CEST | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:34.170511007 CEST | 53 | 63300 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:37.560188055 CEST | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:38.597229958 CEST | 61449 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:38.754662037 CEST | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:38.867126942 CEST | 51275 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:39.874382973 CEST | 53 | 61449 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:39.893666029 CEST | 51275 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:40.148868084 CEST | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:40.276031017 CEST | 63492 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:41.080971956 CEST | 53 | 51275 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:41.299756050 CEST | 63492 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:41.582231998 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:41.752464056 CEST | 58945 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:42.795219898 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:42.799962044 CEST | 58945 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:43.025391102 CEST | 53 | 58945 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:43.141012907 CEST | 60779 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:44.143676043 CEST | 60779 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:44.356070042 CEST | 53 | 60779 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:44.497792959 CEST | 64014 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:45.078459024 CEST | 53 | 58945 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:45.534514904 CEST | 64014 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:46.001868010 CEST | 53 | 60779 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:46.397176027 CEST | 53 | 64014 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:46.510869980 CEST | 57091 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:46.729011059 CEST | 53 | 64014 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:47.550338984 CEST | 57091 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:48.407321930 CEST | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:49.749732018 CEST | 53 | 57091 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:52.227858067 CEST | 55904 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:53.238090038 CEST | 55904 | 53 | 192.168.2.4 | 8.8.8.8 |
Oct 13, 2021 03:22:53.322173119 CEST | 53 | 55904 | 8.8.8.8 | 192.168.2.4 |
Oct 13, 2021 03:22:54.397630930 CEST | 53 | 55904 | 8.8.8.8 | 192.168.2.4 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Oct 13, 2021 03:21:02.389161110 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:07.457890987 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:12.695169926 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:14.200414896 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:14.984803915 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:19.954612017 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:21.183279037 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:22.913073063 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:28.288692951 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:30.426520109 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:31.997253895 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:37.881751060 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:39.010380030 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:43.851295948 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:45.854525089 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:50.210954905 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:52.137065887 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:21:56.197743893 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:00.995929003 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:05.278378010 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:10.380975962 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:11.515794992 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:13.811274052 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:19.217307091 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:24.750132084 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:30.705503941 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:32.411972046 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:34.170780897 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:39.874576092 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:41.081108093 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:42.795458078 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:45.078603029 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:46.003920078 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:49.749986887 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
Oct 13, 2021 03:22:54.398039103 CEST | 192.168.2.4 | 8.8.8.8 | cff0 | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 13, 2021 03:21:00.244450092 CEST | 192.168.2.4 | 8.8.8.8 | 0x6bcc | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:01.308037996 CEST | 192.168.2.4 | 8.8.8.8 | 0x6bcc | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:04.875261068 CEST | 192.168.2.4 | 8.8.8.8 | 0xc440 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:05.885540009 CEST | 192.168.2.4 | 8.8.8.8 | 0xc440 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:10.324683905 CEST | 192.168.2.4 | 8.8.8.8 | 0x9530 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:11.339392900 CEST | 192.168.2.4 | 8.8.8.8 | 0x9530 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:11.837393045 CEST | 192.168.2.4 | 8.8.8.8 | 0x95ae | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:12.839085102 CEST | 192.168.2.4 | 8.8.8.8 | 0x95ae | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:13.886396885 CEST | 192.168.2.4 | 8.8.8.8 | 0x95ae | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:17.879841089 CEST | 192.168.2.4 | 8.8.8.8 | 0x19ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:18.886455059 CEST | 192.168.2.4 | 8.8.8.8 | 0x19ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:19.066164017 CEST | 192.168.2.4 | 8.8.8.8 | 0xff97 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:20.106025934 CEST | 192.168.2.4 | 8.8.8.8 | 0xff97 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:20.515779972 CEST | 192.168.2.4 | 8.8.8.8 | 0x8cfa | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:21.544275999 CEST | 192.168.2.4 | 8.8.8.8 | 0x8cfa | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:25.910090923 CEST | 192.168.2.4 | 8.8.8.8 | 0xd6fd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:26.934092045 CEST | 192.168.2.4 | 8.8.8.8 | 0xd6fd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:27.128180981 CEST | 192.168.2.4 | 8.8.8.8 | 0x7b58 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:28.137290955 CEST | 192.168.2.4 | 8.8.8.8 | 0x7b58 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:28.338900089 CEST | 192.168.2.4 | 8.8.8.8 | 0x8496 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:29.341252089 CEST | 192.168.2.4 | 8.8.8.8 | 0x8496 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:29.861408949 CEST | 192.168.2.4 | 8.8.8.8 | 0x8d29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:30.903583050 CEST | 192.168.2.4 | 8.8.8.8 | 0x8d29 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:35.692908049 CEST | 192.168.2.4 | 8.8.8.8 | 0x9396 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:36.700745106 CEST | 192.168.2.4 | 8.8.8.8 | 0x9396 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:36.926614046 CEST | 192.168.2.4 | 8.8.8.8 | 0x1f01 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:37.936988115 CEST | 192.168.2.4 | 8.8.8.8 | 0x1f01 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:41.521255970 CEST | 192.168.2.4 | 8.8.8.8 | 0x12db | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:42.544794083 CEST | 192.168.2.4 | 8.8.8.8 | 0x12db | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:43.019057989 CEST | 192.168.2.4 | 8.8.8.8 | 0xf7e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:44.060889006 CEST | 192.168.2.4 | 8.8.8.8 | 0xf7e5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:48.075043917 CEST | 192.168.2.4 | 8.8.8.8 | 0x9313 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:49.092323065 CEST | 192.168.2.4 | 8.8.8.8 | 0x9313 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:49.974162102 CEST | 192.168.2.4 | 8.8.8.8 | 0x82b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:51.030142069 CEST | 192.168.2.4 | 8.8.8.8 | 0x82b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:54.113473892 CEST | 192.168.2.4 | 8.8.8.8 | 0xd677 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:55.124711037 CEST | 192.168.2.4 | 8.8.8.8 | 0xd677 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:58.650206089 CEST | 192.168.2.4 | 8.8.8.8 | 0xa529 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:59.686672926 CEST | 192.168.2.4 | 8.8.8.8 | 0xa529 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:03.208611965 CEST | 192.168.2.4 | 8.8.8.8 | 0xd2c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:04.203003883 CEST | 192.168.2.4 | 8.8.8.8 | 0xd2c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:08.183978081 CEST | 192.168.2.4 | 8.8.8.8 | 0xc7bb | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:09.187773943 CEST | 192.168.2.4 | 8.8.8.8 | 0xc7bb | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:09.558547974 CEST | 192.168.2.4 | 8.8.8.8 | 0x8042 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:10.594079018 CEST | 192.168.2.4 | 8.8.8.8 | 0x8042 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:10.961965084 CEST | 192.168.2.4 | 8.8.8.8 | 0x1bdd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:12.000963926 CEST | 192.168.2.4 | 8.8.8.8 | 0x1bdd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:16.967132092 CEST | 192.168.2.4 | 8.8.8.8 | 0x2d34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:17.969856024 CEST | 192.168.2.4 | 8.8.8.8 | 0x2d34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:21.821299076 CEST | 192.168.2.4 | 8.8.8.8 | 0xb865 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:22.959636927 CEST | 192.168.2.4 | 8.8.8.8 | 0xb865 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:28.369976044 CEST | 192.168.2.4 | 8.8.8.8 | 0xad6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:29.392435074 CEST | 192.168.2.4 | 8.8.8.8 | 0xad6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:29.810125113 CEST | 192.168.2.4 | 8.8.8.8 | 0x3214 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:30.845782995 CEST | 192.168.2.4 | 8.8.8.8 | 0x3214 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:31.870522022 CEST | 192.168.2.4 | 8.8.8.8 | 0xa7de | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:32.892729998 CEST | 192.168.2.4 | 8.8.8.8 | 0xa7de | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:37.560188055 CEST | 192.168.2.4 | 8.8.8.8 | 0xf2cd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:38.597229958 CEST | 192.168.2.4 | 8.8.8.8 | 0xf2cd | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:38.867126942 CEST | 192.168.2.4 | 8.8.8.8 | 0x2315 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:39.893666029 CEST | 192.168.2.4 | 8.8.8.8 | 0x2315 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:40.276031017 CEST | 192.168.2.4 | 8.8.8.8 | 0xeea3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:41.299756050 CEST | 192.168.2.4 | 8.8.8.8 | 0xeea3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:41.752464056 CEST | 192.168.2.4 | 8.8.8.8 | 0xc7e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:42.799962044 CEST | 192.168.2.4 | 8.8.8.8 | 0xc7e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:43.141012907 CEST | 192.168.2.4 | 8.8.8.8 | 0xa034 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:44.143676043 CEST | 192.168.2.4 | 8.8.8.8 | 0xa034 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:44.497792959 CEST | 192.168.2.4 | 8.8.8.8 | 0x1da0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:45.534514904 CEST | 192.168.2.4 | 8.8.8.8 | 0x1da0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:46.510869980 CEST | 192.168.2.4 | 8.8.8.8 | 0x524e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:47.550338984 CEST | 192.168.2.4 | 8.8.8.8 | 0x524e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:52.227858067 CEST | 192.168.2.4 | 8.8.8.8 | 0xae31 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:53.238090038 CEST | 192.168.2.4 | 8.8.8.8 | 0xae31 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 13, 2021 03:21:01.583400011 CEST | 8.8.8.8 | 192.168.2.4 | 0x6bcc | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:02.389056921 CEST | 8.8.8.8 | 192.168.2.4 | 0x6bcc | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:05.974519968 CEST | 8.8.8.8 | 192.168.2.4 | 0xc440 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:07.457341909 CEST | 8.8.8.8 | 192.168.2.4 | 0xc440 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:11.700870991 CEST | 8.8.8.8 | 192.168.2.4 | 0x9530 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:12.694979906 CEST | 8.8.8.8 | 192.168.2.4 | 0x9530 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:13.898669958 CEST | 8.8.8.8 | 192.168.2.4 | 0x95ae | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:14.200314045 CEST | 8.8.8.8 | 192.168.2.4 | 0x95ae | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:14.984724045 CEST | 8.8.8.8 | 192.168.2.4 | 0x95ae | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:18.955882072 CEST | 8.8.8.8 | 192.168.2.4 | 0x19ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:19.952100992 CEST | 8.8.8.8 | 192.168.2.4 | 0x19ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:20.366436005 CEST | 8.8.8.8 | 192.168.2.4 | 0xff97 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:21.183137894 CEST | 8.8.8.8 | 192.168.2.4 | 0xff97 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:21.881818056 CEST | 8.8.8.8 | 192.168.2.4 | 0x8cfa | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:22.912961960 CEST | 8.8.8.8 | 192.168.2.4 | 0x8cfa | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:27.011250019 CEST | 8.8.8.8 | 192.168.2.4 | 0xd6fd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:28.199316978 CEST | 8.8.8.8 | 192.168.2.4 | 0x7b58 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:28.288079023 CEST | 8.8.8.8 | 192.168.2.4 | 0xd6fd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:29.217339993 CEST | 8.8.8.8 | 192.168.2.4 | 0x7b58 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:29.749722958 CEST | 8.8.8.8 | 192.168.2.4 | 0x8496 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:30.426400900 CEST | 8.8.8.8 | 192.168.2.4 | 0x8496 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:30.939423084 CEST | 8.8.8.8 | 192.168.2.4 | 0x8d29 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:31.997054100 CEST | 8.8.8.8 | 192.168.2.4 | 0x8d29 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:36.781883001 CEST | 8.8.8.8 | 192.168.2.4 | 0x9396 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:37.881616116 CEST | 8.8.8.8 | 192.168.2.4 | 0x9396 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:37.987848997 CEST | 8.8.8.8 | 192.168.2.4 | 0x1f01 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:39.009149075 CEST | 8.8.8.8 | 192.168.2.4 | 0x1f01 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:42.901144028 CEST | 8.8.8.8 | 192.168.2.4 | 0x12db | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:43.851013899 CEST | 8.8.8.8 | 192.168.2.4 | 0x12db | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:44.115537882 CEST | 8.8.8.8 | 192.168.2.4 | 0xf7e5 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:45.854366064 CEST | 8.8.8.8 | 192.168.2.4 | 0xf7e5 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:49.850893974 CEST | 8.8.8.8 | 192.168.2.4 | 0x9313 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:50.210850954 CEST | 8.8.8.8 | 192.168.2.4 | 0x9313 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:51.072808981 CEST | 8.8.8.8 | 192.168.2.4 | 0x82b8 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:52.136120081 CEST | 8.8.8.8 | 192.168.2.4 | 0x82b8 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:55.217227936 CEST | 8.8.8.8 | 192.168.2.4 | 0xd677 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:56.197609901 CEST | 8.8.8.8 | 192.168.2.4 | 0xd677 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:21:59.739356995 CEST | 8.8.8.8 | 192.168.2.4 | 0xa529 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:00.993825912 CEST | 8.8.8.8 | 192.168.2.4 | 0xa529 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:04.321183920 CEST | 8.8.8.8 | 192.168.2.4 | 0xd2c1 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:05.278219938 CEST | 8.8.8.8 | 192.168.2.4 | 0xd2c1 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:09.427354097 CEST | 8.8.8.8 | 192.168.2.4 | 0xc7bb | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:10.380769014 CEST | 8.8.8.8 | 192.168.2.4 | 0xc7bb | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:10.836510897 CEST | 8.8.8.8 | 192.168.2.4 | 0x8042 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:11.515616894 CEST | 8.8.8.8 | 192.168.2.4 | 0x8042 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:12.187814951 CEST | 8.8.8.8 | 192.168.2.4 | 0x1bdd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:13.810981989 CEST | 8.8.8.8 | 192.168.2.4 | 0x1bdd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:18.229638100 CEST | 8.8.8.8 | 192.168.2.4 | 0x2d34 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:19.216985941 CEST | 8.8.8.8 | 192.168.2.4 | 0x2d34 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:23.716187954 CEST | 8.8.8.8 | 192.168.2.4 | 0xb865 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:24.749830961 CEST | 8.8.8.8 | 192.168.2.4 | 0xb865 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:29.688690901 CEST | 8.8.8.8 | 192.168.2.4 | 0xad6 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:30.705342054 CEST | 8.8.8.8 | 192.168.2.4 | 0xad6 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:31.735200882 CEST | 8.8.8.8 | 192.168.2.4 | 0x3214 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:32.411879063 CEST | 8.8.8.8 | 192.168.2.4 | 0x3214 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:33.751461983 CEST | 8.8.8.8 | 192.168.2.4 | 0xa7de | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:34.170511007 CEST | 8.8.8.8 | 192.168.2.4 | 0xa7de | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:38.754662037 CEST | 8.8.8.8 | 192.168.2.4 | 0xf2cd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:39.874382973 CEST | 8.8.8.8 | 192.168.2.4 | 0xf2cd | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:40.148868084 CEST | 8.8.8.8 | 192.168.2.4 | 0x2315 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:41.080971956 CEST | 8.8.8.8 | 192.168.2.4 | 0x2315 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:41.582231998 CEST | 8.8.8.8 | 192.168.2.4 | 0xeea3 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:42.795219898 CEST | 8.8.8.8 | 192.168.2.4 | 0xeea3 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:43.025391102 CEST | 8.8.8.8 | 192.168.2.4 | 0xc7e8 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:44.356070042 CEST | 8.8.8.8 | 192.168.2.4 | 0xa034 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:45.078459024 CEST | 8.8.8.8 | 192.168.2.4 | 0xc7e8 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:46.001868010 CEST | 8.8.8.8 | 192.168.2.4 | 0xa034 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:46.397176027 CEST | 8.8.8.8 | 192.168.2.4 | 0x1da0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:46.729011059 CEST | 8.8.8.8 | 192.168.2.4 | 0x1da0 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:48.407321930 CEST | 8.8.8.8 | 192.168.2.4 | 0x524e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:49.749732018 CEST | 8.8.8.8 | 192.168.2.4 | 0x524e | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:53.322173119 CEST | 8.8.8.8 | 192.168.2.4 | 0xae31 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Oct 13, 2021 03:22:54.397630930 CEST | 8.8.8.8 | 192.168.2.4 | 0xae31 | Server failure (2) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 03:20:47 |
Start date: | 13/10/2021 |
Path: | C:\Users\user\Desktop\file.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 433664 bytes |
MD5 hash: | 6738381DDD3D2952312AF2A0F2BE5157 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 11.3% |
Dynamic/Decrypted Code Coverage: | 12.1% |
Signature Coverage: | 20.5% |
Total number of Nodes: | 2000 |
Total number of Limit Nodes: | 80 |
Graph
Executed Functions |
---|
Function 0040DB70, Relevance: 172.9, APIs: 47, Strings: 51, Instructions: 1401registrysleepfileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415BF0, Relevance: 128.2, APIs: 34, Strings: 39, Instructions: 412COMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414000, Relevance: 35.8, APIs: 10, Strings: 10, Instructions: 799COMMON
Control-flow Graph |
---|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401220, Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 280fileencryptionCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040A6E3, Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 269registryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AA30, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 158registryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429D74, Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 376timeCOMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413A40, Relevance: 9.1, APIs: 6, Instructions: 127timeCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402680, Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 439fileCOMMON
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004138F0, Relevance: 1.6, APIs: 1, Instructions: 122fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B72F, Relevance: 1.5, Strings: 1, Instructions: 239COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004038DC, Relevance: 161.6, APIs: 25, Strings: 66, Instructions: 2302COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00401540, Relevance: 70.6, APIs: 13, Strings: 27, Instructions: 637fileCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AD8F, Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 339windowmemoryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00402E20, Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 229registryCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040AA92, Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 207registrysleepCOMMON
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042FAC3, Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Control-flow Graph |
---|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041F137, Relevance: 9.3, APIs: 6, Instructions: 284COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00429F52, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 171timeCOMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00428655, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00427610, Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414D60, Relevance: 4.6, APIs: 3, Instructions: 82COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B8BD, Relevance: 4.5, APIs: 3, Instructions: 37COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414B60, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 120fileCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004493F0, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 51memoryCOMMON
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00403100, Relevance: 3.1, APIs: 2, Instructions: 100sleepCOMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004025F0, Relevance: 3.0, APIs: 2, Instructions: 22COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D491, Relevance: 1.6, APIs: 1, Instructions: 147COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413BF0, Relevance: 1.6, APIs: 1, Instructions: 69fileCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004281E2, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00419C34, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D81AE, Relevance: 1.5, APIs: 1, Instructions: 41COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425373, Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 019D7E6D, Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004493D0, Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041D1DD, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411A10, Relevance: 5.3, Strings: 4, Instructions: 330COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00410E50, Relevance: 4.0, Strings: 3, Instructions: 200COMMON
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004223F0, Relevance: 3.4, APIs: 2, Instructions: 450COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416891, Relevance: 1.6, APIs: 1, Instructions: 139COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042ABC1, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416BF7, Relevance: 1.5, APIs: 1, Instructions: 3COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B994, Relevance: 1.5, Strings: 1, Instructions: 239COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041B4FD, Relevance: 1.5, Strings: 1, Instructions: 216COMMON
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042C070, Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00420429, Relevance: .2, Instructions: 159COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043042F, Relevance: .1, Instructions: 104COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0043030F, Relevance: .1, Instructions: 81COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00433800, Relevance: .1, Instructions: 76COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413580, Relevance: .1, Instructions: 73COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A824, Relevance: .0, Instructions: 22COMMONLIBRARYCODE
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042B90D, Relevance: 25.9, APIs: 17, Instructions: 411COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042CDBB, Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 113COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0040EDC0, Relevance: 19.3, APIs: 8, Strings: 3, Instructions: 71filesleepnetworkCOMMON
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418017, Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 308COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425BE1, Relevance: 15.1, APIs: 10, Instructions: 69COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00431F53, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004293FF, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77COMMONLIBRARYCODE
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426DA5, Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041EA6C, Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 375COMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00425E50, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMONLIBRARYCODE
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00418D87, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004230F3, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00430A40, Relevance: 7.7, APIs: 5, Instructions: 199COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00426007, Relevance: 6.3, APIs: 4, Instructions: 320COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042A23C, Relevance: 6.1, APIs: 4, Instructions: 132COMMON
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004314EA, Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0044DD0C, Relevance: 6.1, APIs: 4, Instructions: 72COMMON
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00423D62, Relevance: 6.0, APIs: 4, Instructions: 19COMMON
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004183CD, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0042D6A7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMONLIBRARYCODE
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |