Analysis Report
Overview
General Information |
---|
Joe Sandbox Version: | 23.0.0 |
Analysis ID: | 56388 |
Start time: | 13:59:12 |
Joe Sandbox Product: | Cloud |
Start date: | 04.07.2018 |
Overall analysis duration: | 0h 14m 7s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | csshead.exe |
Cookbook file name: | default.jbs |
Analysis system description: | W10 Native physical Machine for testing VM-aware malware (Office 2010, Java 1.8.0_91, Flash 22.0.0.192, Acrobat Reader DC 15.016.20039, Internet Explorer 11, Chrome 55, Firefox 50) |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies |
|
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.evad.spyw.troj.winEXE@3/14@37/4 |
HCA Information: |
|
EGA Information: |
|
HDC Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Detection |
---|
Strategy | Score | Range | Reporting | Detection | |
---|---|---|---|---|---|
Threshold | 100 | 0 - 100 | Report FP / FN |
Confidence |
---|
Strategy | Score | Range | Further Analysis Required? | Confidence | |
---|---|---|---|---|---|
Threshold | 5 | 0 - 5 | false |
Classification |
---|
Analysis Advice |
---|
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--") |
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior |
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus detection for submitted file | Show sources |
Source: csshead.exe | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: csshead.exe | virustotal: | Perma Link |
Antivirus detection for unpacked file | Show sources |
Source: 0.2.csshead.exe.50000.0.unpack | Avira: | ||
Source: 1.2.explorer.exe.490000.5.unpack | Avira: | ||
Source: 1.2.explorer.exe.7c0000.6.unpack | Avira: | ||
Source: 0.2.csshead.exe.400000.1.unpack | Avira: | ||
Source: 0.0.csshead.exe.400000.0.unpack | Avira: | ||
Source: 0.1.csshead.exe.400000.0.unpack | Avira: |
Yara signature match | Show sources |
Source: 00000001.00000002.28504861757.007C0000.00000040.sdmp, type: MEMORY | Matched rule: | ||
Source: 00000000.00000002.27490223943.00050000.00000004.sdmp, type: MEMORY | Matched rule: | ||
Source: 0.2.csshead.exe.400000.1.unpack, type: UNPACKEDPE | Matched rule: | ||
Source: 0.2.csshead.exe.50000.0.unpack, type: UNPACKEDPE | Matched rule: | ||
Source: 1.2.explorer.exe.7c0000.6.unpack, type: UNPACKEDPE | Matched rule: | ||
Source: 1.2.explorer.exe.7c0000.6.raw.unpack, type: UNPACKEDPE | Matched rule: | ||
Source: 0.2.csshead.exe.50000.0.raw.unpack, type: UNPACKEDPE | Matched rule: |
Cryptography: |
---|
Uses Microsoft's Enhanced Cryptographic Provider | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017A2 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0040153C | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401402 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017A4 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AAE | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004017E8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401574 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AB0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401374 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004018A0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004014D0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401490 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401404 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401AF8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401B20 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C17E8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C18A0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C153C | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C17A4 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1574 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1AB0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1404 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1374 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C17A2 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1B20 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1402 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1AAE | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1490 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1AF8 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C14D0 |
Spam, unwanted Advertisements and Ransom Demands: |
---|
Contains functionality to import cryptographic keys (often used in ransomware) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004018A0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C18A0 |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Creates a DirectInput object (often for capturing keystrokes) | Show sources |
Source: csshead.exe, 00000000.00000002.27490890262.00599000.00000004.sdmp | Binary or memory string: |
E-Banking Fraud: |
---|
Drops certificate files (DER) | Show sources |
Source: C:\Windows\explorer.exe | File created: | Jump to dropped file | ||
Source: C:\Windows\explorer.exe | File created: | Jump to dropped file | ||
Source: C:\Windows\explorer.exe | File created: | Jump to dropped file | ||
Source: C:\Windows\explorer.exe | File created: | Jump to dropped file |
Software Vulnerabilities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00409178 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00409147 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C9178 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C9147 |
Networking: |
---|
Queries random domain names (often used to prevent blacklisting and sinkholes) | Show sources |
Source: unknown | DNS traffic detected: |
Tries to resolve many domain names, but no domain seems valid | Show sources |
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: | ||
Source: unknown | DNS traffic detected: |
Connects to many different domains | Show sources |
Source: unknown | Network traffic detected: |
Contains functionality to upload files via FTP | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
IP address seen in connection with other malware | Show sources |
Source: Joe Sandbox View | IP Address: | ||
Source: Joe Sandbox View | IP Address: |
Contains functionality to download additional files from the internet | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C15B0 |
Downloads files from webservers via HTTP | Show sources |
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: | ||
Source: global traffic | HTTP traffic detected: |
Performs DNS lookups | Show sources |
Source: unknown | DNS traffic detected: |
Urls found in memory or binary data | Show sources |
Source: E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08.1.dr | String found in binary or memory: | ||
Source: F5F320A94D4D2B4465D8F17E2BB2D351_0BA94B3A3CB67F245E2A70E0B581D64B.1.dr | String found in binary or memory: | ||
Source: CFE86DBBE02D859DC92F1E17E0574EE8_FDB452422670E72EDD3FB3D65568F821.1.dr | String found in binary or memory: | ||
Source: csshead.exe, explorer.exe | String found in binary or memory: |
Uses HTTPS | Show sources |
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: | ||
Source: unknown | Network traffic detected: |
Stealing of Sensitive Information: |
---|
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: C:\Windows\explorer.exe | File opened: | Jump to behavior |
Data Obfuscation: |
---|
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401928 |
Uses code obfuscation techniques (call, push, ret) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004094C0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004094FE | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401060 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010A0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429268 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00434272 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429F48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00434F2C | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00432D22 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C94C0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C1060 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C10A0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C94FE |
Sample is packed with UPX | Show sources |
Source: initial sample | Static PE information: | ||
Source: initial sample | Static PE information: |
Spreading: |
---|
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00403988 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C5640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C3988 |
System Summary: |
---|
Contains functionality to call native functions | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404E94 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00408A48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404DE0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00408A44 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00410210 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00421360 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00410190 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00417E60 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0041E9C0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00417ED0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00418620 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00410810 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00421620 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00418190 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C8A48 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C4E94 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C4DE0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C8A44 |
Detected potential crypto function | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0041C95B | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0043256D | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00430D58 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00423AD0 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00430807 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004302B6 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0042E76B | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C5D20 |
PE file contains strange resources | Show sources |
Source: csshead.exe | Static PE information: |
Reads the hosts file | Show sources |
Source: C:\Windows\explorer.exe | File read: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | File read: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | File read: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | File read: | Jump to behavior |
Sample file is different than original file name gathered from version info | Show sources |
Source: csshead.exe, 00000000.00000001.27391130383.00456000.00000008.sdmp | Binary or memory string: | ||
Source: csshead.exe | Binary or memory string: |
Sample reads its own file content | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | File read: | Jump to behavior |
Tries to load missing DLLs | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Section loaded: | Jump to behavior |
Classification label | Show sources |
Source: classification engine | Classification label: |
Contains functionality to load and extract PE file embedded resources | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
Creates files inside the user directory | Show sources |
Source: C:\Windows\explorer.exe | File created: | Jump to behavior |
Launches a second explorer.exe instance | Show sources |
Source: unknown | Process created: | |||
Source: C:\Users\user\Desktop\csshead.exe | Process created: | Jump to behavior |
Might use command line arguments | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 | |
Source: C:\Users\user\Desktop\csshead.exe | Command line argument: | 0_2_00419D20 |
Reads software policies | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Key opened: | Jump to behavior |
Sample is known by Antivirus | Show sources |
Source: csshead.exe | virustotal: |
Spawns processes | Show sources |
Source: unknown | Process created: | |||
Source: unknown | Process created: | |||
Source: C:\Users\user\Desktop\csshead.exe | Process created: | Jump to behavior |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior | ||
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Memory written: | Jump to behavior |
Contains functionality to add an ACL to a security descriptor | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00404406 |
Contains functionality to create a new security descriptor | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004041C8 |
Anti Debugging: |
---|
Found API chain indicative of debugger detection | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Debugger detection routine: | graph_0-19518 |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010B4 |
Contains functionality to check if a debugger is running (IsDebuggerPresent) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406D40 |
Contains functionality to create guard pages, often used to hinder reverse engineering and debugging | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004239DD |
Contains functionality to dynamically determine API calls | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401928 |
Contains functionality to read the PEB | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004024F8 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_01821560 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_01823134 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C24F8 |
Contains functionality which may be used to detect a debugger (GetProcessHeap) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00401460 |
Contains functionality to register its own exception handler | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0042CA48 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00424FEB | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00429814 |
Malware Analysis System Evasion: |
---|
Contains functionality to detect hardware virtualization (CPUID execution measurement) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406B18 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C6B18 |
Contains functionality to detect sleep reduction / modifications | Show sources |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C6DB0 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C6DC8 |
Found evasive API chain (may execute only at specific dates) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4722 |
Contains capabilities to detect virtual machines | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Registry key queried: | Jump to behavior |
Contains functionality for execution timing, often used to detect debuggers | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004010B4 |
Contains long sleeps (>= 3 min) | Show sources |
Source: C:\Windows\explorer.exe | Thread delayed: | Jump to behavior |
Found evasive API chain (date check) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4722 |
Found evasive API chain (may stop execution after accessing registry keys) | Show sources |
Source: C:\Windows\explorer.exe | Evasive API call chain: | graph_1-4666 |
Found evasive API chain (may stop execution after checking a module file name) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Evasive API call chain: | graph_0-18509 |
Found evasive API chain checking for process token information | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Check user administrative privileges: | graph_0-18759 | ||
Source: C:\Windows\explorer.exe | Check user administrative privileges: | graph_1-4553 |
May sleep (evasive loops) to hinder dynamic analysis | Show sources |
Source: C:\Windows\explorer.exe TID: 3080 | Thread sleep count: | Jump to behavior | ||
Source: C:\Windows\explorer.exe TID: 3080 | Thread sleep time: | Jump to behavior | ||
Source: C:\Windows\explorer.exe TID: 3080 | Thread sleep time: | Jump to behavior |
Sample execution stops while process was sleeping (likely an evasion) | Show sources |
Source: C:\Windows\explorer.exe | Last function: |
Contains functionality to enumerate / list files inside a directory | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00403988 | |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C5640 | |
Source: C:\Windows\explorer.exe | Code function: | 1_2_007C3988 |
Contains functionality to query system information | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00419D20 |
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory) | Show sources |
Source: csshead.exe, 00000000.00000002.27490890262.00599000.00000004.sdmp | Binary or memory string: |
Program exit points | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | API call chain: | graph_0-18510 | ||
Source: C:\Users\user\Desktop\csshead.exe | API call chain: | graph_0-19555 |
Hooking and other Techniques for Hiding and Protection: |
---|
System process connects to network (likely due to code injection or exploit) | Show sources |
Source: C:\Windows\explorer.exe | Network Connect: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Network Connect: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Network Connect: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Network Connect: | Jump to behavior |
Contains functionality to check if a window is minimized (may be used to check if an application is visible) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00420B80 |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
May initialize a security null descriptor | Show sources |
Source: csshead.exe | Binary or memory string: |
Language, Device and Operating System Detection: |
---|
Contains functionality to query CPU information (cpuid) | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406C6C |
Queries device information via Setup API | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00406EEC |
Queries the installation date of Windows | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Key value queried: | Jump to behavior |
Queries the product ID of Windows | Show sources |
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior | ||
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior |
Contains functionality to query local / system time | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_00405468 |
Contains functionality to query the account / user name | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_0041C95B |
Contains functionality to query windows version | Show sources |
Source: C:\Users\user\Desktop\csshead.exe | Code function: | 0_2_004064BC |
Queries the cryptographic machine GUID | Show sources |
Source: C:\Windows\explorer.exe | Key value queried: | Jump to behavior |
Behavior Graph |
---|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
14:00:01 | API Interceptor | 95x Sleep call for process: csshead.exe modified |
14:05:55 | API Interceptor | 1x Sleep call for process: explorer.exe modified |
Antivirus Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
47% | virustotal | Browse | ||
100% | Avira | TR/Spy.Bebloh.ymgcn |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | HEUR/AGEN.1023574 | ||
100% | Avira | TR/Crypt.XPACK.Gen | ||
100% | Avira | TR/Crypt.XPACK.Gen |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | virustotal | Browse | ||
1% | virustotal | Browse | ||
0% | virustotal | Browse | ||
1% | virustotal | Browse |
URLs |
---|
No Antivirus matches |
---|
Yara Overview |
---|
Initial Sample |
---|
No yara matches |
---|
PCAP (Network Traffic) |
---|
No yara matches |
---|
Dropped Files |
---|
No yara matches |
---|
Memory Dumps |
---|
Source | Rule | Description | Author |
---|---|---|---|
00000001.00000002.28504861757.007C0000.00000040.sdmp | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
00000000.00000002.27490223943.00050000.00000004.sdmp | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
Unpacked PEs |
---|
Source | Rule | Description | Author |
---|---|---|---|
0.2.csshead.exe.400000.1.unpack | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
0.2.csshead.exe.50000.0.unpack | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
1.2.explorer.exe.7c0000.6.unpack | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
1.2.explorer.exe.7c0000.6.raw.unpack | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
0.2.csshead.exe.50000.0.raw.unpack | IMPLANT_4_v10 | BlackEnergy / Voodoo Bear Implant by APT28 | US CERT |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
23.10.249.152 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
e525aefada56291068e0d1c4b60a64a2d4b33b0e1b8a5597fe8bdd32264d3ba8 | malicious | Browse |
| ||
malicious | Browse |
| |||
cc72c28b826cc388cdea083ad75787249bbcaeb9f1c6c11477b8e9eaf3178878 | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
a771.dscq.akamai.net | 574ea6b2d1e07fe7d7005b413bef53c86a0fbf6539b942e5108ac33b931c446a | malicious | Browse |
| |
843c8cbc0898b9b6ba2811a078a5a7ecc123e75e50f52e33c7e710ee64e28326 | malicious | Browse |
| ||
83d50d985b290c661318c7d2bce9793ae753efb54ac69730aa35e7be145dfc98 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
51e94976e2c22b08ee1c875499e7113cf08f5b558e16e199689ed9bd536dd99c | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
e525aefada56291068e0d1c4b60a64a2d4b33b0e1b8a5597fe8bdd32264d3ba8 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
cc72c28b826cc388cdea083ad75787249bbcaeb9f1c6c11477b8e9eaf3178878 | malicious | Browse |
| ||
malicious | Browse |
| |||
a1621.g.akamai.net | 6f11c4bd4bef91e441b05ed7e3062a7abc88e5185b3da54bfbe022aa3ff4b24d | malicious | Browse |
| |
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
b3aac810dc97b2ed6a957294e1112e8e2b54993615ecbbb5d38b115af6591cbc | malicious | Browse |
| ||
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
92dc2219857df05bcf531f922c66cb423b731f67e078a98b0895d0bb7d85e9da | malicious | Browse |
| ||
7bb12d910328c52da8d3f235f2481d99e8c0be6675e9f3d1652595178337227c | malicious | Browse |
| ||
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
6759fb8bb59194d261f57492d12f8c6ddb679870ca324a4c73640d0c605d3848 | malicious | Browse |
| ||
7bb12d910328c52da8d3f235f2481d99e8c0be6675e9f3d1652595178337227c | malicious | Browse |
| ||
7a9ddae5279e0692bb58e7a5afd9be97800a92004d99af03f910ea5a4dbebe29 | malicious | Browse |
| ||
a279.dscq.akamai.net | 574ea6b2d1e07fe7d7005b413bef53c86a0fbf6539b942e5108ac33b931c446a | malicious | Browse |
| |
843c8cbc0898b9b6ba2811a078a5a7ecc123e75e50f52e33c7e710ee64e28326 | malicious | Browse |
| ||
ea6a61e73f613bcd95f2785457887519dce565c294358f765f2ad6b05f3dff20 | malicious | Browse |
| ||
malicious | Browse |
| |||
83d50d985b290c661318c7d2bce9793ae753efb54ac69730aa35e7be145dfc98 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
98f9a18c61696ca54ff78ed287b814fbf23327689afd950ad4a90f833b8ee6aa | malicious | Browse |
| ||
malicious | Browse |
| |||
563189ad7e01d1ccbe2d66db83b23ddb40581c7e893d638cd16a69ae7a8d0e6c | malicious | Browse |
| ||
3129fd5421c1a71c0673f4cae5349b4a98d4e93da9c41ace1bcacdc9ebf9c0ff | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
51e94976e2c22b08ee1c875499e7113cf08f5b558e16e199689ed9bd536dd99c | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CEA-ASRU | 99e5d62bf30a17c4ce8ba5720573338a4cb26863d17a0f61e370618fc5e75adf | malicious | Browse |
| |
a93182cdcde8030cac64378da0406c7f628486ec1cf41b6e49cf5a551c0ab837 | malicious | Browse |
| ||
4aee5f0682a53fd87d05adb69c3d34ede3cbd5251de59e25b140afd247e35b01 | malicious | Browse |
| ||
AKAMAI-ASN1US | malicious | Browse |
| ||
b9951284e71c0af5e0d9662c0dfea3db8afcb3e065cb5a3704c91eac5da74e98 | malicious | Browse |
| ||
malicious | Browse |
| |||
1d3d80fde7efc252a0858e82b5aa0f80e1b8656330a5669827edec5353b8f7c3 | malicious | Browse |
| ||
malicious | Browse |
| |||
51346c893a034e771e91765d079e9f0b970a5cef26ae057a0520b0660f433399 | malicious | Browse |
| ||
6e30aec30e0260eb32e073a600128fe8c5fe42be8b9380d14824ba1fc6c54631 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
2a36acf075bafa30f87ece74b972bd184443f5dab0fd3b26bca31be270f0d816 | malicious | Browse |
| ||
malicious | Browse |
| |||
dba2740c74863e25f67820cfed201406d2ebad93fa36c7f0f31cdb8252954a75 | malicious | Browse |
| ||
b917462a022554aed44b817c3e4b5449a58db12a412aad86c6d84884af30be0c | malicious | Browse |
| ||
18e3aa13e670bf8385d8dfdc975bd2e8b7f2b899a44997b1ee5c1de192ce3579 | malicious | Browse |
| ||
malicious | Browse |
| |||
malicious | Browse |
| |||
malicious | Browse |
| |||
ca3ef0863c4c995d299f0ed841260e15e6ea38f8f01081a724adacf247b3d278 | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Screenshots |
---|
Startup |
---|
|
Created / dropped Files |
---|
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 527 |
Entropy (8bit): | 7.129034712535047 |
Encrypted: | false |
MD5: | 5EA8794450A464D1E5A793BF024CCB43 |
SHA1: | A667467CA1544B527E53063702259B3028116538 |
SHA-256: | 5972FAB7F0C32338924510B0E1DB743D94E9B7AB7044372CF564AAE88431BEFD |
SHA-512: | 0D4E6CD75A1427719A7DB376E8E7CBF0AD7EAEA05954BE0F057218F7B18565165D458D7DB24436AAF28A0E75C532DE925D20B4483B05BB601A95D81FC196DCB7 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 468 |
Entropy (8bit): | 7.092843961483663 |
Encrypted: | false |
MD5: | D9D754520AE3340AA37CCA6115EEE05B |
SHA1: | A0320372760D99C762CB2EB4B37F776625EF1B33 |
SHA-256: | 7DC8284C51C9A38DC1BF03BD28857EA5336E8F5C564EDDBB1C9082EE43C93738 |
SHA-512: | 440F6A9EA2CE5ECD1FD7CB3D122A6F5F108550D71A9FF5F88F235BE5495903712555F95C75F66CCF716AC2A49202716EDBDBAFBD114EFF0AD3D98E3DA6A30C94 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 1398 |
Entropy (8bit): | 7.532468340062992 |
Encrypted: | false |
MD5: | 6804589F15C01A63F62D811AFB17F5A4 |
SHA1: | 0EE07820C833230C7F440825F64DD5085BD17500 |
SHA-256: | 182643FE2A3C2D2E9B058A3BF728740DB7E17BBF6A6036E415CBE601F6BFE144 |
SHA-512: | 505B96A34A6BC47CD83EB54853CA80BCB4A4D5749109BF1DDDBAAEBBEDB52A98EB6AEA06993738F58194E16B5F89F2F8371474666B199E270B06594F056DB5F2 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 463 |
Entropy (8bit): | 7.143719128336462 |
Encrypted: | false |
MD5: | 82FABB6055C9FBC15C0E37ACF8826E36 |
SHA1: | BF2BD4BA0D9E221E1469DFDC8CF030F514635365 |
SHA-256: | 69229EFC637140F3ED53BA3A315B16554499A69CB8EE90111AA3F622267D4344 |
SHA-512: | C14DFEAF0885F4252797AC674BA0F8CDBDC25BDF899DD0C9A93BCE875B87282643D5AF5FD34D42E1E9BE59C1744F501659386D8D2075D14C67DEA005A7039487 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 574 |
Entropy (8bit): | 3.662342996973562 |
Encrypted: | false |
MD5: | 3EBE9A5F5F34063AFA06744E9DE2F17A |
SHA1: | 248757DEA97B14602C2944744427D9315EE63128 |
SHA-256: | 5E64BE9693E92965EFC009D02C1281750522B2C9FCDEC70A95C4B08F987D7E15 |
SHA-512: | 5D96EC82279D0B05602C3802780DA7FED497F7294A6A03B309C1D468D69A8906D44E061F50F2BDF4EEF70C72AE5B76AC8990665344AB38DFBDB7FA4DA4DFD870 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 804 |
Entropy (8bit): | 3.578213099146921 |
Encrypted: | false |
MD5: | CD0A963092D1F65356D760A30629F14B |
SHA1: | B00B4F4177AC8989BD5AFF207CBC1528487F9005 |
SHA-256: | 1AD3FF15184CF55A63859149CCD3522105FADF7CBB3335ED8646204416B3D0B5 |
SHA-512: | 2DC6F55DE72FB9839E3114A601512741FBA150504F1CDA5A9D2CF9EF1AF3DA9508517DD3572BD4B5DD190442992ED7AA5B955DCD3641B76721E3E42731949C3A |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 1028 |
Entropy (8bit): | 3.8212378291798217 |
Encrypted: | false |
MD5: | A94BB63C682A4B30397F4D9E515E043E |
SHA1: | 6A181B5722338B0B4647A1286A9525B8C4F2DF23 |
SHA-256: | BD0E25F5B6B92983F95A693F416D6576DA031B71EA25A73F350725FF7B504C06 |
SHA-512: | C1BAE4FDB65DF1C1B8ED80926ADB1707D0CC17E89008A92AB1BED105609F4A5C119D24B2483F87C1ABBACCB0A09D588A1223D40216F761494E73DD07D78CC0DE |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 780 |
Entropy (8bit): | 3.604571038206961 |
Encrypted: | false |
MD5: | 0F2682CA297F407B8C5231557BF4D0A0 |
SHA1: | F671D2294F57021C00E65663E28763F8371D62BC |
SHA-256: | 8DA3AD031431DAA315AB5F261C8D40151217EC2D375925BEEF23ABA9A1FBF3CF |
SHA-512: | 897AE175042D90C618FBDCB7A7DDA74A3D1401E2EBF55D99CA89F60763A3ED9FF7B594EC770EE3DD33AEFF03D17E4E6568A7437ED107717E68D136DD04EF6F84 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 353 |
Entropy (8bit): | 5.397957733795783 |
Encrypted: | false |
MD5: | 8BA35BF9B54B5322C35ABDB800A8ED93 |
SHA1: | 0404121ED5669381BF2933694547B0768E49001B |
SHA-256: | 83DF3D0F3CDAB80A9AAC23DFF3E14A1DE09890F8C95B43C9BC950317CFACB1A2 |
SHA-512: | 2FAA7BFD9BF775631DD1921B44A0C81BC9CCE32BF5B2B68B5E39FE25FA90CA09666E3CA7575B62E163E6314E0701DF15DBB93699F645CEB35B82FEF0F10CECE3 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 353 |
Entropy (8bit): | 5.362763176409748 |
Encrypted: | false |
MD5: | 225DA76465EEBA3893442E6CCECB6D75 |
SHA1: | EB05ED97BE3490E86193D44D474449C3E34C519B |
SHA-256: | CAD78851E2AB7AB02A725337DF5BEC4733021897F2B4AE18E3F7643B6BAE98CF |
SHA-512: | 9C578E17921FE35B79E0D02CCBDC5CCE6A3C0A9470649A111AECADFBE4FFBE49E0C164E6F5109BA3928FD959DF87BC648424784159DCE5D0DF9C7F56411BDD9D |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 80 |
Entropy (8bit): | 4.194702276078295 |
Encrypted: | false |
MD5: | B63564A29E3D506314179C9F8C0D3F25 |
SHA1: | DAAE378D901DBF66BA21F6082273DEDB1EA091FD |
SHA-256: | A0E289F258F6920E40C76429D951EC79029AC8FCAEB7B9C0F16EFBA408678EDB |
SHA-512: | 6B7197080C33C6C107DF62BD520B9B2FE32421C09D3A39180DF784D8BD761D979968E634FCA9339E7E01F27007B86DE707B090C1AA8ACB6D5659649C5D66FC23 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 276 |
Entropy (8bit): | 5.500010305349747 |
Encrypted: | false |
MD5: | A127FEDD02E99FA24293396B29F8ABCE |
SHA1: | B73CC983AAA84C9D70CDF2FD8985DE6A960C8C8D |
SHA-256: | D1E5DD9D585A115034221C829484D68EC8A049F12183D2F165A31F5ED6E976B8 |
SHA-512: | 3D6AD4D16280D105B41A529015407AA0CA9CAFBE1D5C8A10D9A0174E99204B06D08304EB5AC030B830182CBF42BE2BA93FD8DBE40E7B43DDC3FF2A12237EAF76 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 353 |
Entropy (8bit): | 5.392241514939074 |
Encrypted: | false |
MD5: | 43FA37E3BA662C9DFE080ED8D54EFAC6 |
SHA1: | F602E0546CA9399A96EC37A75CB0584DF77B3510 |
SHA-256: | F554EF45F52CFDAF3A6D2BD69308CE486D7796F4B7D35315F5FDCAA7502A42F2 |
SHA-512: | 074A462FB8C7010502FC74781E79386559584F93C4FE5C855F36439DE3D296A641B40DB491D057BC25826DDFD86CCC39B5696A5A1243168F53F023F2A482A7F5 |
Malicious: | false |
Reputation: | low |
Process: | C:\Windows\explorer.exe |
File Type: | |
Size (bytes): | 166400 |
Entropy (8bit): | 4.137499387864356 |
Encrypted: | false |
MD5: | 90064D18FAC8A24969AD3D1FCB9CD121 |
SHA1: | 112ABB6EE536EB5EEBB53A8AA334CA8C7139787E |
SHA-256: | 548CF86C9A6D977128A0C153FAF4512B83D4C6F569CC8A2462A52DC74A778F59 |
SHA-512: | 8861013CF8D46EE72AA95EC737F0809405DA101027047F8C8096CB4964F50941705A7A28834C866022A246A92294C002536F4A3C033A521DB709EC7760803E5A |
Malicious: | true |
Reputation: | low |
Contacted Domains/Contacted IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
a771.dscq.akamai.net | 23.10.249.152 | true | false | 0%, virustotal, Browse | high |
wigermexir.com | 212.92.98.68 | true | true | 1%, virustotal, Browse | unknown |
a279.dscq.akamai.net | 23.10.249.146 | true | false | 0%, virustotal, Browse | high |
www.google.com | 216.58.210.4 | true | false | 1%, virustotal, Browse | high |
a1621.g.akamai.net | 23.10.249.34 | true | false | high | |
www3.l.google.com | 216.58.210.14 | true | false | high | |
hs1agojraguo.com | unknown | unknown | true | unknown | |
pmtz1iirvr.com | unknown | unknown | true | unknown | |
n5k2ekq2ro.net | unknown | unknown | true | unknown | |
gj2pexhfy95v.net | unknown | unknown | true | unknown | |
hvzaduc42t2o.com | unknown | unknown | true | unknown | |
titz9qqc5szt.net | unknown | unknown | true | unknown | |
hp1sofo5bnc.com | unknown | unknown | true | unknown | |
phyrnfojfwiyuz.net | unknown | unknown | true | unknown | |
gvyn4bo2n3qq.net | unknown | unknown | true | unknown | |
ktchyigkk2iwi3.com | unknown | unknown | true | unknown | |
rmqgc5frw3.com | unknown | unknown | true | unknown | |
tdgku3qbl1r.net | unknown | unknown | true | unknown | |
gdelzlc224n5q9.net | unknown | unknown | true | unknown | |
zqvdnvokoq.net | unknown | unknown | true | unknown | |
nvxij5qutl.net | unknown | unknown | true | unknown | |
tyou23hsrm.net | unknown | unknown | true | unknown | |
ocsp.int-x3.letsencrypt.org | unknown | unknown | false | high | |
e45cukuntbcou.net | unknown | unknown | true | unknown | |
j4rjf2dtjl.com | unknown | unknown | true | unknown | |
jdf2xx9wetn.com | unknown | unknown | true | unknown | |
ushy2wtgwvny.com | unknown | unknown | true | unknown | |
r5hfff2lnn9mn.com | unknown | unknown | true | unknown | |
zo4q11gk3iyjgw.com | unknown | unknown | true | unknown | |
tmmq5lcauha.net | unknown | unknown | true | unknown | |
ocsp.pki.goog | unknown | unknown | true | unknown | |
5v95xlfdzrj1de.net | unknown | unknown | true | unknown | |
erz5yxeblneu.net | unknown | unknown | true | unknown | |
cwug3djg3reoa9.net | unknown | unknown | true | unknown | |
s4v3xhn3swcbmbc.com | unknown | unknown | true | unknown | |
hdylvm3db3ixvi.com | unknown | unknown | true | unknown | |
5julzwwlbkrgvm.net | unknown | unknown | true | unknown | |
4yony3itl9losv.com | unknown | unknown | true | unknown | |
b1l41m3rggg5nz.com | unknown | unknown | true | unknown | |
fcs1fscxh2oa.com | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Process |
---|---|
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|
212.92.98.68 | Russian Federation | 12790 | CEA-ASRU | true | |
23.10.249.152 | United States | 20940 | AKAMAI-ASN1US | false | |
216.58.210.4 | United States | 15169 | GOOGLE-GoogleIncUS | false | |
216.58.210.14 | United States | 15169 | GOOGLE-GoogleIncUS | false |
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.868755127097456 |
TrID: |
|
File name: | csshead.exe |
File size: | 165888 |
MD5: | f0309aa0519ee70c29bbb471352781e7 |
SHA1: | c0c4dd4c997f2a590eb5d9947e2ba81e79ce3c13 |
SHA256: | 7c13b9ab1ce7fdeeb8fbb235ed593e4affdedf317a6b7eac06ca3a64ab62daba |
SHA512: | 3e0f96ccc07b3ded937e7ec01a5f2a858ceb8b88db53ad5a289172ae7b9f5722de689f4a0ecc39275b4c8c1a0be32466d147187a2025911dfadd199af4302ada |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......*I.dn(.7n(.7n(.7.^?7k(.7u..7J(.7gP.7i(.7gP.7I(.7n(.7.).7u.>7.(.7u.?7/(.7u..7o(.7u..7o(.7Richn(.7........PE..L...F.9[........... |
File Icon |
---|
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x455020 |
Entrypoint Section: | UPX1 |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5B392E46 [Sun Jul 1 19:40:54 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | d3f973e583f24cd9a8059dc45e2d8e5a |
Entrypoint Preview |
---|
Instruction |
---|
pushad |
mov esi, 0042E000h |
lea edi, dword ptr [esi-0002D000h] |
push edi |
jmp 00007F79C1A7DACDh |
nop |
mov al, byte ptr [esi] |
inc esi |
mov byte ptr [edi], al |
inc edi |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F79C1A7DAAFh |
mov eax, 00000001h |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
add ebx, ebx |
jnc 00007F79C1A7DACDh |
jne 00007F79C1A7DAEAh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F79C1A7DAE1h |
dec eax |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc eax, eax |
jmp 00007F79C1A7DA96h |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
jmp 00007F79C1A7DB14h |
xor ecx, ecx |
sub eax, 03h |
jc 00007F79C1A7DAD3h |
shl eax, 08h |
mov al, byte ptr [esi] |
inc esi |
xor eax, FFFFFFFFh |
je 00007F79C1A7DB37h |
sar eax, 1 |
mov ebp, eax |
jmp 00007F79C1A7DACDh |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F79C1A7DA8Eh |
inc ecx |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jc 00007F79C1A7DA80h |
add ebx, ebx |
jne 00007F79C1A7DAC9h |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
adc ecx, ecx |
add ebx, ebx |
jnc 00007F79C1A7DAB1h |
jne 00007F79C1A7DACBh |
mov ebx, dword ptr [esi] |
sub esi, FFFFFFFCh |
adc ebx, ebx |
jnc 00007F79C1A7DAA6h |
add ecx, 02h |
cmp ebp, FFFFFB00h |
adc ecx, 02h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x56a8c | 0x468 | .rsrc |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x56000 | 0xa8c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x551d4 | 0x48 | UPX1 |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
UPX0 | 0x1000 | 0x2d000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
UPX1 | 0x2e000 | 0x28000 | 0x27400 | False | 0.984499402866 | data | 7.9056858021 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x56000 | 0x1000 | 0x1000 | False | 0.3466796875 | data | 4.1879643937 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RCDATA | 0x451e8 | 0x3e6b | data | English | United States |
RCDATA | 0x49054 | 0x4080 | data | English | United States |
RT_ICON | 0x561ec | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x56318 | 0x2e8 | data | English | United States |
RT_GROUP_ICON | 0x56604 | 0x22 | MS Windows icon resource - 2 icons, 16x16, 16-colors | English | United States |
RT_VERSION | 0x5662c | 0x300 | data | English | United States |
RT_MANIFEST | 0x56930 | 0x15a | ASCII text, with CRLF line terminators | English | United States |
Imports |
---|
DLL | Import |
---|---|
KERNEL32.DLL | LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess |
ADVAPI32.dll | RegCloseKey |
COMCTL32.dll | |
COMDLG32.dll | GetFileTitleA |
dxva2.dll | GetNumberOfPhysicalMonitorsFromHMONITOR |
GDI32.dll | PatBlt |
gdiplus.dll | GdipFree |
mscms.dll | OpenColorProfileA |
NETAPI32.dll | NetShareGetInfo |
ODBC32.dll | |
ole32.dll | CoInitialize |
OLEAUT32.dll | SysFreeString |
pdh.dll | PdhGetFormattedCounterValue |
SHELL32.dll | DragQueryFileA |
SHLWAPI.dll | PathIsUNCA |
USER32.dll | GetDC |
WININET.dll | FtpPutFileEx |
WINMM.dll | mmioAscend |
WINSPOOL.DRV | EnumPrintersA |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) 2018 |
InternalName | template.exe |
FileVersion | 1.0.0.1 |
CompanyName | TODO: <Company name> |
ProductName | TODO: <Product name> |
ProductVersion | 1.0.0.1 |
FileDescription | TODO: <File description> |
OriginalFilename | template.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2018 14:05:39.356622934 CEST | 60757 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:39.374761105 CEST | 53 | 60757 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:39.391248941 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.401643038 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.401794910 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.460378885 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.470989943 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.479304075 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.479382038 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.479413986 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.479485989 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.479552984 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.479604959 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.648799896 CEST | 49501 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:39.668544054 CEST | 53 | 49501 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:39.670089006 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.680455923 CEST | 80 | 49685 | 216.58.210.14 | 192.168.0.60 |
Jul 4, 2018 14:05:39.680562973 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.680968046 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.691356897 CEST | 80 | 49685 | 216.58.210.14 | 192.168.0.60 |
Jul 4, 2018 14:05:39.691977978 CEST | 80 | 49685 | 216.58.210.14 | 192.168.0.60 |
Jul 4, 2018 14:05:39.754225016 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.769212008 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.780742884 CEST | 80 | 49685 | 216.58.210.14 | 192.168.0.60 |
Jul 4, 2018 14:05:39.832269907 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:05:39.837111950 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.837531090 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.848387003 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.848472118 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.931070089 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.931253910 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.931483030 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.931587934 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.931799889 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.931901932 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.932318926 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.932409048 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.932425022 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.932518005 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.932926893 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.933017015 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.933031082 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.933125973 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.933700085 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.933733940 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.933803082 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.933901072 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.934309006 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.934412956 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.934608936 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.934710979 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.934868097 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.934967995 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.935439110 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.935528040 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.935544014 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.935645103 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.942102909 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.942174911 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.942248106 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.942315102 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.942795992 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.942924976 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.943023920 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.943142891 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.943624973 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.943715096 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.943751097 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.943850994 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.944329023 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.944452047 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.944555998 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.944678068 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.945131063 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.945223093 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.945261002 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.945360899 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.945939064 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.946013927 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.946063042 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.946162939 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.946567059 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.946656942 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.946688890 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.946794033 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.947287083 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.947365999 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.947417974 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.947500944 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.948065996 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.948148966 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.948229074 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.948302984 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.948739052 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.948822975 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.948890924 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.949059010 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.949619055 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.949703932 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.949743986 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.949839115 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.950364113 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.950444937 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.950490952 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.950602055 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.951067924 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.951158047 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.951193094 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.951303005 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.953054905 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.953104973 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.953191042 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.953305006 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.953694105 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.953785896 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.953814983 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.953929901 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.953982115 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.954090118 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.954098940 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.954195976 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.954658031 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.954746008 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.954785109 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.954893112 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.954937935 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955045938 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955089092 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.955200911 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.955586910 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955686092 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955703974 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.955822945 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.955862999 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955965042 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.955972910 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.956083059 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.962466002 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.962680101 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.969109058 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.969268084 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.969463110 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.969566107 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.969638109 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.969717026 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.969769001 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.969880104 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.969892979 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.969989061 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970009089 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970191002 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970272064 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970381021 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970381975 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970489025 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970491886 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970599890 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970642090 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970710993 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.970722914 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.970870018 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.971261978 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.971344948 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.971388102 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.971402884 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.971483946 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.971493959 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:39.975580931 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:39.975801945 CEST | 49684 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.060034037 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.070652962 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.070839882 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.072843075 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.083287001 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.085201979 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.085460901 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.098721981 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.105122089 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.115916967 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.195065022 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.195204973 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.195339918 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.195424080 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.195838928 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.195929050 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.196126938 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.196204901 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.196238041 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.196316004 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.196885109 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.196974039 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.197140932 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.197263002 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.197778940 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.197813034 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.197890043 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.198077917 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.198184967 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.198645115 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.198749065 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.203852892 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.203866959 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.206208944 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.206257105 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.206324100 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.206393003 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.206928015 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.207006931 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.207027912 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.207078934 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.207672119 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.207747936 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.207777977 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.207829952 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.208385944 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.208462000 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.208488941 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.208590031 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.209019899 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.209119081 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.209120989 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.209201097 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.209995031 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.210040092 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.210094929 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.210150003 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.210918903 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.211020947 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.211158037 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.211249113 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.211272955 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.211355925 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.211427927 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.211512089 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.212157965 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.212258101 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.212410927 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.212500095 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.212717056 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.212805033 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.212910891 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.213000059 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.213455915 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.213548899 CEST | 443 | 49686 | 216.58.210.4 | 192.168.0.60 |
Jul 4, 2018 14:05:40.213557005 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.213625908 CEST | 49686 | 443 | 192.168.0.60 | 216.58.210.4 |
Jul 4, 2018 14:05:40.230839968 CEST | 64253 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:40.546510935 CEST | 53 | 64253 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:40.549282074 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.551414013 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.597203016 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:41.597553968 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.601437092 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.647375107 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:41.651798964 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:41.651873112 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:41.652049065 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:41.652301073 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.652509928 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:41.862624884 CEST | 49858 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:41.898453951 CEST | 53 | 49858 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:41.975562096 CEST | 52530 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:42.005597115 CEST | 53 | 52530 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:42.009633064 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:05:42.015372038 CEST | 80 | 49689 | 23.10.249.152 | 192.168.0.60 |
Jul 4, 2018 14:05:42.015520096 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:05:42.016604900 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:05:42.017718077 CEST | 80 | 49689 | 23.10.249.152 | 192.168.0.60 |
Jul 4, 2018 14:05:42.017800093 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:05:42.021352053 CEST | 80 | 49689 | 23.10.249.152 | 192.168.0.60 |
Jul 4, 2018 14:05:42.133256912 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:42.178844929 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 |
Jul 4, 2018 14:05:42.179035902 CEST | 49687 | 443 | 192.168.0.60 | 212.92.98.68 |
Jul 4, 2018 14:05:42.213829994 CEST | 80 | 49689 | 23.10.249.152 | 192.168.0.60 |
Jul 4, 2018 14:05:42.262593985 CEST | 64838 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:42.269879103 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:05:42.288446903 CEST | 53 | 64838 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:47.267944098 CEST | 57639 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:47.297177076 CEST | 53 | 57639 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:52.312407017 CEST | 52001 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:52.338326931 CEST | 53 | 52001 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:57.360927105 CEST | 63078 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:57.386904001 CEST | 53 | 63078 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:02.339490891 CEST | 57794 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:02.364025116 CEST | 53 | 57794 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:07.446363926 CEST | 64670 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:07.470928907 CEST | 53 | 64670 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:12.509696007 CEST | 50895 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:12.534456968 CEST | 53 | 50895 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:17.473352909 CEST | 58615 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:17.499186993 CEST | 53 | 58615 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:22.512562037 CEST | 63321 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:22.540262938 CEST | 53 | 63321 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:27.564419985 CEST | 53646 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:27.590655088 CEST | 53 | 53646 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:32.555356979 CEST | 52236 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:32.582084894 CEST | 53 | 52236 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:37.566991091 CEST | 64290 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:37.607074976 CEST | 53 | 64290 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:39.857311964 CEST | 59236 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:39.895287991 CEST | 53 | 59236 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:42.662039995 CEST | 51800 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:42.690570116 CEST | 53 | 51800 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:47.588325977 CEST | 56350 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:47.613600016 CEST | 53 | 56350 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:52.593498945 CEST | 54799 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:52.622417927 CEST | 53 | 54799 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:57.642504930 CEST | 49171 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:57.680715084 CEST | 53 | 49171 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:02.648781061 CEST | 55833 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:02.677544117 CEST | 53 | 55833 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:07.652491093 CEST | 63759 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:07.680706978 CEST | 53 | 63759 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:12.720355034 CEST | 54679 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:12.745070934 CEST | 53 | 54679 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:17.682972908 CEST | 61080 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:17.707748890 CEST | 53 | 61080 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:22.702013969 CEST | 60892 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:22.729052067 CEST | 53 | 60892 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:27.755734921 CEST | 63619 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:27.783169985 CEST | 53 | 63619 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:29.634063959 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:07:29.634335995 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:07:29.639231920 CEST | 80 | 49689 | 23.10.249.152 | 192.168.0.60 |
Jul 4, 2018 14:07:29.639436960 CEST | 49689 | 80 | 192.168.0.60 | 23.10.249.152 |
Jul 4, 2018 14:07:29.645044088 CEST | 80 | 49685 | 216.58.210.14 | 192.168.0.60 |
Jul 4, 2018 14:07:29.645468950 CEST | 49685 | 80 | 192.168.0.60 | 216.58.210.14 |
Jul 4, 2018 14:07:32.736481905 CEST | 63108 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:32.762871027 CEST | 53 | 63108 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:37.729584932 CEST | 65410 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:38.727833986 CEST | 65410 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:38.752954006 CEST | 53 | 65410 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:42.817245960 CEST | 55751 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:42.844554901 CEST | 53 | 55751 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:47.789988995 CEST | 52796 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:47.815148115 CEST | 53 | 52796 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:52.800857067 CEST | 54964 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:52.829034090 CEST | 53 | 54964 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:57.857134104 CEST | 60674 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:57.882422924 CEST | 53 | 60674 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:02.837874889 CEST | 64819 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:02.862816095 CEST | 53 | 64819 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:07.840035915 CEST | 62562 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:07.880552053 CEST | 53 | 62562 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:12.922791958 CEST | 49577 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:12.948163033 CEST | 53 | 49577 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:17.827440977 CEST | 61886 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:17.852802038 CEST | 53 | 61886 | 8.8.8.8 | 192.168.0.60 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 4, 2018 14:05:39.356622934 CEST | 60757 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:39.374761105 CEST | 53 | 60757 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:39.648799896 CEST | 49501 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:39.668544054 CEST | 53 | 49501 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:40.230839968 CEST | 64253 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:40.546510935 CEST | 53 | 64253 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:41.862624884 CEST | 49858 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:41.898453951 CEST | 53 | 49858 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:41.975562096 CEST | 52530 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:42.005597115 CEST | 53 | 52530 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:42.262593985 CEST | 64838 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:42.288446903 CEST | 53 | 64838 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:47.267944098 CEST | 57639 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:47.297177076 CEST | 53 | 57639 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:52.312407017 CEST | 52001 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:52.338326931 CEST | 53 | 52001 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:05:57.360927105 CEST | 63078 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:05:57.386904001 CEST | 53 | 63078 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:02.339490891 CEST | 57794 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:02.364025116 CEST | 53 | 57794 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:07.446363926 CEST | 64670 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:07.470928907 CEST | 53 | 64670 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:12.509696007 CEST | 50895 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:12.534456968 CEST | 53 | 50895 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:17.473352909 CEST | 58615 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:17.499186993 CEST | 53 | 58615 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:22.512562037 CEST | 63321 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:22.540262938 CEST | 53 | 63321 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:27.564419985 CEST | 53646 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:27.590655088 CEST | 53 | 53646 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:32.555356979 CEST | 52236 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:32.582084894 CEST | 53 | 52236 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:37.566991091 CEST | 64290 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:37.607074976 CEST | 53 | 64290 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:39.857311964 CEST | 59236 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:39.895287991 CEST | 53 | 59236 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:42.662039995 CEST | 51800 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:42.690570116 CEST | 53 | 51800 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:47.588325977 CEST | 56350 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:47.613600016 CEST | 53 | 56350 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:52.593498945 CEST | 54799 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:52.622417927 CEST | 53 | 54799 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:06:57.642504930 CEST | 49171 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:06:57.680715084 CEST | 53 | 49171 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:02.648781061 CEST | 55833 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:02.677544117 CEST | 53 | 55833 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:07.652491093 CEST | 63759 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:07.680706978 CEST | 53 | 63759 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:12.720355034 CEST | 54679 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:12.745070934 CEST | 53 | 54679 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:17.682972908 CEST | 61080 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:17.707748890 CEST | 53 | 61080 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:22.702013969 CEST | 60892 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:22.729052067 CEST | 53 | 60892 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:27.755734921 CEST | 63619 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:27.783169985 CEST | 53 | 63619 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:32.736481905 CEST | 63108 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:32.762871027 CEST | 53 | 63108 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:37.729584932 CEST | 65410 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:38.727833986 CEST | 65410 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:38.752954006 CEST | 53 | 65410 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:42.817245960 CEST | 55751 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:42.844554901 CEST | 53 | 55751 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:47.789988995 CEST | 52796 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:47.815148115 CEST | 53 | 52796 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:52.800857067 CEST | 54964 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:52.829034090 CEST | 53 | 54964 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:07:57.857134104 CEST | 60674 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:07:57.882422924 CEST | 53 | 60674 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:02.837874889 CEST | 64819 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:02.862816095 CEST | 53 | 64819 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:07.840035915 CEST | 62562 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:07.880552053 CEST | 53 | 62562 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:12.922791958 CEST | 49577 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:12.948163033 CEST | 53 | 49577 | 8.8.8.8 | 192.168.0.60 |
Jul 4, 2018 14:08:17.827440977 CEST | 61886 | 53 | 192.168.0.60 | 8.8.8.8 |
Jul 4, 2018 14:08:17.852802038 CEST | 53 | 61886 | 8.8.8.8 | 192.168.0.60 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 4, 2018 14:05:39.356622934 CEST | 192.168.0.60 | 8.8.8.8 | 0x8f18 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:39.648799896 CEST | 192.168.0.60 | 8.8.8.8 | 0x990a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:40.230839968 CEST | 192.168.0.60 | 8.8.8.8 | 0xefb9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:41.975562096 CEST | 192.168.0.60 | 8.8.8.8 | 0x4438 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:42.262593985 CEST | 192.168.0.60 | 8.8.8.8 | 0x9c88 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:47.267944098 CEST | 192.168.0.60 | 8.8.8.8 | 0x122f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:52.312407017 CEST | 192.168.0.60 | 8.8.8.8 | 0x1caa | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:57.360927105 CEST | 192.168.0.60 | 8.8.8.8 | 0x6bc4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:02.339490891 CEST | 192.168.0.60 | 8.8.8.8 | 0x2e26 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:07.446363926 CEST | 192.168.0.60 | 8.8.8.8 | 0x5b4b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:12.509696007 CEST | 192.168.0.60 | 8.8.8.8 | 0x28a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:17.473352909 CEST | 192.168.0.60 | 8.8.8.8 | 0xcfd9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:22.512562037 CEST | 192.168.0.60 | 8.8.8.8 | 0x50dc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:27.564419985 CEST | 192.168.0.60 | 8.8.8.8 | 0xe852 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:32.555356979 CEST | 192.168.0.60 | 8.8.8.8 | 0x7418 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:37.566991091 CEST | 192.168.0.60 | 8.8.8.8 | 0x9b7f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:42.662039995 CEST | 192.168.0.60 | 8.8.8.8 | 0x5455 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:47.588325977 CEST | 192.168.0.60 | 8.8.8.8 | 0xbad2 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:52.593498945 CEST | 192.168.0.60 | 8.8.8.8 | 0xba2d | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:57.642504930 CEST | 192.168.0.60 | 8.8.8.8 | 0x3a64 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:02.648781061 CEST | 192.168.0.60 | 8.8.8.8 | 0xbb7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:07.652491093 CEST | 192.168.0.60 | 8.8.8.8 | 0xc25c | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:12.720355034 CEST | 192.168.0.60 | 8.8.8.8 | 0x3924 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:17.682972908 CEST | 192.168.0.60 | 8.8.8.8 | 0x3eb3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:22.702013969 CEST | 192.168.0.60 | 8.8.8.8 | 0xcb92 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:27.755734921 CEST | 192.168.0.60 | 8.8.8.8 | 0x16a4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:32.736481905 CEST | 192.168.0.60 | 8.8.8.8 | 0xbc61 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:37.729584932 CEST | 192.168.0.60 | 8.8.8.8 | 0x3f5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:38.727833986 CEST | 192.168.0.60 | 8.8.8.8 | 0x3f5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:42.817245960 CEST | 192.168.0.60 | 8.8.8.8 | 0x9ebe | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:47.789988995 CEST | 192.168.0.60 | 8.8.8.8 | 0x543a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:52.800857067 CEST | 192.168.0.60 | 8.8.8.8 | 0xa687 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:57.857134104 CEST | 192.168.0.60 | 8.8.8.8 | 0x3eb0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:02.837874889 CEST | 192.168.0.60 | 8.8.8.8 | 0xfb2f | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:07.840035915 CEST | 192.168.0.60 | 8.8.8.8 | 0x7fdf | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:12.922791958 CEST | 192.168.0.60 | 8.8.8.8 | 0x5362 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:17.827440977 CEST | 192.168.0.60 | 8.8.8.8 | 0x8a87 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Replay Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 4, 2018 14:05:39.374761105 CEST | 8.8.8.8 | 192.168.0.60 | 0x8f18 | No error (0) | 216.58.210.4 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:39.668544054 CEST | 8.8.8.8 | 192.168.0.60 | 0x990a | No error (0) | www3.l.google.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 4, 2018 14:05:39.668544054 CEST | 8.8.8.8 | 192.168.0.60 | 0x990a | No error (0) | 216.58.210.14 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:40.546510935 CEST | 8.8.8.8 | 192.168.0.60 | 0xefb9 | No error (0) | 212.92.98.68 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:41.898453951 CEST | 8.8.8.8 | 192.168.0.60 | 0xef33 | No error (0) | 23.10.249.146 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:41.898453951 CEST | 8.8.8.8 | 192.168.0.60 | 0xef33 | No error (0) | 23.10.249.168 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:42.005597115 CEST | 8.8.8.8 | 192.168.0.60 | 0x4438 | No error (0) | ocsp.int-x3.letsencrypt.org.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 4, 2018 14:05:42.005597115 CEST | 8.8.8.8 | 192.168.0.60 | 0x4438 | No error (0) | 23.10.249.152 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:42.005597115 CEST | 8.8.8.8 | 192.168.0.60 | 0x4438 | No error (0) | 23.10.249.171 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:05:42.288446903 CEST | 8.8.8.8 | 192.168.0.60 | 0x9c88 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:47.297177076 CEST | 8.8.8.8 | 192.168.0.60 | 0x122f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:52.338326931 CEST | 8.8.8.8 | 192.168.0.60 | 0x1caa | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:05:57.386904001 CEST | 8.8.8.8 | 192.168.0.60 | 0x6bc4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:02.364025116 CEST | 8.8.8.8 | 192.168.0.60 | 0x2e26 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:07.470928907 CEST | 8.8.8.8 | 192.168.0.60 | 0x5b4b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:12.534456968 CEST | 8.8.8.8 | 192.168.0.60 | 0x28a7 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:17.499186993 CEST | 8.8.8.8 | 192.168.0.60 | 0xcfd9 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:22.540262938 CEST | 8.8.8.8 | 192.168.0.60 | 0x50dc | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:27.590655088 CEST | 8.8.8.8 | 192.168.0.60 | 0xe852 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:32.582084894 CEST | 8.8.8.8 | 192.168.0.60 | 0x7418 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:37.607074976 CEST | 8.8.8.8 | 192.168.0.60 | 0x9b7f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:39.895287991 CEST | 8.8.8.8 | 192.168.0.60 | 0x97f3 | No error (0) | ctldl.windowsupdate.com.edgesuite.net | CNAME (Canonical name) | IN (0x0001) | ||
Jul 4, 2018 14:06:39.895287991 CEST | 8.8.8.8 | 192.168.0.60 | 0x97f3 | No error (0) | 23.10.249.34 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:06:39.895287991 CEST | 8.8.8.8 | 192.168.0.60 | 0x97f3 | No error (0) | 23.10.249.19 | A (IP address) | IN (0x0001) | ||
Jul 4, 2018 14:06:42.690570116 CEST | 8.8.8.8 | 192.168.0.60 | 0x5455 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:47.613600016 CEST | 8.8.8.8 | 192.168.0.60 | 0xbad2 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:52.622417927 CEST | 8.8.8.8 | 192.168.0.60 | 0xba2d | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:06:57.680715084 CEST | 8.8.8.8 | 192.168.0.60 | 0x3a64 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:02.677544117 CEST | 8.8.8.8 | 192.168.0.60 | 0xbb7b | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:07.680706978 CEST | 8.8.8.8 | 192.168.0.60 | 0xc25c | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:12.745070934 CEST | 8.8.8.8 | 192.168.0.60 | 0x3924 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:17.707748890 CEST | 8.8.8.8 | 192.168.0.60 | 0x3eb3 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:22.729052067 CEST | 8.8.8.8 | 192.168.0.60 | 0xcb92 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:27.783169985 CEST | 8.8.8.8 | 192.168.0.60 | 0x16a4 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:32.762871027 CEST | 8.8.8.8 | 192.168.0.60 | 0xbc61 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:38.752954006 CEST | 8.8.8.8 | 192.168.0.60 | 0x3f5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:42.844554901 CEST | 8.8.8.8 | 192.168.0.60 | 0x9ebe | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:47.815148115 CEST | 8.8.8.8 | 192.168.0.60 | 0x543a | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:52.829034090 CEST | 8.8.8.8 | 192.168.0.60 | 0xa687 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:07:57.882422924 CEST | 8.8.8.8 | 192.168.0.60 | 0x3eb0 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:02.862816095 CEST | 8.8.8.8 | 192.168.0.60 | 0xfb2f | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:07.880552053 CEST | 8.8.8.8 | 192.168.0.60 | 0x7fdf | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:12.948163033 CEST | 8.8.8.8 | 192.168.0.60 | 0x5362 | Name error (3) | none | none | A (IP address) | IN (0x0001) | |
Jul 4, 2018 14:08:17.852802038 CEST | 8.8.8.8 | 192.168.0.60 | 0x8a87 | Name error (3) | none | none | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.0.60 | 49685 | 216.58.210.14 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jul 4, 2018 14:05:39.680968046 CEST | 4 | OUT | |
Jul 4, 2018 14:05:39.691977978 CEST | 4 | IN | |
Jul 4, 2018 14:05:39.769212008 CEST | 5 | OUT | |
Jul 4, 2018 14:05:39.780742884 CEST | 6 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.0.60 | 49689 | 23.10.249.152 | 80 | C:\Windows\explorer.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jul 4, 2018 14:05:42.016604900 CEST | 136 | OUT | |
Jul 4, 2018 14:05:42.213829994 CEST | 138 | IN |
HTTPS Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Subject | Issuer | Not Before | Not After | Raw |
---|---|---|---|---|---|---|---|---|---|
Jul 4, 2018 14:05:39.479382038 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 | CN=www.google.com, O=Google LLC, L=Mountain View, ST=California, C=US | CN=Google Internet Authority G3, O=Google Trust Services, C=US | Tue Jun 19 13:38:49 CEST 2018 | Tue Aug 28 13:31:00 CEST 2018 | [[ Version: V3 Subject: CN=www.google.com, O=Google LLC, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: SunPKCS11-NSS EC public key, 256 bits (id 13, session object) public x coord: 57486287385224518456871688099024216208249057546110480213910519166558515302284 public y coord: 56004012548390228849921375250734136449999619089009845961286545179598583415443 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Tue Jun 19 13:38:49 CEST 2018, To: Tue Aug 28 13:31:00 CEST 2018] Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US SerialNumber: [ 222bcccf ca145c3e]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: caIssuers accessLocation: URIName: http://pki.goog/gsr2/GTSGIAG3.crt, accessMethod: ocsp accessLocation: URIName: http://ocsp.pki.goog/GTSGIAG3]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......0010: A6 7E BA 4B ...K]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/GTSGIAG3.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: www.google.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: F3 F3 10 A6 AC E0 83 D6 54 8E 79 5A E5 13 36 83 ........T.yZ..6.0010: 78 EC 52 85 x.R.]]] Algorithm: [SHA256withRSA] Signature:0000: 97 4D D6 9E 12 B6 5B 79 49 46 72 57 0A 22 28 4D .M....[yIFrW."(M0010: 2C 79 97 36 B2 C7 3D AA 55 6F 73 5F E9 89 69 C3 ,y.6..=.Uos_..i.0020: C5 4A 21 47 E0 15 75 41 87 1B DC 9C A6 AD B1 CF .J!G..uA........0030: 0B 29 FA DE A3 E0 AD B2 F2 79 FB 7A 74 64 A8 DE .).......y.ztd..0040: 27 8F F2 F5 FE 30 02 8C 17 6C 99 56 FB 75 0F 1A '....0...l.V.u..0050: 62 BE 56 02 1A 0C 65 1B 27 36 5A FC DC 78 53 1A b.V...e.'6Z..xS.0060: 34 F4 F1 EB 2D 89 01 82 79 80 34 2A 32 33 E8 08 4...-...y.4*23..0070: 84 45 8C FF 81 CD A2 86 A4 45 87 83 2A 58 8C 77 .E.......E..*X.w0080: C5 3A 03 FC EB 09 37 FF 7E D7 55 6A A7 1E F0 81 .:....7...Uj....0090: CF C8 EA C9 A3 CA B3 58 48 CE 69 E6 76 CF 23 01 .......XH.i.v.#.00A0: EF E5 04 04 59 D8 D8 24 FA 20 42 A3 D8 9B 16 5A ....Y..$. B....Z00B0: D7 53 DB 08 F5 4B 87 D9 3E 0D 0C 90 A4 3A D8 CC .S...K..>....:..00C0: B1 30 2D 50 91 66 DC DD C0 B5 B5 16 F6 DF 8E 4A .0-P.f.........J00D0: 02 CF C3 B0 9F 55 8E 68 2B 42 93 7A 66 52 C7 9F .....U.h+B.zfR..00E0: CE 00 9E 38 A6 C1 27 AC 9A 0B 77 15 B9 A6 19 1A ...8..'...w.....00F0: 01 CB A3 BF 94 43 14 40 8B 12 38 44 56 F1 5B BC .....C.@..8DV.[.] |
Jul 4, 2018 14:05:39.479382038 CEST | 443 | 49684 | 216.58.210.4 | 192.168.0.60 | CN=Google Internet Authority G3, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 | [[ Version: V3 Subject: CN=Google Internet Authority G3, O=Google Trust Services, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 25540719540096549801967532215622388028057340978592080609141732382164154646816296526083121741669679112385237833865384918487699354232562775118368146858293595735927525741548199921580705526790385577846106238921439103492392479618335857028746954930496648766472236039621875919970487709839673576509420299423776077274146396625683921324935984297937024355312712214769839608906726548857225274820644855735385444361318783494335259738982362137265282486277074790515499222682891121616563234042637263891559249011361734853144492241992433528066411156317991355405830410464673595997849166914573354017491657353926030969623191808378512203827 public exponent: 65537 Validity: [From: Thu Jun 15 02:00:42 CEST 2017, To: Wed Dec 15 01:00:42 CET 2021] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 SerialNumber: [ 01e3a930 1cfc7206 383f9a53 1d]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.pki.goog/gsr2]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF ...Wg...j..Y..-.0010: DC 19 86 2E ....]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/gsr2/gsr2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.2][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 70 6B 69 2E 67 6F ..https://pki.go0010: 6F 67 2F 72 65 70 6F 73 69 74 6F 72 79 2F og/repository/]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..P.gvv.-......0010: A6 7E BA 4B ...K]]] Algorithm: [SHA256withRSA] Signature:0000: 1C B7 89 96 E4 53 ED BB EC DB A8 32 01 9F 2C A3 .....S.....2..,.0010: CD 6D AD 42 12 77 B3 B8 E6 C9 03 52 60 20 7B 57 .m.B.w.....R` .W0020: 27 C6 11 B5 3F 67 0D 99 2C 5B 5A CA 22 0A DD 9E '...?g..,[Z."...0030: BB 1F 4B 48 3F 8F 02 3D 8B 21 84 45 1D 6D F5 FF ..KH?..=.!.E.m..0040: AC 68 89 CD 64 E2 D6 D6 5E 40 C2 8E 2A F7 EF 14 .h..d...^@..*...0050: D3 36 A4 40 30 F5 32 15 15 92 76 FB 7E 9E 53 EA .6.@0.2...v...S.0060: C2 76 FC 39 AD 88 FE 66 92 26 E9 1C C4 38 CD 49 .v.9...f.&...8.I0070: FA 43 87 F0 5D D6 56 4D 81 D7 7F F1 C2 DD B0 4D .C..].VM.......M0080: FE C3 2A 6E 7C 9F 6E 5C ED 62 42 99 E1 F7 36 EE ..*n..n\.bB...6.0090: 14 8C 2C 20 E3 46 97 5A 77 03 C0 A0 C6 4A 88 FD .., .F.Zw....J..00A0: 40 22 87 72 5A 18 EA 9C A5 C7 5A 08 8C E4 05 A4 @".rZ.....Z.....00B0: 7D B9 84 35 5F 89 36 56 0E 40 3D 12 E8 BB 35 72 ...5_.6V.@=...5r00C0: ED AF 08 56 4E B0 BB 2E A9 9B E4 FB 1D 3E 0B 63 ...VN........>.c00D0: C8 9B 4B 91 44 66 57 C0 14 B4 96 F0 DC 2C 57 3F ..K.DfW......,W?00E0: 52 04 AD 95 AA 7D 4D D0 F2 0C 9F 9C 40 E8 D6 55 R.....M.....@..U00F0: 73 BA 3C DF 90 CB 00 5B 21 11 67 C2 ED 32 1E DE s.<....[!.g..2..] |
Jul 4, 2018 14:05:41.652049065 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 | CN=wigermexir.com | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | Sun Jul 01 12:08:07 CEST 2018 | Sat Sep 29 12:08:07 CEST 2018 | [[ Version: V3 Subject: CN=wigermexir.com Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 27515031272528758016709389016982638278654075415619907878773545704892679022324021331274483099932631250670075425399772948315211979942672573149668630246265770359232246356766385241697526128954215430594140447096857757559961766760803102407934464897573737088779462244457668602532820539106584130816360781501560878758968069108963453140527927672534937763744659200866201341511232842080596965044692286093695184259152403289244069812249730671476938489895404318301340539228489881840614169616879350110155388825918586927630090993988927675750027511801636450524866604001567198011422615480817514013207399468294014432381409710208346826879 public exponent: 65537 Validity: [From: Sun Jul 01 12:08:07 CEST 2018, To: Sat Sep 29 12:08:07 CEST 2018] Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US SerialNumber: [ 03b9e2a5 6719a629 c63044a1 0526e7bb af41]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 81 F6 04 81 F3 00 F1 00 76 00 DB 74 AF EE CB .........v..t...0010: 29 EC B1 FE CA 3E 71 6D 2C E5 B9 AA BB 36 F7 84 )....>qm,....6..0020: 71 83 C7 5D 9D 4F 37 B6 1F BF 64 00 00 01 64 55 q..].O7...d...dU0030: 87 4A D0 00 00 04 03 00 47 30 45 02 20 20 E7 25 .J......G0E. .%0040: 7C 98 7E 88 92 5D DC A5 B6 C2 39 85 2A 11 CE 89 .....]....9.*...0050: 38 51 FC D6 44 4F 69 C9 ED C3 A3 C3 66 02 21 00 8Q..DOi.....f.!.0060: C0 85 55 A8 B0 FB B6 5F 9C D9 51 E4 5F 8D F1 7E ..U...._..Q._...0070: 68 52 53 67 1E AF 1E E8 EF DF 4D 8A 6F 4D DA 9B hRSg......M.oM..0080: 00 77 00 29 3C 51 96 54 C8 39 65 BA AA 50 FC 58 .w.)<Q.T.9e..P.X0090: 07 D4 B7 6F BF 58 7A 29 72 DC A4 C3 0C F4 E5 45 ...o.Xz)r......E00A0: 47 F4 78 00 00 01 64 55 87 4A DD 00 00 04 03 00 G.x...dU.J......00B0: 48 30 46 02 21 00 E2 5A 9F BF B1 87 C5 8C 9C F7 H0F.!..Z........00C0: 36 63 1B C9 99 7B FD C3 86 DB 03 80 0F 5A 6C D1 6c...........Zl.00D0: 18 AF 19 1A 13 12 02 21 00 E3 70 63 AA 86 D3 2A .......!..pc...*00E0: F8 04 FF 14 F3 1E 3D 2B 3C 85 1B 14 7D D3 79 92 ......=+<.....y.00F0: B0 D1 40 F3 F1 F3 B8 1C D2 ..@......[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.int-x3.letsencrypt.org, accessMethod: caIssuers accessLocation: URIName: http://cert.int-x3.letsencrypt.org/]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: A8 4A 6A 63 04 7D DD BA E6 D1 39 B7 A6 45 65 EF .Jjc......9..Ee.0010: F3 A8 EC A1 ....]][4]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.1][] ] [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74 ..http://cps.let0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org], PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.2 qualifier: 0000: 30 81 9E 0C 81 9B 54 68 69 73 20 43 65 72 74 69 0.....This Certi0010: 66 69 63 61 74 65 20 6D 61 79 20 6F 6E 6C 79 20 ficate may only 0020: 62 65 20 72 65 6C 69 65 64 20 75 70 6F 6E 20 62 be relied upon b0030: 79 20 52 65 6C 79 69 6E 67 20 50 61 72 74 69 65 y Relying Partie0040: 73 20 61 6E 64 20 6F 6E 6C 79 20 69 6E 20 61 63 s and only in ac0050: 63 6F 72 64 61 6E 63 65 20 77 69 74 68 20 74 68 cordance with th0060: 65 20 43 65 72 74 69 66 69 63 61 74 65 20 50 6F e Certificate Po0070: 6C 69 63 79 20 66 6F 75 6E 64 20 61 74 20 68 74 licy found at ht0080: 74 70 73 3A 2F 2F 6C 65 74 73 65 6E 63 72 79 70 tps://letsencryp0090: 74 2E 6F 72 67 2F 72 65 70 6F 73 69 74 6F 72 79 t.org/repository00A0: 2F /]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverAuth clientAuth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_Encipherment][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.wigermexir.com DNSName: wigermexir.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 08 0C 7A 34 86 05 F1 53 40 36 EB B4 AB 7D 03 4A ..z4...S@6.....J0010: CC 4E 9C 69 .N.i]]] Algorithm: [SHA256withRSA] Signature:0000: 50 3F 76 28 69 5A ED F8 35 D7 CA 5C 31 9E F8 FD P?v(iZ..5..\1...0010: 1B 2A 57 06 1A A6 D2 A9 93 21 8C 55 9A 5E 3D 8D .*W......!.U.^=.0020: E5 35 20 1D 32 D1 B6 AB 60 B7 98 E8 10 82 41 D4 .5 .2...`.....A.0030: 39 5B 67 9F D8 B0 70 4F 25 0B CC 0C F4 C9 F9 5E 9[g...pO%......^0040: 7B 38 F8 3C 26 EF DE F2 1A 86 71 C3 FF DF 14 7E .8.<&.....q.....0050: EE 0A CC 78 AC 61 80 6B 01 6A F5 25 58 7B F8 1F ...x.a.k.j.%X...0060: 9B 1D 58 01 A3 16 6D B0 A4 44 70 15 98 4D 1F 5D ..X...m..Dp..M.]0070: 80 6C 02 9C 26 39 F5 5E 6A 0B 1A E5 CC EF 3B 60 .l..&9.^j.....;`0080: 71 D8 D6 11 5A 88 ED F0 F9 FA 3C 82 E4 CC AD A8 q...Z.....<.....0090: 77 DD 59 99 B8 63 B2 19 F7 8C 75 AF 26 AD B8 A8 w.Y..c....u.&...00A0: 84 95 CB 55 E8 69 A2 8B 04 9D 47 33 D3 4F 58 BD ...U.i....G3.OX.00B0: 85 66 14 9B 47 9E 41 4B C0 C8 D2 9F 7D A5 58 A2 .f..G.AK......X.00C0: 16 BC 44 30 81 88 5D 28 1F 36 6C 74 F6 EC 09 CC ..D0..](.6lt....00D0: 1A CF F7 DF B5 F0 B6 24 8B A7 C6 DF 13 AA 9C 0A .......$........00E0: 94 A4 91 60 61 46 B6 54 12 DF A6 4A 5C E8 B3 7E ...`aF.T...J\...00F0: 6C 5B A9 F6 AA 66 5A 73 F4 B5 D2 FC 0A 12 A9 4F l[...fZs.......O] |
Jul 4, 2018 14:05:41.652049065 CEST | 443 | 49687 | 212.92.98.68 | 192.168.0.60 | CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US | CN=DST Root CA X3, O=Digital Signature Trust Co. | Thu Mar 17 17:40:46 CET 2016 | Wed Mar 17 17:40:46 CET 2021 | [[ Version: V3 Subject: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 19797248476075437682355852246492227182925025209894527646389863306257272162327717438476096960751529894413137923782807258828237626757946953550223743258656059351948211427799114263948499232121738590221774214131983890556391436336270214266656447169277800971416884432628642288505627878176138101439755752196484972290641499489076846352390454201028735981960275647482014359370041238010607728611828345534572152635280172155598035959878659370929022966413402097129857505568509453268467065766156311136296802046438183697980908977865999500405760226706893415483460747503705792669060406182022181441316967415301631965711690685520847684499 public exponent: 65537 Validity: [From: Thu Mar 17 17:40:46 CET 2016, To: Wed Mar 17 17:40:46 CET 2021] Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. SerialNumber: [ 0a014142 00000153 85736a0b 85eca708]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://isrg.trustid.ocsp.identrust.com, accessMethod: caIssuers accessLocation: URIName: http://apps.identrust.com/roots/dstrootcax3.p7c]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15 .....,q...K.u...0010: 60 85 89 10 `...]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.identrust.com/DSTROOTCAX3CRL.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.1][] ] [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1][PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 22 68 74 74 70 3A 2F 2F 63 70 73 2E 72 6F 6F ."http://cps.roo0010: 74 2D 78 31 2E 6C 65 74 73 65 6E 63 72 79 70 74 t-x1.letsencrypt0020: 2E 6F 72 67 .org]] ]][6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: A8 4A 6A 63 04 7D DD BA E6 D1 39 B7 A6 45 65 EF .Jjc......9..Ee.0010: F3 A8 EC A1 ....]]] Algorithm: [SHA256withRSA] Signature:0000: DD 33 D7 11 F3 63 58 38 DD 18 15 FB 09 55 BE 76 .3...cX8.....U.v0010: 56 B9 70 48 A5 69 47 27 7B C2 24 08 92 F1 5A 1F V.pH.iG'..$...Z.0020: 4A 12 29 37 24 74 51 1C 62 68 B8 CD 95 70 67 E5 J.)7$tQ.bh...pg.0030: F7 A4 BC 4E 28 51 CD 9B E8 AE 87 9D EA D8 BA 5A ...N(Q.........Z0040: A1 01 9A DC F0 DD 6A 1D 6A D8 3E 57 23 9E A6 1E ......j.j.>W#...0050: 04 62 9A FF D7 05 CA B7 1F 3F C0 0A 48 BC 94 B0 .b.......?..H...0060: B6 65 62 E0 C1 54 E5 A3 2A AD 20 C4 E9 E6 BB DC .eb..T..*. .....0070: C8 F6 B5 C3 32 A3 98 CC 77 A8 E6 79 65 07 2B CB ....2...w..ye.+.0080: 28 FE 3A 16 52 81 CE 52 0C 2E 5F 83 E8 D5 06 33 (.:.R..R.._....30090: FB 77 6C CE 40 EA 32 9E 1F 92 5C 41 C1 74 6C 5B .wl.@.2...\A.tl[00A0: 5D 0A 5F 33 CC 4D 9F AC 38 F0 2F 7B 2C 62 9D D9 ]._3.M..8./.,b..00B0: A3 91 6F 25 1B 2F 90 B1 19 46 3D F6 7E 1B A6 7A ..o%./...F=....z00C0: 87 B9 A3 7A 6D 18 FA 25 A5 91 87 15 E0 F2 16 2F ...zm..%......./00D0: 58 B0 06 2F 2C 68 26 C6 4B 98 CD DA 9F 0C F9 7F X../,h&.K.......00E0: 90 ED 43 4A 12 44 4E 6F 73 7A 28 EA A4 AA 6E 7B ..CJ.DNosz(...n.00F0: 4C 7D 87 DD E0 C9 02 44 A7 87 AF C3 34 5B B4 42 L......D....4[.B] |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 13:59:40 |
Start date: | 04/07/2018 |
Path: | C:\Users\user\Desktop\csshead.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 165888 bytes |
MD5 hash: | F0309AA0519EE70C29BBB471352781E7 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 14:00:21 |
Start date: | 04/07/2018 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xe20000 |
File size: | 4064320 bytes |
MD5 hash: | FCBCED2A237DCD7EF86CED551B731742 |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|
Execution Graph |
---|
Execution Coverage: | 13.8% |
Dynamic/Decrypted Code Coverage: | 0.7% |
Signature Coverage: | 20.9% |
Total number of Nodes: | 1830 |
Total number of Limit Nodes: | 52 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Control-flow Graph |
---|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 79% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 37% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 83% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 82% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 75% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 81% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Non-executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 71% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 65% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 46% |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 86% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 90% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 98% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
APIs |
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Execution Graph |
---|
Execution Coverage: | 35.2% |
Dynamic/Decrypted Code Coverage: | 99.9% |
Signature Coverage: | 8.6% |
Total number of Nodes: | 1808 |
Total number of Limit Nodes: | 21 |
Graph
Executed Functions |
---|
Control-flow Graph |
---|
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 98% |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 84% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 58% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 87% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 66% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 96% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 95% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 91% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 88% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 94% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Control-flow Graph |
---|
C-Code - Quality: 28% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 88% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 70% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 50% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 88% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 25% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Non-executed Functions |
---|
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 72% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 65% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 90% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 75% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 78% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 98% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 93% |
|
APIs |
|
Strings |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 35% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 82% |
|
APIs |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 92% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |
C-Code - Quality: 100% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
Joe Sandbox IDA Plugin |
|
Yara matches |