Analysis Report document.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 2 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Nanocore_RAT_Feb18_1 | Detects Nanocore RAT | Florian Roth |
| |
JoeSecurity_Nanocore | Yara detected Nanocore RAT | Joe Security | ||
NanoCore | unknown | Kevin Breen <kevin@techanarchy.net> |
| |
Nanocore_RAT_Gen_2 | Detetcs the Nanocore RAT | Florian Roth |
| |
Click to see the 3 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: NanoCore | Show sources |
Source: | Author: Joe Security: |
Sigma detected: Scheduled temp file as task from temp location | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: |
Compliance: |
---|
Uses 32bit PE files | Show sources |
Source: | Static PE information: |
Uses new MSVCR Dlls | Show sources |
Source: | File opened: |
Binary contains paths to debug symbols | Show sources |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
Uses dynamic DNS services | Show sources |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | DNS traffic detected: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Process Stats: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Key opened: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Window detected: |
Source: | File opened: |
Source: | File opened: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Uses schtasks.exe or at.exe to add and modify task schedules | Show sources |
Source: | Process created: |
Hooking and other Techniques for Hiding and Protection: |
---|
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | API coverage: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: |
Writes to foreign memory regions | Show sources |
Source: | Memory written: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Key value queried: |
Stealing of Sensitive Information: |
---|
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Detected Nanocore Rat | Show sources |
Source: | String found in binary or memory: |
Yara detected Nanocore RAT | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scheduled Task/Job1 | Scheduled Task/Job1 | Process Injection212 | Masquerading2 | Input Capture1 | System Time Discovery1 | Remote Services | Input Capture1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Native API1 | DLL Side-Loading1 | Scheduled Task/Job1 | Virtualization/Sandbox Evasion2 | LSASS Memory | Security Software Discovery11 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Disable or Modify Tools1 | Security Account Manager | Virtualization/Sandbox Evasion2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Remote Access Software1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection212 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol1 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol11 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Information Discovery3 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | DLL Side-Loading1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
88% | ReversingLabs | Win32.Trojan.Azorult | ||
100% | Avira | HEUR/AGEN.1121608 | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Patched.Ren.Gen | Download File | ||
100% | Avira | HEUR/AGEN.1121608 | Download File | ||
100% | Avira | HEUR/AGEN.1121608 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
abdul2u.ddns.net | 79.134.225.122 | true | true | unknown |
Contacted IPs |
---|
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 356144 |
Start date: | 22.02.2021 |
Start time: | 16:35:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 9s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | document.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@15/10@38/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:37:38 | Autostart | |
16:37:39 | Task Scheduler | |
16:37:40 | API Interceptor | |
16:37:42 | Task Scheduler |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
79.134.225.110 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
79.134.225.122 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
abdul2u.ddns.net | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
FINK-TELECOM-SERVICESCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 53248 |
Entropy (8bit): | 4.490095782293901 |
Encrypted: | false |
SSDEEP: | 768:0P2Bbv+VazyoD2z9TU//1mz1+M9GnLEu+2wTFRJS8Ulg:HJv46yoD2BTNz1+M9GLfOw8UO |
MD5: | 529695608EAFBED00ACA9E61EF333A7C |
SHA1: | 68CA8B6D8E74FA4F4EE603EB862E36F2A73BC1E5 |
SHA-256: | 44F129DE312409D8A2DF55F655695E1D48D0DB6F20C5C7803EB0032D8E6B53D0 |
SHA-512: | 8FE476E0185B2B0C66F34E51899B932CB35600C753D36FE102BDA5894CDAA58410044E0A30FDBEF76A285C2C75018D7C5A9BA0763D45EC605C2BBD1EBB9ED674 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.133606110275315 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mne5xtn:cbk4oL600QydbQxIYODOLedq3Ze5j |
MD5: | C6F0625BF4C1CDFB699980C9243D3B22 |
SHA1: | 43DE1FE580576935516327F17B5DA0C656C72851 |
SHA-256: | 8DFC4E937F0B2374E3CED25FCE344B0731CF44B8854625B318D50ECE2DA8F576 |
SHA-512: | 9EF2DBD4142AD0E1E6006929376ECB8011E7FFC801EE2101E906787D70325AD82752DF65839DE9972391FA52E1E5974EC1A5C7465A88AA56257633EBB7D70969 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1310 |
Entropy (8bit): | 5.109425792877704 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j |
MD5: | 5C2F41CFC6F988C859DA7D727AC2B62A |
SHA1: | 68999C85FC7E37BAB9216E0099836D40D4545C1C |
SHA-256: | 98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B |
SHA-512: | B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:9in:w |
MD5: | 4404174C1B769670A5A19334FCA38266 |
SHA1: | DA1B0E55A4E8548AF5820DF6378DD4A9A44971D1 |
SHA-256: | 3A8A6467970123C36B0ACBE5659ADF0D9924C68BB565B64E973518A87C06C7E6 |
SHA-512: | 5AB62DEAF1D10E25378314F44C62170DED8AB14F16BB9450B58E156B2F290762B01984A80DFA54263D89D36643F747CB78B50DF6D64301701396072DB19E2CE3 |
Malicious: | true |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.787365359936823 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSXgL4A:oMLWuQL4A |
MD5: | EFD1636CFC3CC38FD7BABAE5CAC9EDE0 |
SHA1: | 4D7D378ABEB682EEFBD039930C0EA996FBF54178 |
SHA-256: | F827D5B11C1EB3902D601C3E0B59BA32FE11C0B573FBF22FB2AF86BFD4651BBA |
SHA-512: | 69B2B0AB1A6E13395EF52DCB903B8E17D842E6D0D44F801FF2659CFD5EC343C8CC57928B02961FC7099AD43FF05633BAF5AC39042A00C8676D4FA8F6F8C2A5D7 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1010 |
Entropy (8bit): | 4.298581893109255 |
Encrypted: | false |
SSDEEP: | 24:zKTDwL/0XZd3Wo3opQ5ZKBQFYVgt7ovrNOYlK:zKTDwAXZxo4ABV+SrUYE |
MD5: | 367EEEC425FE7E80B723298C447E2F22 |
SHA1: | 3873DFC88AF504FF79231FE2BF0E3CD93CE45195 |
SHA-256: | 481A7A3CA0DD32DA4772718BA4C1EF3F01E8D184FE82CF6E9C5386FD343264BC |
SHA-512: | F7101541D87F045E9DBC45941CDC5A7F97F3EFC29AC0AF2710FC24FA64F0163F9463DE373A5D2BE1270126829DE81006FB8E764186374966E8D0E9BB35B7D7D6 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.562048565874239 |
TrID: |
|
File name: | document.exe |
File size: | 320595 |
MD5: | a777ee74f09e40b1e32ff3007eb89d14 |
SHA1: | 1de57a7c6dc4821ce07a57d4963deadf3bb9b4ff |
SHA256: | b6afddd574a0d7a3686a9d40bed40387914f3d45f9dd2e6a8962fd9ceae8b755 |
SHA512: | 4ac57b62ae762565725e9ccc533c5221fc3ec165f265132da4bce75094bb74636946dbf9e56ea123a48b3800da9486bcea63285e58512f7b5a721f6b953cde81 |
SSDEEP: | 6144:793puKfSbitErTqTkmgcKq2e3B0sYE5P17s7TomYn70XaN5L+FYUdp:nuqtqSkmgcKqHBP5tSo7/KuUz |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(.k.I.8.I.8.I.8.?t8.I.8.?A8.I.8.1L8.I.8.I.8.I.8.?u8.I.8.?E8.I.8.?B8.I.8Rich.I.8........................PE..L......]........... |
File Icon |
---|
Icon Hash: | 00828e8e8686b000 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40db72 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE |
DLL Characteristics: | TERMINAL_SERVER_AWARE, DYNAMIC_BASE |
Time Stamp: | 0x5DB2FEEC [Fri Oct 25 13:55:56 2019 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 1 |
File Version Major: | 5 |
File Version Minor: | 1 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 1 |
Import Hash: | ad727357155f2158504db1cb9482d9b1 |
Entrypoint Preview |
---|
Instruction |
---|
call 00007F34EC36C40Dh |
jmp 00007F34EC36AF6Eh |
mov edi, edi |
push ebp |
mov ebp, esp |
mov eax, dword ptr [ebp+08h] |
mov eax, dword ptr [eax] |
cmp dword ptr [eax], E06D7363h |
jne 00007F34EC36B10Ch |
cmp dword ptr [eax+10h], 03h |
jne 00007F34EC36B106h |
mov eax, dword ptr [eax+14h] |
cmp eax, 19930520h |
je 00007F34EC36B0F7h |
cmp eax, 19930521h |
je 00007F34EC36B0F0h |
cmp eax, 19930522h |
je 00007F34EC36B0E9h |
cmp eax, 01994000h |
jne 00007F34EC36B0E7h |
call 00007F34EC36C467h |
xor eax, eax |
pop ebp |
retn 0004h |
push 0040DB7Ch |
call dword ptr [00412098h] |
xor eax, eax |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push 0041240Ch |
call dword ptr [004120A0h] |
test eax, eax |
je 00007F34EC36B0F7h |
push 004123FCh |
push eax |
call dword ptr [0041209Ch] |
test eax, eax |
je 00007F34EC36B0E7h |
push dword ptr [ebp+08h] |
call eax |
pop ebp |
ret |
mov edi, edi |
push ebp |
mov ebp, esp |
push dword ptr [ebp+08h] |
call 00007F34EC36B0ADh |
pop ecx |
push dword ptr [ebp+08h] |
call dword ptr [004120A4h] |
int3 |
push 00000008h |
call 00007F34EC36C5CDh |
pop ecx |
ret |
push 00000008h |
call 00007F34EC36C4EBh |
pop ecx |
ret |
mov edi, edi |
push esi |
call 00007F34EC36BCDAh |
mov esi, eax |
push esi |
call 00007F34EC36C9A2h |
push esi |
call 00007F34EC36C802h |
push esi |
call 00007F34EC36B0EDh |
Rich Headers |
---|
Programming Language: |
|
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13cdc | 0x50 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x18000 | 0x310 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x19000 | 0x14bc | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x13ae0 | 0x40 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x12000 | 0x168 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x10c42 | 0x10e00 | False | 0.49955150463 | data | 6.21379336576 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x12000 | 0x251a | 0x2600 | False | 0.343544407895 | data | 4.92885915543 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0x2400 | 0x1600 | False | 0.297940340909 | PGP\011Secret Sub-key - | 4.02678593401 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x18000 | 0x310 | 0x400 | False | 0.3740234375 | data | 2.65405558594 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x19000 | 0x169c | 0x1800 | False | 0.7255859375 | data | 6.32911431671 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x18060 | 0x2b0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSACM32.dll | XRegThunkEntry, acmFormatTagDetailsA, acmStreamReset, acmStreamUnprepareHeader, acmDriverClose, acmFormatDetailsW, acmStreamConvert, acmGetVersion, acmStreamOpen, acmFormatEnumW, acmDriverEnum, acmStreamClose, acmFormatDetailsA, acmDriverID, acmFilterTagDetailsW, acmDriverRemove |
GLU32.dll | gluLookAt, gluBeginTrim, gluNewNurbsRenderer, gluTessBeginContour, gluBeginCurve, gluNurbsCurve, gluLoadSamplingMatrices, gluBuild2DMipmaps, gluPartialDisk, gluQuadricNormals, gluBeginPolygon, gluEndCurve, gluTessEndPolygon, gluQuadricOrientation, gluDeleteQuadric, gluGetTessProperty, gluTessNormal |
KERNEL32.dll | GetCurrentProcess, HeapFree, Sleep, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, RtlUnwind, WideCharToMultiByte, HeapSize, HeapAlloc, HeapReAlloc, IsProcessorFeaturePresent, LCMapStringW, MultiByteToWideChar, GetStringTypeW, SetHandleCount, GetCommandLineW, HeapSetInformation, GetStartupInfoW, SetUnhandledExceptionFilter, GetProcAddress, GetModuleHandleW, ExitProcess, DecodePointer, WriteFile, GetStdHandle, GetModuleFileNameW, FreeEnvironmentStringsW, GetEnvironmentStringsW, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, GetCurrentThreadId, GetLastError, InterlockedDecrement, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, LeaveCriticalSection, EnterCriticalSection, LoadLibraryW, UnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess |
Version Infos |
---|
Description | Data |
---|---|
LegalCopyright | Copyright (C) Street 2019 |
InternalName | copastors.exe |
FileVersion | 8.5.5.2 |
CompanyName | amrit |
ProductName | vanes |
ProductVersion | 3.3.0.6 |
FileDescription | rocketlike |
OriginalFilename | pursuit's.exe |
Translation | 0x0409 0x04b0 |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:37:41.265849113 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:41.351079941 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:41.861848116 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:41.946278095 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:42.454593897 CET | 49737 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:42.537456036 CET | 6735 | 49737 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:46.675965071 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:46.759013891 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:47.267448902 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:47.351768970 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:47.861155033 CET | 49738 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:47.943890095 CET | 6735 | 49738 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:51.958003998 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:52.040967941 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:52.549143076 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:52.634360075 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:53.142852068 CET | 49739 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:37:53.227966070 CET | 6735 | 49739 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:37:57.823545933 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:57.910815954 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:37:58.424524069 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:58.510298014 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:37:59.018342972 CET | 49741 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:37:59.104568005 CET | 6735 | 49741 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:04.832668066 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:04.915301085 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:05.425388098 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:05.508040905 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:06.019125938 CET | 49743 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:06.103596926 CET | 6735 | 49743 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:10.680164099 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:10.765731096 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:11.269349098 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:11.356842041 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:11.863219976 CET | 49744 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:11.959744930 CET | 6735 | 49744 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:15.975316048 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:16.061193943 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:16.566814899 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:16.650237083 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:17.160432100 CET | 49745 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:17.243114948 CET | 6735 | 49745 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:21.257806063 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:21.342331886 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:21.848464966 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:21.931258917 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:22.442207098 CET | 49746 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:22.524801016 CET | 6735 | 49746 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:27.659423113 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:27.744829893 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:28.255315065 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:28.343302965 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:28.848983049 CET | 49747 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:28.933620930 CET | 6735 | 49747 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:33.255836010 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:33.338984966 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:33.849450111 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:33.943784952 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:34.458800077 CET | 49748 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:34.541537046 CET | 6735 | 49748 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:39.982991934 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:40.065711021 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:40.569189072 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:40.652091980 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:41.157509089 CET | 49751 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:41.240215063 CET | 6735 | 49751 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:45.705579996 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:45.790061951 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:46.299804926 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:46.384030104 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:46.893640041 CET | 49760 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:38:46.976705074 CET | 6735 | 49760 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:38:50.990186930 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:51.077205896 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:51.582006931 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:51.667587042 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:52.175306082 CET | 49761 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:52.262377977 CET | 6735 | 49761 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:56.272594929 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:56.358114004 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:56.863210917 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:56.953525066 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:38:57.457262039 CET | 49762 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:38:57.544751883 CET | 6735 | 49762 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:01.630726099 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:01.713717937 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:02.219719887 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:02.305814028 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:02.816864967 CET | 49763 | 6735 | 192.168.2.3 | 79.134.225.110 |
Feb 22, 2021 16:39:02.899641991 CET | 6735 | 49763 | 79.134.225.110 | 192.168.2.3 |
Feb 22, 2021 16:39:07.174407005 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:07.259198904 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:07.770442963 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:07.856234074 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:08.364450932 CET | 49764 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:08.449368000 CET | 6735 | 49764 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:12.829657078 CET | 49765 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:12.914236069 CET | 6735 | 49765 | 79.134.225.122 | 192.168.2.3 |
Feb 22, 2021 16:39:13.427114964 CET | 49765 | 6735 | 192.168.2.3 | 79.134.225.122 |
Feb 22, 2021 16:39:13.513720036 CET | 6735 | 49765 | 79.134.225.122 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Feb 22, 2021 16:35:44.134577990 CET | 51281 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:44.194158077 CET | 53 | 51281 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:44.995738029 CET | 49199 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:45.057395935 CET | 53 | 49199 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:45.070014000 CET | 50620 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:45.121330023 CET | 53 | 50620 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:47.044949055 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:47.098675966 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:47.841288090 CET | 60152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:47.893359900 CET | 53 | 60152 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:49.203057051 CET | 57544 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:49.260643005 CET | 53 | 57544 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:50.388456106 CET | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:50.440010071 CET | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:51.557723999 CET | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:51.606522083 CET | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:52.813244104 CET | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:52.866415977 CET | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:53.837300062 CET | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:53.885967970 CET | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:54.702124119 CET | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:54.750946999 CET | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:55.639770031 CET | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:55.691358089 CET | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:56.572483063 CET | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:56.621201038 CET | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:57.328089952 CET | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:57.376915932 CET | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:58.478420973 CET | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:58.527216911 CET | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:35:59.605261087 CET | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:35:59.655752897 CET | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:00.384371996 CET | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:00.436095953 CET | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:01.513987064 CET | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:01.565565109 CET | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:02.318938017 CET | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:02.370206118 CET | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:26.169513941 CET | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:26.229196072 CET | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:39.877182007 CET | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:39.928191900 CET | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:36:45.340117931 CET | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:36:45.390225887 CET | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:02.755458117 CET | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:02.813621044 CET | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:19.631803036 CET | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:19.705322981 CET | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:25.851689100 CET | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:25.915015936 CET | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:56.192703009 CET | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:56.244393110 CET | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:57.741082907 CET | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:57.800082922 CET | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:37:58.161919117 CET | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:37:58.236344099 CET | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:03.483975887 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:04.472764969 CET | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:04.830853939 CET | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:10.613826036 CET | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:10.678647041 CET | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:33.188601017 CET | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:33.254252911 CET | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:38.848980904 CET | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:38.900855064 CET | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:39.357125044 CET | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.416624069 CET | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:39.923942089 CET | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.970954895 CET | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:39.981759071 CET | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.031236887 CET | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.407587051 CET | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:40.457740068 CET | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:40.837980986 CET | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:40.897216082 CET | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:41.366401911 CET | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:41.416395903 CET | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:41.864088058 CET | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:41.924083948 CET | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:42.492415905 CET | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:42.549807072 CET | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:43.205632925 CET | 59420 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:43.256567001 CET | 53 | 59420 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:43.648096085 CET | 58784 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:43.706830025 CET | 53 | 58784 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:38:45.641515017 CET | 63978 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:38:45.703701973 CET | 53 | 63978 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:07.114648104 CET | 62938 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:07.173084974 CET | 53 | 62938 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:12.765547991 CET | 55708 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:12.824115992 CET | 53 | 55708 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:18.728935957 CET | 56803 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:18.785767078 CET | 53 | 56803 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:40.300434113 CET | 57145 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:40.362126112 CET | 53 | 57145 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:45.689848900 CET | 55359 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:45.747180939 CET | 53 | 55359 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:39:51.113612890 CET | 58306 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:39:51.178608894 CET | 53 | 58306 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:12.389492035 CET | 64124 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:12.446680069 CET | 53 | 64124 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:17.814945936 CET | 49361 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:17.878400087 CET | 53 | 49361 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:23.220724106 CET | 63150 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:23.283564091 CET | 53 | 63150 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:36.408612013 CET | 53279 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:36.468389034 CET | 53 | 53279 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:36.919315100 CET | 56881 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:36.984726906 CET | 53 | 56881 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:37.783770084 CET | 53642 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:37.836837053 CET | 53 | 53642 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:38.307068110 CET | 55667 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:38.371927023 CET | 53 | 55667 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:38.660815954 CET | 54833 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:38.747956991 CET | 53 | 54833 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:46.330249071 CET | 62476 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:46.391926050 CET | 53 | 62476 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:51.740901947 CET | 49705 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:51.799696922 CET | 53 | 49705 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:40:57.151721001 CET | 61477 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:40:57.208571911 CET | 53 | 61477 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:18.408799887 CET | 61633 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:18.465759993 CET | 53 | 61633 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:23.823635101 CET | 55949 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:23.888911009 CET | 53 | 55949 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:29.228153944 CET | 57601 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:29.287206888 CET | 53 | 57601 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:50.490130901 CET | 49342 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:50.549242973 CET | 53 | 49342 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:41:56.674190044 CET | 56253 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:41:56.736052990 CET | 53 | 56253 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:02.100918055 CET | 49667 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:02.159964085 CET | 53 | 49667 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:25.759594917 CET | 55439 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:25.816840887 CET | 53 | 55439 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:31.159904003 CET | 57069 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:31.221770048 CET | 53 | 57069 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:36.591656923 CET | 57659 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:36.653882027 CET | 53 | 57659 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:42:57.825150967 CET | 54717 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:42:57.885962963 CET | 53 | 54717 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:03.303792000 CET | 63975 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:04.337645054 CET | 63975 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:04.396392107 CET | 53 | 63975 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:09.741367102 CET | 56639 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:09.798619986 CET | 53 | 56639 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:27.663825035 CET | 51856 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:27.717261076 CET | 53 | 51856 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:30.960230112 CET | 56546 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:31.021744967 CET | 53 | 56546 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:38.770631075 CET | 62152 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:38.829248905 CET | 53 | 62152 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:44.189871073 CET | 53470 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:44.248924017 CET | 53 | 53470 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:43:57.884694099 CET | 56446 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:43:57.952442884 CET | 53 | 56446 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:05.433654070 CET | 59631 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:05.492403984 CET | 53 | 59631 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:10.846462965 CET | 55515 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:10.898217916 CET | 53 | 55515 | 8.8.8.8 | 192.168.2.3 |
Feb 22, 2021 16:44:16.187978983 CET | 64547 | 53 | 192.168.2.3 | 8.8.8.8 |
Feb 22, 2021 16:44:16.248155117 CET | 53 | 64547 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Feb 22, 2021 16:37:57.741082907 CET | 192.168.2.3 | 8.8.8.8 | 0x3ac6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:03.483975887 CET | 192.168.2.3 | 8.8.8.8 | 0x8c81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:04.472764969 CET | 192.168.2.3 | 8.8.8.8 | 0x8c81 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:10.613826036 CET | 192.168.2.3 | 8.8.8.8 | 0x578 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:33.188601017 CET | 192.168.2.3 | 8.8.8.8 | 0x962a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:39.923942089 CET | 192.168.2.3 | 8.8.8.8 | 0x2d71 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:38:45.641515017 CET | 192.168.2.3 | 8.8.8.8 | 0x9460 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:07.114648104 CET | 192.168.2.3 | 8.8.8.8 | 0x88ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:12.765547991 CET | 192.168.2.3 | 8.8.8.8 | 0x1299 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:18.728935957 CET | 192.168.2.3 | 8.8.8.8 | 0x9b5d | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:40.300434113 CET | 192.168.2.3 | 8.8.8.8 | 0x1f50 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:45.689848900 CET | 192.168.2.3 | 8.8.8.8 | 0x7479 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:39:51.113612890 CET | 192.168.2.3 | 8.8.8.8 | 0x36bf | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:12.389492035 CET | 192.168.2.3 | 8.8.8.8 | 0x9d5c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:17.814945936 CET | 192.168.2.3 | 8.8.8.8 | 0x181a | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:23.220724106 CET | 192.168.2.3 | 8.8.8.8 | 0x8ae3 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:46.330249071 CET | 192.168.2.3 | 8.8.8.8 | 0x302f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:51.740901947 CET | 192.168.2.3 | 8.8.8.8 | 0x8df5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:40:57.151721001 CET | 192.168.2.3 | 8.8.8.8 | 0x83e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:18.408799887 CET | 192.168.2.3 | 8.8.8.8 | 0x4d77 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:23.823635101 CET | 192.168.2.3 | 8.8.8.8 | 0x7e7c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:29.228153944 CET | 192.168.2.3 | 8.8.8.8 | 0x965f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:50.490130901 CET | 192.168.2.3 | 8.8.8.8 | 0x90ea | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:41:56.674190044 CET | 192.168.2.3 | 8.8.8.8 | 0x6374 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:02.100918055 CET | 192.168.2.3 | 8.8.8.8 | 0xff70 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:25.759594917 CET | 192.168.2.3 | 8.8.8.8 | 0x2b5c | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:31.159904003 CET | 192.168.2.3 | 8.8.8.8 | 0x8c0f | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:36.591656923 CET | 192.168.2.3 | 8.8.8.8 | 0x27eb | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:42:57.825150967 CET | 192.168.2.3 | 8.8.8.8 | 0xf454 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:03.303792000 CET | 192.168.2.3 | 8.8.8.8 | 0x6bb8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:04.337645054 CET | 192.168.2.3 | 8.8.8.8 | 0x6bb8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:09.741367102 CET | 192.168.2.3 | 8.8.8.8 | 0x7e7b | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:30.960230112 CET | 192.168.2.3 | 8.8.8.8 | 0xa7ff | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:38.770631075 CET | 192.168.2.3 | 8.8.8.8 | 0x96b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:43:44.189871073 CET | 192.168.2.3 | 8.8.8.8 | 0x96e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:05.433654070 CET | 192.168.2.3 | 8.8.8.8 | 0xf053 | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:10.846462965 CET | 192.168.2.3 | 8.8.8.8 | 0xf92e | Standard query (0) | A (IP address) | IN (0x0001) | |
Feb 22, 2021 16:44:16.187978983 CET | 192.168.2.3 | 8.8.8.8 | 0x9a1e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Feb 22, 2021 16:37:57.800082922 CET | 8.8.8.8 | 192.168.2.3 | 0x3ac6 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:04.830853939 CET | 8.8.8.8 | 192.168.2.3 | 0x8c81 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:10.678647041 CET | 8.8.8.8 | 192.168.2.3 | 0x578 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:33.254252911 CET | 8.8.8.8 | 192.168.2.3 | 0x962a | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:39.981759071 CET | 8.8.8.8 | 192.168.2.3 | 0x2d71 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:38:45.703701973 CET | 8.8.8.8 | 192.168.2.3 | 0x9460 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:07.173084974 CET | 8.8.8.8 | 192.168.2.3 | 0x88ca | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:12.824115992 CET | 8.8.8.8 | 192.168.2.3 | 0x1299 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:18.785767078 CET | 8.8.8.8 | 192.168.2.3 | 0x9b5d | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:40.362126112 CET | 8.8.8.8 | 192.168.2.3 | 0x1f50 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:45.747180939 CET | 8.8.8.8 | 192.168.2.3 | 0x7479 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:39:51.178608894 CET | 8.8.8.8 | 192.168.2.3 | 0x36bf | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:12.446680069 CET | 8.8.8.8 | 192.168.2.3 | 0x9d5c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:17.878400087 CET | 8.8.8.8 | 192.168.2.3 | 0x181a | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:23.283564091 CET | 8.8.8.8 | 192.168.2.3 | 0x8ae3 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:36.468389034 CET | 8.8.8.8 | 192.168.2.3 | 0x94c5 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) | ||
Feb 22, 2021 16:40:46.391926050 CET | 8.8.8.8 | 192.168.2.3 | 0x302f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:51.799696922 CET | 8.8.8.8 | 192.168.2.3 | 0x8df5 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:40:57.208571911 CET | 8.8.8.8 | 192.168.2.3 | 0x83e9 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:18.465759993 CET | 8.8.8.8 | 192.168.2.3 | 0x4d77 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:23.888911009 CET | 8.8.8.8 | 192.168.2.3 | 0x7e7c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:29.287206888 CET | 8.8.8.8 | 192.168.2.3 | 0x965f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:50.549242973 CET | 8.8.8.8 | 192.168.2.3 | 0x90ea | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:41:56.736052990 CET | 8.8.8.8 | 192.168.2.3 | 0x6374 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:02.159964085 CET | 8.8.8.8 | 192.168.2.3 | 0xff70 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:25.816840887 CET | 8.8.8.8 | 192.168.2.3 | 0x2b5c | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:31.221770048 CET | 8.8.8.8 | 192.168.2.3 | 0x8c0f | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:36.653882027 CET | 8.8.8.8 | 192.168.2.3 | 0x27eb | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:42:57.885962963 CET | 8.8.8.8 | 192.168.2.3 | 0xf454 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:04.396392107 CET | 8.8.8.8 | 192.168.2.3 | 0x6bb8 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:09.798619986 CET | 8.8.8.8 | 192.168.2.3 | 0x7e7b | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:31.021744967 CET | 8.8.8.8 | 192.168.2.3 | 0xa7ff | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:38.829248905 CET | 8.8.8.8 | 192.168.2.3 | 0x96b7 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:43:44.248924017 CET | 8.8.8.8 | 192.168.2.3 | 0x96e7 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:05.492403984 CET | 8.8.8.8 | 192.168.2.3 | 0xf053 | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:10.898217916 CET | 8.8.8.8 | 192.168.2.3 | 0xf92e | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) | ||
Feb 22, 2021 16:44:16.248155117 CET | 8.8.8.8 | 192.168.2.3 | 0x9a1e | No error (0) | 79.134.225.122 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 16:35:50 |
Start date: | 22/02/2021 |
Path: | C:\Users\user\Desktop\document.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x280000 |
File size: | 320595 bytes |
MD5 hash: | A777EE74F09E40B1E32FF3007EB89D14 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
General |
---|
Start time: | 16:37:35 |
Start date: | 22/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x850000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:38 |
Start date: | 22/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\SysWOW64\schtasks.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb40000 |
File size: | 185856 bytes |
MD5 hash: | 15FF7D8324231381BAD48A052F85DF04 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:39 |
Start date: | 22/02/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2e0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:40 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:40 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:42 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa60000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Antivirus matches: |
|
Reputation: | high |
General |
---|
Start time: | 16:37:42 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 16:37:47 |
Start date: | 22/02/2021 |
Path: | C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x9b0000 |
File size: | 53248 bytes |
MD5 hash: | 529695608EAFBED00ACA9E61EF333A7C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Reputation: | high |
General |
---|
Start time: | 16:37:47 |
Start date: | 22/02/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff6b2800000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|