Windows Analysis Report fiHY95Y1CZ.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Ursnif |
---|
{"RSA Public Key": "B+xl4hUTn5rXiL0afazu2ddSc/ECZk5wqODKe0fS2KdIXHYzLOi+LPPP1HVzyCQFE2ZPog7imXfWyeJPGgVZO8mmh7g0OCbF0hBgHX6wj0qY1fBDcQxYjLnhuuJTPFt0voqEKHGGIgbiz86prZpdJls6h0dECkyqCOUP77xD4bHwJFYwmMp7govarzlBsbdorQ4qNFnd4O2rK1GEuQisAwdMkb4j9MqHf7vkHewrh1BGBeNcr85NjoxXAnfZDuX+M7b1dWoszYHJF1rgWzk4yz7fc+7Q4leAIr2PkWbTRuRpOe4P6Ok01hKGTLORQhRgWw6Mv2aRFMimHgiQWhhaHetICEhMcBl5C0yxhZCOhu4=", "c2_domain": ["microsoft.com/windowsdisabler", "windows.update3.com", "berukoneru.website", "gerukoneru.website", "fortunarah.com"], "botnet": "8899", "server": "12", "serpent_key": "56473871MNTYAIDA", "sleep_time": "10", "CONF_TIMEOUT": "10", "SetWaitableTimer_value": "0", "DGA_count": "10"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 19 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Suspicious Call by Ordinal | Show sources |
Source: | Author: Florian Roth: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Networking: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Domain query: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
PE file has a writeable .text section | Show sources |
Source: | Static PE information: |
Writes or reads registry keys via WMI | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Writes registry values via WMI | Show sources |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Classification label: |
Source: | Code function: |
Source: | Process created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: | ||
Source: | Thread sleep count: | ||
Source: | Thread sleep time: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
HIPS / PFW / Operating System Protection Evasion: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Domain query: | ||
Source: | Domain query: | ||
Source: | Network Connect: | ||
Source: | Network Connect: | ||
Source: | Domain query: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Source: | Code function: |
Stealing of Sensitive Information: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Ursnif | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation2 | DLL Side-Loading1 | Process Injection112 | Virtualization/Sandbox Evasion1 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Process Injection112 | LSASS Memory | Security Software Discovery1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information1 | Security Account Manager | Virtualization/Sandbox Evasion1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Regsvr321 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Rundll321 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing1 | Cached Domain Credentials | Account Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | System Owner/User Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | Remote System Discovery1 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery13 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | Virustotal | Browse | ||
38% | ReversingLabs | Win32.Infostealer.Gozi | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen8 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
10% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
9% | Virustotal | Browse | ||
10% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | 18.219.227.107 | true | false | high | |
berukoneru.website | unknown | unknown | true |
| unknown |
windows.update3.com | unknown | unknown | true |
| unknown |
gerukoneru.website | unknown | unknown | true |
| unknown |
fortunarah.com | unknown | unknown | true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown | ||
true |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
3.20.161.64 | unknown | United States | 16509 | AMAZON-02US | true | |
18.219.227.107 | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | United States | 16509 | AMAZON-02US | false | |
3.12.124.139 | unknown | United States | 16509 | AMAZON-02US | true |
Private |
---|
IP |
---|
192.168.2.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 540821 |
Start date: | 16.12.2021 |
Start time: | 09:45:31 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 45s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | fiHY95Y1CZ.exe (renamed file extension from exe to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 28 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@9/0@91/4 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:47:02 | API Interceptor | |
09:47:03 | API Interceptor | |
09:47:03 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.256885449705882 |
TrID: |
|
File name: | fiHY95Y1CZ.dll |
File size: | 1776800 |
MD5: | 3b7d8109b37e996e06ae68144f37a73c |
SHA1: | 9ee1957c39834e9ea87cd72d7f09e9f08e1712d3 |
SHA256: | 53f09461a48f10c95f426cd179106cbe94fba81c498fb7414d6a849470ee777e |
SHA512: | 549f93153ae0659dfc4876cb5e7dd3b65316fe5293912bcde2828f014039e7528b854db608653296f277be6bcd1b7a725f846fdf9698390baea2b2636a7d19cc |
SSDEEP: | 49152:4W58UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8MT8UQw8MO:4O8UQw8MT8UQw8MT8UQw8MT8UQw8MT8L |
File Content Preview: | MZ......................................................................!..L.!This .ro.ra. cannot be run in DOS m.de....$.......PE..L......a...........!................................................................f6..................................P.. |
File Icon |
---|
Icon Hash: | 82b0f4c6d2c66cb1 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x1001c09b |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | |
Time Stamp: | 0x61B6D28E [Mon Dec 13 04:56:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 05e4e1045777d757fa17eaf53eecd299 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US |
Signature Validation Error: | The digital signature of the object did not verify |
Error Number: | -2146869232 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8E8056A2284F0304445ED325353454BF |
Thumbprint SHA-1: | E16BB6EE4ED3935C46C356D147E811286BA4BBFE |
Thumbprint SHA-256: | 968F9536C18A4475095B37792855AA62306275DEC05BD72F21653C98026CFC4E |
Serial: | 038EDB2FC6E405731A760F1516144C85 |
Entrypoint Preview |
---|
Instruction |
---|
mov ebx, edi |
or ebx, edi |
push 10020DE5h |
ret |
int3 |
int3 |
push 100023C8h |
int3 |
int3 |
int3 |
mov dword ptr [ebp-04h], esi |
push 00000000h |
jmp 00007F0D7CCA73DDh |
int3 |
int3 |
xor eax, ebp |
pop edi |
xor esi, esi |
int3 |
pop eax |
int3 |
int3 |
push esi |
push dword ptr [ebp+10h] |
int3 |
mov dword ptr [ebp-04h], eax |
int3 |
int3 |
int3 |
xor esi, esi |
int3 |
int3 |
sub al, 38h |
push 1001FCE8h |
ret |
int3 |
call 00007F0D7CCA1E2Fh |
push 00000030h |
int3 |
int3 |
int3 |
and dword ptr [ebp-08h], 00000000h |
xor eax, eax |
call 00007F0D7CCA1C80h |
xor esi, esi |
int3 |
mov ebp, esp |
call dword ptr [1002ADACh] |
push 100217ECh |
ret |
int3 |
call 00007F0D7CCA1C80h |
pop ecx |
ret |
mov dword ptr fs:[00000000h], ecx |
push dword ptr [ebp+10h] |
int3 |
int3 |
push esi |
pop ebx |
mov esp, ebp |
pop eax |
mov esp, ebp |
push ebx |
push 1001C9D8h |
ret |
jc 00007F0D7CCA1C76h |
jc 00007F0D7CCA1C76h |
mov dword ptr [ebp-04h], 00000007h |
pop ecx |
int3 |
int3 |
int3 |
int3 |
push eax |
int3 |
push 00000000h |
jmp 00007F0D7CCA8137h |
mov eax, dword ptr [ecx] |
lea ebp, dword ptr [esp+10h] |
jmp 00007F0D7CCA1C75h |
mov dword ptr [ebp-18h], esp |
int3 |
jmp dword ptr [10004074h] |
int3 |
int3 |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x1acfd | 0x50 | .text |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x470b8 | 0xb4 | .data |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x4e000 | 0x16f8e8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b0400 | 0x18a0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1be000 | 0x670 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x2ad08 | 0x27c | .data |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x28613 | 0x22000 | False | 0.518655215993 | data | 5.42328856771 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x2a000 | 0x237af | 0x1d200 | False | 0.0684012875536 | data | 6.13260963822 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x4e000 | 0x16f8e8 | 0x16fa00 | False | 0.2185235411 | data | 4.81723301086 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1be000 | 0x670 | 0x800 | False | 0.69384765625 | data | 5.74685750781 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x51f70 | 0x668 | data | English | United States |
RT_ICON | 0x525d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x528c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x52aa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x52bd0 | 0xea8 | data | English | United States |
RT_ICON | 0x53a78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x54320 | 0x6c8 | data | English | United States |
RT_ICON | 0x549e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x54f50 | 0x25a8 | data | English | United States |
RT_ICON | 0x574f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x585a0 | 0x988 | data | English | United States |
RT_ICON | 0x58f28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x59390 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x6b7b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x703e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x74608 | 0x25a8 | data | English | United States |
RT_ICON | 0x76bb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x77c58 | 0xeb0 | data | English | United States |
RT_ICON | 0x78b08 | 0x988 | data | English | United States |
RT_ICON | 0x79490 | 0x6b8 | data | English | United States |
RT_ICON | 0x79b48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x79fb0 | 0x668 | data | English | United States |
RT_ICON | 0x7a618 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x7a900 | 0x1e8 | data | English | United States |
RT_ICON | 0x7aae8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7ac10 | 0xea8 | data | English | United States |
RT_ICON | 0x7bab8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x7c360 | 0x6c8 | data | English | United States |
RT_ICON | 0x7ca28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x7cf90 | 0x25a8 | data | English | United States |
RT_ICON | 0x7f538 | 0x10a8 | data | English | United States |
RT_ICON | 0x805e0 | 0x988 | data | English | United States |
RT_ICON | 0x80f68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x813d0 | 0x668 | data | English | United States |
RT_ICON | 0x81a38 | 0x2e8 | data | English | United States |
RT_ICON | 0x81d20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x81e48 | 0xea8 | data | English | United States |
RT_ICON | 0x82cf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x83598 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x83b00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x88030 | 0x25a8 | data | English | United States |
RT_ICON | 0x8a5d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x8b680 | 0x988 | data | English | United States |
RT_ICON | 0x8c008 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8c470 | 0x668 | data | English | United States |
RT_ICON | 0x8cad8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x8cdc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x8cfa8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8d0d0 | 0xea8 | data | English | United States |
RT_ICON | 0x8df78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x8e820 | 0x6c8 | data | English | United States |
RT_ICON | 0x8eee8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8f450 | 0x25a8 | data | English | United States |
RT_ICON | 0x919f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x92aa0 | 0x988 | data | English | United States |
RT_ICON | 0x93428 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x93890 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0xa5cb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xaa8e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xaeb08 | 0x25a8 | data | English | United States |
RT_ICON | 0xb10b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xb2158 | 0xeb0 | data | English | United States |
RT_ICON | 0xb3008 | 0x988 | data | English | United States |
RT_ICON | 0xb3990 | 0x6b8 | data | English | United States |
RT_ICON | 0xb4048 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb44b0 | 0x668 | data | English | United States |
RT_ICON | 0xb4b18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xb4e00 | 0x1e8 | data | English | United States |
RT_ICON | 0xb4fe8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb5110 | 0xea8 | data | English | United States |
RT_ICON | 0xb5fb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xb6860 | 0x6c8 | data | English | United States |
RT_ICON | 0xb6f28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xb7490 | 0x25a8 | data | English | United States |
RT_ICON | 0xb9a38 | 0x10a8 | data | English | United States |
RT_ICON | 0xbaae0 | 0x988 | data | English | United States |
RT_ICON | 0xbb468 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbb8d0 | 0x668 | data | English | United States |
RT_ICON | 0xbbf38 | 0x2e8 | data | English | United States |
RT_ICON | 0xbc220 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbc348 | 0xea8 | data | English | United States |
RT_ICON | 0xbd1f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xbda98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xbe000 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xc2530 | 0x25a8 | data | English | United States |
RT_ICON | 0xc4ad8 | 0x10a8 | data | English | United States |
RT_ICON | 0xc5b80 | 0x988 | data | English | United States |
RT_ICON | 0xc6508 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc6970 | 0x668 | data | English | United States |
RT_ICON | 0xc6fd8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xc72c0 | 0x1e8 | data | English | United States |
RT_ICON | 0xc74a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc75d0 | 0xea8 | data | English | United States |
RT_ICON | 0xc8478 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xc8d20 | 0x6c8 | data | English | United States |
RT_ICON | 0xc93e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xc9950 | 0x25a8 | data | English | United States |
RT_ICON | 0xcbef8 | 0x10a8 | data | English | United States |
RT_ICON | 0xccfa0 | 0x988 | data | English | United States |
RT_ICON | 0xcd928 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xcdd90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0xe01b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0xe4de0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0xe9008 | 0x25a8 | data | English | United States |
RT_ICON | 0xeb5b0 | 0x10a8 | data | English | United States |
RT_ICON | 0xec658 | 0xeb0 | data | English | United States |
RT_ICON | 0xed508 | 0x988 | data | English | United States |
RT_ICON | 0xede90 | 0x6b8 | data | English | United States |
RT_ICON | 0xee548 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xee9b0 | 0x668 | data | English | United States |
RT_ICON | 0xef018 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0xef300 | 0x1e8 | data | English | United States |
RT_ICON | 0xef4e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xef610 | 0xea8 | data | English | United States |
RT_ICON | 0xf04b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0xf0d60 | 0x6c8 | data | English | United States |
RT_ICON | 0xf1428 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf1990 | 0x25a8 | data | English | United States |
RT_ICON | 0xf3f38 | 0x10a8 | data | English | United States |
RT_ICON | 0xf4fe0 | 0x988 | data | English | United States |
RT_ICON | 0xf5968 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf5dd0 | 0x668 | data | English | United States |
RT_ICON | 0xf6438 | 0x2e8 | data | English | United States |
RT_ICON | 0xf6720 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf6848 | 0xea8 | data | English | United States |
RT_ICON | 0xf76f0 | 0x8a8 | data | English | United States |
RT_ICON | 0xf7f98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0xf8500 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0xfca30 | 0x25a8 | data | English | United States |
RT_ICON | 0xfefd8 | 0x10a8 | data | English | United States |
RT_ICON | 0x100080 | 0x988 | data | English | United States |
RT_ICON | 0x100a08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x100e70 | 0x668 | data | English | United States |
RT_ICON | 0x1014d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x1017c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x1019a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x101ad0 | 0xea8 | data | English | United States |
RT_ICON | 0x102978 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x103220 | 0x6c8 | data | English | United States |
RT_ICON | 0x1038e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x103e50 | 0x25a8 | data | English | United States |
RT_ICON | 0x1063f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1074a0 | 0x988 | data | English | United States |
RT_ICON | 0x107e28 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x108290 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x11a6b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x11f2e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x123508 | 0x25a8 | data | English | United States |
RT_ICON | 0x125ab0 | 0x10a8 | data | English | United States |
RT_ICON | 0x126b58 | 0xeb0 | data | English | United States |
RT_ICON | 0x127a08 | 0x988 | data | English | United States |
RT_ICON | 0x128390 | 0x6b8 | data | English | United States |
RT_ICON | 0x128a48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x128eb0 | 0x668 | data | English | United States |
RT_ICON | 0x129518 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x129800 | 0x1e8 | data | English | United States |
RT_ICON | 0x1299e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x129b10 | 0xea8 | data | English | United States |
RT_ICON | 0x12a9b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x12b260 | 0x6c8 | data | English | United States |
RT_ICON | 0x12b928 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x12be90 | 0x25a8 | data | English | United States |
RT_ICON | 0x12e438 | 0x10a8 | data | English | United States |
RT_ICON | 0x12f4e0 | 0x988 | data | English | United States |
RT_ICON | 0x12fe68 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1302d0 | 0x668 | data | English | United States |
RT_ICON | 0x130938 | 0x2e8 | data | English | United States |
RT_ICON | 0x130c20 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x130d48 | 0xea8 | data | English | United States |
RT_ICON | 0x131bf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x132498 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x132a00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x136f30 | 0x25a8 | data | English | United States |
RT_ICON | 0x1394d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x13a580 | 0x988 | data | English | United States |
RT_ICON | 0x13af08 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13b370 | 0x668 | data | English | United States |
RT_ICON | 0x13b9d8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x13bcc0 | 0x1e8 | data | English | United States |
RT_ICON | 0x13bea8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13bfd0 | 0xea8 | data | English | United States |
RT_ICON | 0x13ce78 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x13d720 | 0x6c8 | data | English | United States |
RT_ICON | 0x13dde8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x13e350 | 0x25a8 | data | English | United States |
RT_ICON | 0x1408f8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1419a0 | 0x988 | data | English | United States |
RT_ICON | 0x142328 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x142790 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x154bb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x1597e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x15da08 | 0x25a8 | data | English | United States |
RT_ICON | 0x15ffb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x161058 | 0xeb0 | data | English | United States |
RT_ICON | 0x161f08 | 0x988 | data | English | United States |
RT_ICON | 0x162890 | 0x6b8 | data | English | United States |
RT_ICON | 0x162f48 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1633b0 | 0x668 | data | English | United States |
RT_ICON | 0x163a18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x163d00 | 0x1e8 | data | English | United States |
RT_ICON | 0x163ee8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x164010 | 0xea8 | data | English | United States |
RT_ICON | 0x164eb8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x165760 | 0x6c8 | data | English | United States |
RT_ICON | 0x165e28 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x166390 | 0x25a8 | data | English | United States |
RT_ICON | 0x168938 | 0x10a8 | data | English | United States |
RT_ICON | 0x1699e0 | 0x988 | data | English | United States |
RT_ICON | 0x16a368 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16a7d0 | 0x668 | data | English | United States |
RT_ICON | 0x16ae38 | 0x2e8 | data | English | United States |
RT_ICON | 0x16b120 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16b248 | 0xea8 | data | English | United States |
RT_ICON | 0x16c0f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x16c998 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x16cf00 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x171430 | 0x25a8 | data | English | United States |
RT_ICON | 0x1739d8 | 0x10a8 | data | English | United States |
RT_ICON | 0x174a80 | 0x988 | data | English | United States |
RT_ICON | 0x175408 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x175870 | 0x668 | data | English | United States |
RT_ICON | 0x175ed8 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x1761c0 | 0x1e8 | data | English | United States |
RT_ICON | 0x1763a8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1764d0 | 0xea8 | data | English | United States |
RT_ICON | 0x177378 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x177c20 | 0x6c8 | data | English | United States |
RT_ICON | 0x1782e8 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x178850 | 0x25a8 | data | English | United States |
RT_ICON | 0x17adf8 | 0x10a8 | data | English | United States |
RT_ICON | 0x17bea0 | 0x988 | data | English | United States |
RT_ICON | 0x17c828 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x17cc90 | 0x12428 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 1802201963, next used block 1802201963 | English | United States |
RT_ICON | 0x18f0b8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4278648832 | English | United States |
RT_ICON | 0x193ce0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 33357823 | English | United States |
RT_ICON | 0x197f08 | 0x25a8 | data | English | United States |
RT_ICON | 0x19a4b0 | 0x10a8 | data | English | United States |
RT_ICON | 0x19b558 | 0xeb0 | data | English | United States |
RT_ICON | 0x19c408 | 0x988 | data | English | United States |
RT_ICON | 0x19cd90 | 0x6b8 | data | English | United States |
RT_ICON | 0x19d448 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19d8b0 | 0x668 | data | English | United States |
RT_ICON | 0x19df18 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 117473463, next used block 30577 | English | United States |
RT_ICON | 0x19e200 | 0x1e8 | data | English | United States |
RT_ICON | 0x19e3e8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x19e510 | 0xea8 | data | English | United States |
RT_ICON | 0x19f3b8 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x19fc60 | 0x6c8 | data | English | United States |
RT_ICON | 0x1a0328 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a0890 | 0x25a8 | data | English | United States |
RT_ICON | 0x1a2e38 | 0x10a8 | data | English | United States |
RT_ICON | 0x1a3ee0 | 0x988 | data | English | United States |
RT_ICON | 0x1a4868 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a4cd0 | 0x668 | data | English | United States |
RT_ICON | 0x1a5338 | 0x2e8 | data | English | United States |
RT_ICON | 0x1a5620 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a5748 | 0xea8 | data | English | United States |
RT_ICON | 0x1a65f0 | 0x8a8 | data | English | United States |
RT_ICON | 0x1a6e98 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x1a7400 | 0x452e | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x1ab930 | 0x25a8 | data | English | United States |
RT_ICON | 0x1aded8 | 0x10a8 | data | English | United States |
RT_ICON | 0x1aef80 | 0x988 | data | English | United States |
RT_ICON | 0x1af908 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_GROUP_ICON | 0x1afd70 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1afe20 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1afea4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1aff54 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1afff4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b00a4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1b0128 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b01d8 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1b0278 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b0328 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1b03ac | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b045c | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1b04fc | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b05ac | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1b0630 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b06e0 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1b0780 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b0830 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1b08b4 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b0964 | 0xa0 | data | English | United States |
RT_GROUP_ICON | 0x1b0a04 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b0ab4 | 0x84 | data | English | United States |
RT_GROUP_ICON | 0x1b0b38 | 0xae | data | English | United States |
RT_GROUP_ICON | 0x1b0be8 | 0xa0 | data | English | United States |
RT_VERSION | 0x1b0c88 | 0x340 | data | English | United States |
RT_VERSION | 0x1b0fc8 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b12c0 | 0x344 | data | English | United States |
RT_VERSION | 0x1b1604 | 0x318 | data | English | United States |
RT_VERSION | 0x1b191c | 0x340 | data | English | United States |
RT_VERSION | 0x1b1c5c | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b1f54 | 0x344 | data | English | United States |
RT_VERSION | 0x1b2298 | 0x318 | data | English | United States |
RT_VERSION | 0x1b25b0 | 0x340 | data | English | United States |
RT_VERSION | 0x1b28f0 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b2be8 | 0x344 | data | English | United States |
RT_VERSION | 0x1b2f2c | 0x318 | data | English | United States |
RT_VERSION | 0x1b3244 | 0x340 | data | English | United States |
RT_VERSION | 0x1b3584 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b387c | 0x344 | data | English | United States |
RT_VERSION | 0x1b3bc0 | 0x318 | data | English | United States |
RT_VERSION | 0x1b3ed8 | 0x340 | data | English | United States |
RT_VERSION | 0x1b4218 | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b4510 | 0x344 | data | English | United States |
RT_VERSION | 0x1b4854 | 0x318 | data | English | United States |
RT_VERSION | 0x1b4b6c | 0x340 | data | English | United States |
RT_VERSION | 0x1b4eac | 0x2f8 | data | English | United States |
RT_VERSION | 0x1b51a4 | 0x344 | data | English | United States |
RT_VERSION | 0x1b54e8 | 0x318 | data | English | United States |
RT_MANIFEST | 0x1b5800 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b5f80 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b61c8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b6594 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b6d7c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b74fc | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b7744 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b7b10 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b82f8 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b8a78 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b8cc0 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b908c | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b9874 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1b9ff4 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1ba23c | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1ba608 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1badf0 | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bb570 | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bb7b8 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bbb84 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bc36c | 0x77d | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bcaec | 0x245 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bcd34 | 0x3ca | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
RT_MANIFEST | 0x1bd100 | 0x7e5 | XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
advapi32.dll | RegCreateKeyExW, RegDeleteValueW, RegSetValueExA, RegDeleteKeyA, RegEnumValueA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, RegEnumKeyA |
gdi32.dll | SetBkMode, SelectObject, SetBkColor, CreateFontIndirectA, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetTextColor |
kernel32.dll | GetModuleHandleA, GetProcAddress, LoadLibraryA, FindNextFileA, SetFileAttributesA, CompareFileTime, CloseHandle, LoadLibraryExA, SetCurrentDirectoryA, CreateThread, Sleep, CopyFileA, GetTickCount, GlobalLock, SetFileTime, WritePrivateProfileStringA, GetTempFileNameA, SetFilePointer, lstrlenA, MultiByteToWideChar, CreateFileA, lstrcatA, MulDiv, GetModuleFileNameA, DeleteFileA, WriteFile, lstrcmpiA, ExitProcess, GetExitCodeProcess, CreateDirectoryA, lstrcpynA, WaitForSingleObject, SetErrorMode, GetFileSize, GlobalAlloc, FindClose, VirtualProtectEx, SearchPathA, GetVersion, CreateProcessA, GetSystemDirectoryA, lstrcmpA, ReadFile, GetFullPathNameA, GetCurrentDirectoryA, GetWindowsDirectoryA, GlobalFree, MoveFileA, GetDiskFreeSpaceA, GetCommandLineA, GetShortPathNameA, FindFirstFileA, FreeLibrary, RemoveDirectoryA, GetTempPathA, GetPrivateProfileStringA, GetCurrentProcess, ExpandEnvironmentStringsA, GlobalUnlock, GetLastError, GetFileAttributesA |
ole32.dll | OleUninitialize, CoTaskMemFree, CoCreateInstance, OleInitialize |
shell32.dll | SHGetSpecialFolderLocation, ShellExecuteA, SHFileOperationA, SHBrowseForFolderA, SHGetFileInfoA, SHGetPathFromIDListA |
user32.dll | SetWindowLongA, IsWindowEnabled, AppendMenuA, LoadBitmapA, EndPaint, SetWindowPos, DefWindowProcA, ShowWindow, SystemParametersInfoA, LoadCursorA, CreatePopupMenu, GetSysColor, ExitWindowsEx, DispatchMessageA, wsprintfA, RegisterClassA, DestroyWindow, ScreenToClient, CharNextA, EndDialog, GetSystemMetrics, DrawTextA, EnableMenuItem, CreateDialogParamA, GetDC, CharPrevA, GetMessagePos, FindWindowExA, SendMessageTimeoutA, CreateWindowExA, GetDlgItemTextA, GetSystemMenu, LoadImageA, SetWindowTextA, EmptyClipboard, InvalidateRect, GetWindowLongA, CheckDlgButton, SetDlgItemTextA, SetClipboardData, FillRect, OpenClipboard, GetWindowRect, IsWindow, MessageBoxIndirectA, BeginPaint, IsWindowVisible, SetCursor, EnableWindow, DialogBoxParamA, PostQuitMessage, TrackPopupMenu, SetClassLongA, GetClientRect, SetForegroundWindow, SendMessageA, CloseClipboard |
version.dll | GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA |
Exports |
---|
Name | Ordinal | Address |
---|---|---|
DllRegisterServer | 1 | 0x1001d45c |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright 2016 Symantec Corporation. All rights reserved. |
InternalName | SymErr |
FileVersion | 7.6.2.5 |
CompanyName | Symantec Corporation |
ProductName | Symantec Shared Component |
ProductVersion | 7.6 |
FileDescription | Symantec Error Reporting |
OriginalFilename | SymErr.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
12/16/21-09:48:04.909243 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:48:06.443354 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:48:07.457320 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:48:08.496291 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:48:10.177155 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:01.472370 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:02.539281 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:06.405672 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:07.484648 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:08.675917 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:11.266525 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:57.574727 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:49:59.580242 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:50:00.602049 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:50:05.088933 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:50:06.169872 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:50:08.187515 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 | ||
12/16/21-09:50:08.812572 | ICMP | 402 | ICMP Destination Unreachable Port Unreachable | 192.168.2.7 | 8.8.8.8 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2021 09:47:27.100218058 CET | 49778 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.100289106 CET | 443 | 49778 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.100368977 CET | 49778 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.100939989 CET | 49778 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.100954056 CET | 443 | 49778 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.149362087 CET | 49779 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.149394989 CET | 443 | 49779 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.149586916 CET | 49779 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.150409937 CET | 49779 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.150424957 CET | 443 | 49779 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.246618032 CET | 49780 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.246654034 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.246778965 CET | 49780 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.247344971 CET | 49780 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.247361898 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.249102116 CET | 443 | 49778 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.250370979 CET | 49781 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.250407934 CET | 443 | 49781 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.250519037 CET | 49781 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.251287937 CET | 49781 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.251306057 CET | 443 | 49781 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.299268961 CET | 443 | 49779 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.300725937 CET | 49782 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.300777912 CET | 443 | 49782 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.301008940 CET | 49782 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.302093029 CET | 49782 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.302120924 CET | 443 | 49782 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.395606041 CET | 443 | 49780 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.397231102 CET | 49783 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.397270918 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.397381067 CET | 49783 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.398216009 CET | 49783 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.398235083 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.399370909 CET | 443 | 49781 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.400723934 CET | 49784 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.400748014 CET | 443 | 49784 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.400891066 CET | 49784 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.401633024 CET | 49784 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.401649952 CET | 443 | 49784 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.450956106 CET | 443 | 49782 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.452037096 CET | 49785 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.452088118 CET | 443 | 49785 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.452183008 CET | 49785 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.452692032 CET | 49785 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.452707052 CET | 443 | 49785 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.546606064 CET | 443 | 49783 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.548146009 CET | 49786 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.548183918 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.548283100 CET | 49786 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.549448013 CET | 443 | 49784 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.549674034 CET | 49786 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.549698114 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.550810099 CET | 49787 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.550843954 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.550932884 CET | 49787 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.552242041 CET | 49787 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.552259922 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.601489067 CET | 443 | 49785 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.602624893 CET | 49788 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.602679968 CET | 443 | 49788 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.602771044 CET | 49788 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.603632927 CET | 49788 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:47:27.603663921 CET | 443 | 49788 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.697577953 CET | 443 | 49786 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.699625015 CET | 49789 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.699676037 CET | 443 | 49789 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.699815035 CET | 49789 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.700284958 CET | 443 | 49787 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.700881004 CET | 49789 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:27.700913906 CET | 443 | 49789 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:27.752491951 CET | 443 | 49788 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:47:27.849462986 CET | 443 | 49789 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:29.905601978 CET | 49791 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:29.905664921 CET | 443 | 49791 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:29.905766964 CET | 49791 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:29.906440020 CET | 49791 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:29.906467915 CET | 443 | 49791 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.054735899 CET | 443 | 49791 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.055824995 CET | 49792 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.055866957 CET | 443 | 49792 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.055951118 CET | 49792 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.056612015 CET | 49792 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.056634903 CET | 443 | 49792 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.204569101 CET | 443 | 49792 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.205724955 CET | 49793 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.205775023 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.205923080 CET | 49793 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.206387997 CET | 49793 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.206418037 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.354130983 CET | 443 | 49793 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.355756044 CET | 49794 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.355794907 CET | 443 | 49794 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.355875969 CET | 49794 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.356673002 CET | 49794 | 443 | 192.168.2.7 | 18.219.227.107 |
Dec 16, 2021 09:47:30.356686115 CET | 443 | 49794 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:47:30.504743099 CET | 443 | 49794 | 18.219.227.107 | 192.168.2.7 |
Dec 16, 2021 09:48:25.602668047 CET | 49850 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:48:25.602713108 CET | 443 | 49850 | 3.20.161.64 | 192.168.2.7 |
Dec 16, 2021 09:48:25.602794886 CET | 49850 | 443 | 192.168.2.7 | 3.20.161.64 |
Dec 16, 2021 09:48:25.603508949 CET | 49850 | 443 | 192.168.2.7 | 3.20.161.64 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 16, 2021 09:47:26.971112967 CET | 64296 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:27.025146961 CET | 56680 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:27.097388029 CET | 53 | 64296 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:27.116242886 CET | 58820 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:27.145597935 CET | 53 | 56680 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:27.244956970 CET | 53 | 58820 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:29.785082102 CET | 49247 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:29.904055119 CET | 53 | 49247 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:38.298553944 CET | 56064 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:38.320662022 CET | 53 | 56064 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:39.982805967 CET | 63744 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:40.004465103 CET | 53 | 63744 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:40.068403006 CET | 61457 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:40.085695982 CET | 53 | 61457 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:40.651721001 CET | 58367 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:40.673250914 CET | 53 | 58367 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:48.375288963 CET | 59571 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:48.396979094 CET | 53 | 59571 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:50.203558922 CET | 52689 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:50.224988937 CET | 53 | 52689 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:50.295247078 CET | 50290 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:50.316543102 CET | 53 | 50290 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:50.872693062 CET | 60427 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:50.893662930 CET | 53 | 60427 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:47:58.879478931 CET | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:47:59.893799067 CET | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:00.414546013 CET | 59179 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:00.504049063 CET | 60927 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:00.940325975 CET | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:01.073736906 CET | 62026 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:01.426948071 CET | 59179 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:01.519082069 CET | 60927 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:02.081192017 CET | 62026 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:02.440943003 CET | 59179 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:02.549933910 CET | 60927 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:03.003319979 CET | 56209 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:03.112885952 CET | 62026 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:03.895652056 CET | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:04.471956968 CET | 59179 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:04.566345930 CET | 60927 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:04.909097910 CET | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:04.976258993 CET | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:05.159606934 CET | 62026 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:05.430758953 CET | 53 | 59179 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:05.521769047 CET | 53 | 60927 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:06.091595888 CET | 53 | 62026 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:06.443227053 CET | 53 | 59179 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:06.536413908 CET | 53 | 60927 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:07.100347042 CET | 53 | 62026 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:07.457132101 CET | 53 | 59179 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:07.567496061 CET | 53 | 60927 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:08.018371105 CET | 53 | 56209 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:08.130769968 CET | 53 | 62026 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:08.496167898 CET | 53 | 59179 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:08.603629112 CET | 53 | 60927 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:10.177064896 CET | 53 | 62026 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:25.470429897 CET | 50095 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:25.599142075 CET | 53 | 50095 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:29.107110977 CET | 59654 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:29.128571987 CET | 53 | 59654 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:29.184900999 CET | 58233 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:29.203954935 CET | 53 | 58233 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:30.256908894 CET | 56822 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:30.273638964 CET | 53 | 56822 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:36.246262074 CET | 62572 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:36.262774944 CET | 53 | 62572 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:39.935625076 CET | 57179 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:39.954916954 CET | 53 | 57179 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:40.069211006 CET | 56124 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:40.087718010 CET | 53 | 56124 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:41.136293888 CET | 62287 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:41.154951096 CET | 53 | 62287 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:46.405317068 CET | 54644 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:46.421927929 CET | 53 | 54644 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:50.170628071 CET | 59159 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:50.187510967 CET | 53 | 59159 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:50.291120052 CET | 57924 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:50.311907053 CET | 53 | 57924 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:51.356180906 CET | 51712 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:51.377249002 CET | 53 | 51712 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:48:56.451184988 CET | 64337 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:57.445242882 CET | 64337 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:48:58.507932901 CET | 64337 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:00.340672970 CET | 50407 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:00.439784050 CET | 61075 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:00.475156069 CET | 53 | 64337 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:01.382004023 CET | 50407 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:01.458255053 CET | 61075 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:01.470026970 CET | 53 | 64337 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:02.081366062 CET | 54952 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:02.381783962 CET | 50407 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:02.460206985 CET | 61075 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:02.532615900 CET | 53 | 64337 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:03.095551014 CET | 54952 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:04.153434038 CET | 54952 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:04.385709047 CET | 50407 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:04.515564919 CET | 61075 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:05.361011982 CET | 53 | 50407 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:05.444638014 CET | 53 | 61075 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:06.249155998 CET | 54952 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:06.399498940 CET | 53 | 50407 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:06.476315022 CET | 53 | 61075 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:06.533787966 CET | 53 | 50407 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:07.102721930 CET | 53 | 54952 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:07.477535963 CET | 53 | 61075 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:08.113522053 CET | 53 | 54952 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:08.675761938 CET | 53 | 61075 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:08.724967003 CET | 53 | 50407 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:09.171401978 CET | 53 | 54952 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:11.266437054 CET | 53 | 54952 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:21.756612062 CET | 58648 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:21.775130033 CET | 53 | 58648 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:27.348459005 CET | 59337 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:27.365381002 CET | 53 | 59337 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:27.611932039 CET | 59269 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:27.630573988 CET | 53 | 59269 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:29.548809052 CET | 49802 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:29.565855026 CET | 53 | 49802 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:32.417371988 CET | 50706 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:32.438484907 CET | 53 | 50706 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:38.161843061 CET | 55153 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:38.184230089 CET | 53 | 55153 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:38.606929064 CET | 59744 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:38.625797987 CET | 53 | 59744 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:40.319984913 CET | 59987 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:40.340465069 CET | 53 | 59987 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:42.488115072 CET | 61272 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:42.505004883 CET | 53 | 61272 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:48.380752087 CET | 60696 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:48.399806023 CET | 53 | 60696 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:48.800364017 CET | 59139 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:48.817127943 CET | 53 | 59139 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:50.501629114 CET | 59565 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:50.523742914 CET | 53 | 59565 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:52.549086094 CET | 56397 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:53.546605110 CET | 56397 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:54.562756062 CET | 56397 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:56.563133955 CET | 56397 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:49:56.711815119 CET | 53 | 56397 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:57.574570894 CET | 53 | 56397 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:49:59.580099106 CET | 53 | 56397 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:00.069917917 CET | 52818 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:00.135617018 CET | 54236 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:00.601974010 CET | 53 | 56397 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:00.643827915 CET | 54698 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:01.063044071 CET | 52818 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:01.125665903 CET | 54236 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:01.642425060 CET | 54698 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:02.125401020 CET | 52818 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:02.141103983 CET | 54236 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:02.656879902 CET | 54698 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:04.095603943 CET | 53 | 52818 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:04.156891108 CET | 54236 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:04.167093039 CET | 53 | 54236 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:04.657082081 CET | 54698 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:04.671138048 CET | 53 | 54698 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:05.088732958 CET | 53 | 52818 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:05.149595022 CET | 53 | 54236 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:05.668211937 CET | 53 | 54698 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:06.166713953 CET | 53 | 54236 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:06.672385931 CET | 53 | 52818 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:06.683897972 CET | 53 | 54698 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:08.187335968 CET | 53 | 54236 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:08.812439919 CET | 53 | 54698 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:18.062139988 CET | 54012 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:18.082094908 CET | 53 | 54012 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:25.743124962 CET | 63684 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:25.759835958 CET | 53 | 63684 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:25.761929035 CET | 62912 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:25.877816916 CET | 53 | 62912 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:26.500143051 CET | 60804 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:26.517128944 CET | 53 | 60804 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:28.723965883 CET | 60139 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:28.742445946 CET | 53 | 60139 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:36.390099049 CET | 59140 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:36.409636021 CET | 53 | 59140 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:36.496087074 CET | 50905 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:36.514867067 CET | 53 | 50905 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:37.139866114 CET | 53381 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:37.158690929 CET | 53 | 53381 | 8.8.8.8 | 192.168.2.7 |
Dec 16, 2021 09:50:38.758304119 CET | 54390 | 53 | 192.168.2.7 | 8.8.8.8 |
Dec 16, 2021 09:50:38.777276039 CET | 53 | 54390 | 8.8.8.8 | 192.168.2.7 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
Dec 16, 2021 09:48:04.909243107 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:48:06.443353891 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:48:07.457319975 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:48:08.496290922 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:48:10.177155018 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:01.472369909 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:02.539280891 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:06.405672073 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:07.484647989 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:08.675916910 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:11.266525030 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:57.574727058 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:49:59.580241919 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:50:00.602049112 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:50:05.088932991 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:50:06.169872046 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:50:08.187515020 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
Dec 16, 2021 09:50:08.812572002 CET | 192.168.2.7 | 8.8.8.8 | cff5 | (Port unreachable) | Destination Unreachable |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 16, 2021 09:47:26.971112967 CET | 192.168.2.7 | 8.8.8.8 | 0xdee2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:27.025146961 CET | 192.168.2.7 | 8.8.8.8 | 0xa486 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:27.116242886 CET | 192.168.2.7 | 8.8.8.8 | 0x1b94 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:29.785082102 CET | 192.168.2.7 | 8.8.8.8 | 0x17cd | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:38.298553944 CET | 192.168.2.7 | 8.8.8.8 | 0xd69e | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:39.982805967 CET | 192.168.2.7 | 8.8.8.8 | 0x33e | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:40.068403006 CET | 192.168.2.7 | 8.8.8.8 | 0x556b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:40.651721001 CET | 192.168.2.7 | 8.8.8.8 | 0xf460 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:48.375288963 CET | 192.168.2.7 | 8.8.8.8 | 0xd5c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.203558922 CET | 192.168.2.7 | 8.8.8.8 | 0xf9d6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.295247078 CET | 192.168.2.7 | 8.8.8.8 | 0x5d1a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.872693062 CET | 192.168.2.7 | 8.8.8.8 | 0x1d10 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:58.879478931 CET | 192.168.2.7 | 8.8.8.8 | 0x549 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:59.893799067 CET | 192.168.2.7 | 8.8.8.8 | 0x549 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:00.414546013 CET | 192.168.2.7 | 8.8.8.8 | 0xab7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:00.504049063 CET | 192.168.2.7 | 8.8.8.8 | 0x66c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:00.940325975 CET | 192.168.2.7 | 8.8.8.8 | 0x549 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:01.073736906 CET | 192.168.2.7 | 8.8.8.8 | 0x21ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:01.426948071 CET | 192.168.2.7 | 8.8.8.8 | 0xab7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:01.519082069 CET | 192.168.2.7 | 8.8.8.8 | 0x66c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:02.081192017 CET | 192.168.2.7 | 8.8.8.8 | 0x21ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:02.440943003 CET | 192.168.2.7 | 8.8.8.8 | 0xab7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:02.549933910 CET | 192.168.2.7 | 8.8.8.8 | 0x66c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:03.003319979 CET | 192.168.2.7 | 8.8.8.8 | 0x549 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:03.112885952 CET | 192.168.2.7 | 8.8.8.8 | 0x21ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:04.471956968 CET | 192.168.2.7 | 8.8.8.8 | 0xab7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:04.566345930 CET | 192.168.2.7 | 8.8.8.8 | 0x66c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:05.159606934 CET | 192.168.2.7 | 8.8.8.8 | 0x21ce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:25.470429897 CET | 192.168.2.7 | 8.8.8.8 | 0x982b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:29.107110977 CET | 192.168.2.7 | 8.8.8.8 | 0xc765 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:29.184900999 CET | 192.168.2.7 | 8.8.8.8 | 0x89a2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:30.256908894 CET | 192.168.2.7 | 8.8.8.8 | 0xe5ed | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:36.246262074 CET | 192.168.2.7 | 8.8.8.8 | 0xe4c8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:39.935625076 CET | 192.168.2.7 | 8.8.8.8 | 0x9240 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:40.069211006 CET | 192.168.2.7 | 8.8.8.8 | 0x76c9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:41.136293888 CET | 192.168.2.7 | 8.8.8.8 | 0x19af | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:46.405317068 CET | 192.168.2.7 | 8.8.8.8 | 0xc45d | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:50.170628071 CET | 192.168.2.7 | 8.8.8.8 | 0xebe7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:50.291120052 CET | 192.168.2.7 | 8.8.8.8 | 0x4c5b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:51.356180906 CET | 192.168.2.7 | 8.8.8.8 | 0x34d | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:56.451184988 CET | 192.168.2.7 | 8.8.8.8 | 0x3fa2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:57.445242882 CET | 192.168.2.7 | 8.8.8.8 | 0x3fa2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:58.507932901 CET | 192.168.2.7 | 8.8.8.8 | 0x3fa2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:00.340672970 CET | 192.168.2.7 | 8.8.8.8 | 0x2fa4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:00.439784050 CET | 192.168.2.7 | 8.8.8.8 | 0x417 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:01.382004023 CET | 192.168.2.7 | 8.8.8.8 | 0x2fa4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:01.458255053 CET | 192.168.2.7 | 8.8.8.8 | 0x417 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:02.081366062 CET | 192.168.2.7 | 8.8.8.8 | 0x9171 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:02.381783962 CET | 192.168.2.7 | 8.8.8.8 | 0x2fa4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:02.460206985 CET | 192.168.2.7 | 8.8.8.8 | 0x417 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:03.095551014 CET | 192.168.2.7 | 8.8.8.8 | 0x9171 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:04.153434038 CET | 192.168.2.7 | 8.8.8.8 | 0x9171 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:04.385709047 CET | 192.168.2.7 | 8.8.8.8 | 0x2fa4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:04.515564919 CET | 192.168.2.7 | 8.8.8.8 | 0x417 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:06.249155998 CET | 192.168.2.7 | 8.8.8.8 | 0x9171 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:21.756612062 CET | 192.168.2.7 | 8.8.8.8 | 0xdbc6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:27.348459005 CET | 192.168.2.7 | 8.8.8.8 | 0x6ccd | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:27.611932039 CET | 192.168.2.7 | 8.8.8.8 | 0x2241 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:29.548809052 CET | 192.168.2.7 | 8.8.8.8 | 0xea0d | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:32.417371988 CET | 192.168.2.7 | 8.8.8.8 | 0x502c | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:38.161843061 CET | 192.168.2.7 | 8.8.8.8 | 0x1aa0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:38.606929064 CET | 192.168.2.7 | 8.8.8.8 | 0x4afa | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:40.319984913 CET | 192.168.2.7 | 8.8.8.8 | 0x4e94 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:42.488115072 CET | 192.168.2.7 | 8.8.8.8 | 0xc53d | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:48.380752087 CET | 192.168.2.7 | 8.8.8.8 | 0x21af | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:48.800364017 CET | 192.168.2.7 | 8.8.8.8 | 0x22d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:50.501629114 CET | 192.168.2.7 | 8.8.8.8 | 0x7772 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:52.549086094 CET | 192.168.2.7 | 8.8.8.8 | 0x209a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:53.546605110 CET | 192.168.2.7 | 8.8.8.8 | 0x209a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:54.562756062 CET | 192.168.2.7 | 8.8.8.8 | 0x209a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:56.563133955 CET | 192.168.2.7 | 8.8.8.8 | 0x209a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:00.069917917 CET | 192.168.2.7 | 8.8.8.8 | 0xf718 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:00.135617018 CET | 192.168.2.7 | 8.8.8.8 | 0xbe5a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:00.643827915 CET | 192.168.2.7 | 8.8.8.8 | 0xc354 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:01.063044071 CET | 192.168.2.7 | 8.8.8.8 | 0xf718 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:01.125665903 CET | 192.168.2.7 | 8.8.8.8 | 0xbe5a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:01.642425060 CET | 192.168.2.7 | 8.8.8.8 | 0xc354 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:02.125401020 CET | 192.168.2.7 | 8.8.8.8 | 0xf718 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:02.141103983 CET | 192.168.2.7 | 8.8.8.8 | 0xbe5a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:02.656879902 CET | 192.168.2.7 | 8.8.8.8 | 0xc354 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:04.156891108 CET | 192.168.2.7 | 8.8.8.8 | 0xbe5a | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:04.657082081 CET | 192.168.2.7 | 8.8.8.8 | 0xc354 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:18.062139988 CET | 192.168.2.7 | 8.8.8.8 | 0xc34 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:25.743124962 CET | 192.168.2.7 | 8.8.8.8 | 0xb203 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:25.761929035 CET | 192.168.2.7 | 8.8.8.8 | 0x5b02 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:26.500143051 CET | 192.168.2.7 | 8.8.8.8 | 0x8bce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:28.723965883 CET | 192.168.2.7 | 8.8.8.8 | 0x2d41 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:36.390099049 CET | 192.168.2.7 | 8.8.8.8 | 0x72db | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:36.496087074 CET | 192.168.2.7 | 8.8.8.8 | 0xdc47 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:37.139866114 CET | 192.168.2.7 | 8.8.8.8 | 0x7816 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:38.758304119 CET | 192.168.2.7 | 8.8.8.8 | 0xcec3 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 16, 2021 09:47:27.097388029 CET | 8.8.8.8 | 192.168.2.7 | 0xdee2 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.097388029 CET | 8.8.8.8 | 192.168.2.7 | 0xdee2 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.097388029 CET | 8.8.8.8 | 192.168.2.7 | 0xdee2 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.097388029 CET | 8.8.8.8 | 192.168.2.7 | 0xdee2 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.145597935 CET | 8.8.8.8 | 192.168.2.7 | 0xa486 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.145597935 CET | 8.8.8.8 | 192.168.2.7 | 0xa486 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.145597935 CET | 8.8.8.8 | 192.168.2.7 | 0xa486 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.145597935 CET | 8.8.8.8 | 192.168.2.7 | 0xa486 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.244956970 CET | 8.8.8.8 | 192.168.2.7 | 0x1b94 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.244956970 CET | 8.8.8.8 | 192.168.2.7 | 0x1b94 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.244956970 CET | 8.8.8.8 | 192.168.2.7 | 0x1b94 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:27.244956970 CET | 8.8.8.8 | 192.168.2.7 | 0x1b94 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:29.904055119 CET | 8.8.8.8 | 192.168.2.7 | 0x17cd | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:47:29.904055119 CET | 8.8.8.8 | 192.168.2.7 | 0x17cd | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:29.904055119 CET | 8.8.8.8 | 192.168.2.7 | 0x17cd | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:29.904055119 CET | 8.8.8.8 | 192.168.2.7 | 0x17cd | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:47:38.320662022 CET | 8.8.8.8 | 192.168.2.7 | 0xd69e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:40.004465103 CET | 8.8.8.8 | 192.168.2.7 | 0x33e | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:40.085695982 CET | 8.8.8.8 | 192.168.2.7 | 0x556b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:40.673250914 CET | 8.8.8.8 | 192.168.2.7 | 0xf460 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:48.396979094 CET | 8.8.8.8 | 192.168.2.7 | 0xd5c1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.224988937 CET | 8.8.8.8 | 192.168.2.7 | 0xf9d6 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.316543102 CET | 8.8.8.8 | 192.168.2.7 | 0x5d1a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:47:50.893662930 CET | 8.8.8.8 | 192.168.2.7 | 0x1d10 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:03.895652056 CET | 8.8.8.8 | 192.168.2.7 | 0x549 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:04.909097910 CET | 8.8.8.8 | 192.168.2.7 | 0x549 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:04.976258993 CET | 8.8.8.8 | 192.168.2.7 | 0x549 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:05.430758953 CET | 8.8.8.8 | 192.168.2.7 | 0xab7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:05.521769047 CET | 8.8.8.8 | 192.168.2.7 | 0x66c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:06.091595888 CET | 8.8.8.8 | 192.168.2.7 | 0x21ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:06.443227053 CET | 8.8.8.8 | 192.168.2.7 | 0xab7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:06.536413908 CET | 8.8.8.8 | 192.168.2.7 | 0x66c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:07.100347042 CET | 8.8.8.8 | 192.168.2.7 | 0x21ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:07.457132101 CET | 8.8.8.8 | 192.168.2.7 | 0xab7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:07.567496061 CET | 8.8.8.8 | 192.168.2.7 | 0x66c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:08.018371105 CET | 8.8.8.8 | 192.168.2.7 | 0x549 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:08.130769968 CET | 8.8.8.8 | 192.168.2.7 | 0x21ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:08.496167898 CET | 8.8.8.8 | 192.168.2.7 | 0xab7 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:08.603629112 CET | 8.8.8.8 | 192.168.2.7 | 0x66c | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:10.177064896 CET | 8.8.8.8 | 192.168.2.7 | 0x21ce | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:25.599142075 CET | 8.8.8.8 | 192.168.2.7 | 0x982b | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:48:25.599142075 CET | 8.8.8.8 | 192.168.2.7 | 0x982b | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:25.599142075 CET | 8.8.8.8 | 192.168.2.7 | 0x982b | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:25.599142075 CET | 8.8.8.8 | 192.168.2.7 | 0x982b | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.128571987 CET | 8.8.8.8 | 192.168.2.7 | 0xc765 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.128571987 CET | 8.8.8.8 | 192.168.2.7 | 0xc765 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.128571987 CET | 8.8.8.8 | 192.168.2.7 | 0xc765 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.128571987 CET | 8.8.8.8 | 192.168.2.7 | 0xc765 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.203954935 CET | 8.8.8.8 | 192.168.2.7 | 0x89a2 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.203954935 CET | 8.8.8.8 | 192.168.2.7 | 0x89a2 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.203954935 CET | 8.8.8.8 | 192.168.2.7 | 0x89a2 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:29.203954935 CET | 8.8.8.8 | 192.168.2.7 | 0x89a2 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:30.273638964 CET | 8.8.8.8 | 192.168.2.7 | 0xe5ed | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:48:30.273638964 CET | 8.8.8.8 | 192.168.2.7 | 0xe5ed | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:30.273638964 CET | 8.8.8.8 | 192.168.2.7 | 0xe5ed | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:30.273638964 CET | 8.8.8.8 | 192.168.2.7 | 0xe5ed | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:48:36.262774944 CET | 8.8.8.8 | 192.168.2.7 | 0xe4c8 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:39.954916954 CET | 8.8.8.8 | 192.168.2.7 | 0x9240 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:40.087718010 CET | 8.8.8.8 | 192.168.2.7 | 0x76c9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:41.154951096 CET | 8.8.8.8 | 192.168.2.7 | 0x19af | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:46.421927929 CET | 8.8.8.8 | 192.168.2.7 | 0xc45d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:50.187510967 CET | 8.8.8.8 | 192.168.2.7 | 0xebe7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:50.311907053 CET | 8.8.8.8 | 192.168.2.7 | 0x4c5b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:48:51.377249002 CET | 8.8.8.8 | 192.168.2.7 | 0x34d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:00.475156069 CET | 8.8.8.8 | 192.168.2.7 | 0x3fa2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:01.470026970 CET | 8.8.8.8 | 192.168.2.7 | 0x3fa2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:02.532615900 CET | 8.8.8.8 | 192.168.2.7 | 0x3fa2 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:05.361011982 CET | 8.8.8.8 | 192.168.2.7 | 0x2fa4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:05.444638014 CET | 8.8.8.8 | 192.168.2.7 | 0x417 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:06.399498940 CET | 8.8.8.8 | 192.168.2.7 | 0x2fa4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:06.476315022 CET | 8.8.8.8 | 192.168.2.7 | 0x417 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:06.533787966 CET | 8.8.8.8 | 192.168.2.7 | 0x2fa4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:07.102721930 CET | 8.8.8.8 | 192.168.2.7 | 0x9171 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:07.477535963 CET | 8.8.8.8 | 192.168.2.7 | 0x417 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:08.113522053 CET | 8.8.8.8 | 192.168.2.7 | 0x9171 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:08.675761938 CET | 8.8.8.8 | 192.168.2.7 | 0x417 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:08.724967003 CET | 8.8.8.8 | 192.168.2.7 | 0x2fa4 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:09.171401978 CET | 8.8.8.8 | 192.168.2.7 | 0x9171 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:11.266437054 CET | 8.8.8.8 | 192.168.2.7 | 0x9171 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:21.775130033 CET | 8.8.8.8 | 192.168.2.7 | 0xdbc6 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:49:21.775130033 CET | 8.8.8.8 | 192.168.2.7 | 0xdbc6 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:21.775130033 CET | 8.8.8.8 | 192.168.2.7 | 0xdbc6 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:21.775130033 CET | 8.8.8.8 | 192.168.2.7 | 0xdbc6 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.365381002 CET | 8.8.8.8 | 192.168.2.7 | 0x6ccd | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.365381002 CET | 8.8.8.8 | 192.168.2.7 | 0x6ccd | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.365381002 CET | 8.8.8.8 | 192.168.2.7 | 0x6ccd | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.365381002 CET | 8.8.8.8 | 192.168.2.7 | 0x6ccd | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.630573988 CET | 8.8.8.8 | 192.168.2.7 | 0x2241 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.630573988 CET | 8.8.8.8 | 192.168.2.7 | 0x2241 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.630573988 CET | 8.8.8.8 | 192.168.2.7 | 0x2241 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:27.630573988 CET | 8.8.8.8 | 192.168.2.7 | 0x2241 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:29.565855026 CET | 8.8.8.8 | 192.168.2.7 | 0xea0d | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:49:29.565855026 CET | 8.8.8.8 | 192.168.2.7 | 0xea0d | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:29.565855026 CET | 8.8.8.8 | 192.168.2.7 | 0xea0d | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:29.565855026 CET | 8.8.8.8 | 192.168.2.7 | 0xea0d | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:49:32.438484907 CET | 8.8.8.8 | 192.168.2.7 | 0x502c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:38.184230089 CET | 8.8.8.8 | 192.168.2.7 | 0x1aa0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:38.625797987 CET | 8.8.8.8 | 192.168.2.7 | 0x4afa | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:40.340465069 CET | 8.8.8.8 | 192.168.2.7 | 0x4e94 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:42.505004883 CET | 8.8.8.8 | 192.168.2.7 | 0xc53d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:48.399806023 CET | 8.8.8.8 | 192.168.2.7 | 0x21af | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:48.817127943 CET | 8.8.8.8 | 192.168.2.7 | 0x22d5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:50.523742914 CET | 8.8.8.8 | 192.168.2.7 | 0x7772 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:56.711815119 CET | 8.8.8.8 | 192.168.2.7 | 0x209a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:57.574570894 CET | 8.8.8.8 | 192.168.2.7 | 0x209a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:49:59.580099106 CET | 8.8.8.8 | 192.168.2.7 | 0x209a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:00.601974010 CET | 8.8.8.8 | 192.168.2.7 | 0x209a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:04.095603943 CET | 8.8.8.8 | 192.168.2.7 | 0xf718 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:04.167093039 CET | 8.8.8.8 | 192.168.2.7 | 0xbe5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:04.671138048 CET | 8.8.8.8 | 192.168.2.7 | 0xc354 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:05.088732958 CET | 8.8.8.8 | 192.168.2.7 | 0xf718 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:05.149595022 CET | 8.8.8.8 | 192.168.2.7 | 0xbe5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:05.668211937 CET | 8.8.8.8 | 192.168.2.7 | 0xc354 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:06.166713953 CET | 8.8.8.8 | 192.168.2.7 | 0xbe5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:06.672385931 CET | 8.8.8.8 | 192.168.2.7 | 0xf718 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:06.683897972 CET | 8.8.8.8 | 192.168.2.7 | 0xc354 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:08.187335968 CET | 8.8.8.8 | 192.168.2.7 | 0xbe5a | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:08.812439919 CET | 8.8.8.8 | 192.168.2.7 | 0xc354 | Server failure (2) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:18.082094908 CET | 8.8.8.8 | 192.168.2.7 | 0xc34 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:50:18.082094908 CET | 8.8.8.8 | 192.168.2.7 | 0xc34 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:18.082094908 CET | 8.8.8.8 | 192.168.2.7 | 0xc34 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:18.082094908 CET | 8.8.8.8 | 192.168.2.7 | 0xc34 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.759835958 CET | 8.8.8.8 | 192.168.2.7 | 0xb203 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.759835958 CET | 8.8.8.8 | 192.168.2.7 | 0xb203 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.759835958 CET | 8.8.8.8 | 192.168.2.7 | 0xb203 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.759835958 CET | 8.8.8.8 | 192.168.2.7 | 0xb203 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.877816916 CET | 8.8.8.8 | 192.168.2.7 | 0x5b02 | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.877816916 CET | 8.8.8.8 | 192.168.2.7 | 0x5b02 | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.877816916 CET | 8.8.8.8 | 192.168.2.7 | 0x5b02 | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:25.877816916 CET | 8.8.8.8 | 192.168.2.7 | 0x5b02 | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:26.517128944 CET | 8.8.8.8 | 192.168.2.7 | 0x8bce | No error (0) | prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 16, 2021 09:50:26.517128944 CET | 8.8.8.8 | 192.168.2.7 | 0x8bce | No error (0) | 3.20.161.64 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:26.517128944 CET | 8.8.8.8 | 192.168.2.7 | 0x8bce | No error (0) | 18.219.227.107 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:26.517128944 CET | 8.8.8.8 | 192.168.2.7 | 0x8bce | No error (0) | 3.12.124.139 | A (IP address) | IN (0x0001) | ||
Dec 16, 2021 09:50:28.742445946 CET | 8.8.8.8 | 192.168.2.7 | 0x2d41 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:36.409636021 CET | 8.8.8.8 | 192.168.2.7 | 0x72db | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:36.514867067 CET | 8.8.8.8 | 192.168.2.7 | 0xdc47 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:37.158690929 CET | 8.8.8.8 | 192.168.2.7 | 0x7816 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Dec 16, 2021 09:50:38.777276039 CET | 8.8.8.8 | 192.168.2.7 | 0xcec3 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 09:46:29 |
Start date: | 16/12/2021 |
Path: | C:\Windows\System32\loaddll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xae0000 |
File size: | 116736 bytes |
MD5 hash: | 7DEB5DB86C0AC789123DEC286286B938 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
General |
---|
Start time: | 09:46:30 |
Start date: | 16/12/2021 |
Path: | C:\Windows\SysWOW64\cmd.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x870000 |
File size: | 232960 bytes |
MD5 hash: | F3BDBE3BB6F734E357235F4D5898582D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 09:46:30 |
Start date: | 16/12/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe80000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:30 |
Start date: | 16/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1190000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 09:46:30 |
Start date: | 16/12/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1190000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|