Edit tour
Windows
Analysis Report
QT_0948765446-NMPMUST-9876563783.exe
Overview
General Information
Detection
NanoCore, GuLoader
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Sigma detected: NanoCore
Yara detected GuLoader
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
PE file contains more sections than normal
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- QT_0948765446-NMPMUST-9876563783.exe (PID: 2036 cmdline:
"C:\Users\ user\Deskt op\QT_0948 765446-NMP MUST-98765 63783.exe" MD5: 155A8B146F63FCECC360CC1162974373) - CasPol.exe (PID: 7184 cmdline:
"C:\Users\ user\Deskt op\QT_0948 765446-NMP MUST-98765 63783.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - CasPol.exe (PID: 7192 cmdline:
"C:\Users\ user\Deskt op\QT_0948 765446-NMP MUST-98765 63783.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - CasPol.exe (PID: 7200 cmdline:
"C:\Users\ user\Deskt op\QT_0948 765446-NMP MUST-98765 63783.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - CasPol.exe (PID: 7208 cmdline:
"C:\Users\ user\Deskt op\QT_0948 765446-NMP MUST-98765 63783.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 7216 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - schtasks.exe (PID: 5960 cmdline:
schtasks.e xe" /creat e /f /tn " DSL Monito r" /xml "C :\Users\us er\AppData \Local\Tem p\tmp1B52. tmp MD5: 478BEAEC1C3A9417272BC8964ADD1CEE) - conhost.exe (PID: 6248 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- CasPol.exe (PID: 6060 cmdline:
C:\Windows \Microsoft .NET\Frame work\v2.0. 50727\casp ol.exe 0 MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 1604 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "https://drive.google.com/uc?export=download&id=15pFGBWcJey0L1ljJmoCXsS1qG0k_QM5X"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process Stats: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | System information queried: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 221 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 112 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | 1 DLL Side-Loading | 1 Scheduled Task/Job | 131 Virtualization/Sandbox Evasion | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | 1 DLL Side-Loading | 112 Process Injection | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Hidden Files and Directories | Cached Domain Credentials | 5 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Obfuscated Files or Information | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | Win32.Trojan.Shelsy |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
3% | Metadefender | Browse | ||
0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.185.78 | true | false | high | |
googlehosted.l.googleusercontent.com | 216.58.212.129 | true | false | high | |
8476.hopto.org | 91.193.75.131 | true | false | unknown | |
doc-08-38-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
216.58.212.129 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
91.193.75.131 | 8476.hopto.org | Serbia | 209623 | DAVID_CRAIGGG | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 628420 |
Start date and time: 17/05/202216:48:38 | 2022-05-17 16:48:38 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | QT_0948765446-NMPMUST-9876563783.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 35 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.troj.evad.winEXE@15/17@36/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- TCP Packets have been reduced to 100
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, UserOOBEBroker.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.82.207.122
- Excluded domains from analysis (whitelisted): client.wns.windows.com, wdcpalt.microsoft.com, fs.microsoft.com, slscr.update.microsoft.com, wd-prod-cp-eu-north-2-fe.northeurope.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
16:50:36 | API Interceptor | |
16:51:06 | Autostart | |
16:51:10 | Task Scheduler | |
16:51:10 | API Interceptor | |
16:51:14 | Autostart |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6849 |
Entropy (8bit): | 7.964410103086909 |
Encrypted: | false |
SSDEEP: | 192:84tawNmazDkzm194nzoleRkBVth1GHnClTPfiu3P713O+WZQC:vJLkm16nzRknth1GHCl7iuf9rWZQC |
MD5: | C9E51CDC81D062234E363D135F53D582 |
SHA1: | BBF061CB6C6E6C85A0FBEC058F2DC27DE7A56BC9 |
SHA-256: | 599388CC93E8D2AE04325F6A692B31E6CBCFEE9D11FEA4A22E8FE31E1FF89AA2 |
SHA-512: | ABDF90AF83C2555F5675BD85F525672ADDFFAC965FBF349E2B1020E613E82377417646F1956A9EBD17B947B209655A721101AF4FF70970845DFC53FF7E8072C8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 260733 |
Entropy (8bit): | 7.569738313483503 |
Encrypted: | false |
SSDEEP: | 6144:HYa6ZtKR5Z0v2uTcWdq+LKimLlF21W0PLpxYwX:HY3Y5Z0eGJq+LuxF2sL0 |
MD5: | 79998199D5193170B5471A3C44E334CB |
SHA1: | 15FE429245C5D0847452141A1677D3C16692569F |
SHA-256: | C54D824042A45B2D070D00062BCA6ECCD6B45EC2984DEBD0A476B5CDE8A395F4 |
SHA-512: | 4C997815C513019148CA0FE9FD69DBDAA5200ABFC9A98183869A6647F6B3BCB723E82AA9DAB77618BD992BE049C91E1A5FEC2AA5DFA4F25C4D80B548175BFA13 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 495 |
Entropy (8bit): | 7.413794533078799 |
Encrypted: | false |
SSDEEP: | 12:6v/7lgK+7rivq3U5TPrJlMjyFp25GxlaPaBkgGiYbmgaEwPF:s/kkhrEjyFp25GxlaPaKg3pdF |
MD5: | DA02560CE065ED9F812FC23B6AF4E2C6 |
SHA1: | 1A05DEAA45D137500AE2279C5EB608FD8F77B1F8 |
SHA-256: | 2BEC36AB11AA5A8328257C4A9D1F268805451983D5AAC657E098C9FC386574F6 |
SHA-512: | EF3CDAF6F39C9EFC309DE851F798840DAA475F6263FCC23E590DB40D98640B3481053720FBF0015D83BAFB6F0CACE7CBF09131EE0498C7C4CF1AD34472E8004B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 290 |
Entropy (8bit): | 6.970419229774679 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPys1jeVXJA4VdfgDp3/wrnyVNS5hhll0IdXEVnyBaJa6jp:6v/7VjQ10OTGgL0zVyBaQ6N |
MD5: | 0D79E9D00775B587F7DDC07F85581167 |
SHA1: | E094329B29C52656965AF26D944CBC8B753B831A |
SHA-256: | 3A431205D5999B6CE43AFE3E3F553BEB46C95B40F202880E8B6A404593A138B5 |
SHA-512: | 46724C6B562D9D5161971599302114EE8B66D163FDAB8EE4625E489DBE765734CA283C9289C92BBD183444368974D17B2DC143204D6C0AA805F5D2A92DF686A9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 94761 |
Entropy (8bit): | 7.147038765629842 |
Encrypted: | false |
SSDEEP: | 1536:2XNlqvDX7cKj1l6vX42bW/9eSn3pPi+4mad2LIVfWUXX290zHBsSBbe6kf:iNlaDLcY4X4D/Ln3p6qad06e0HH3Fkf |
MD5: | DB1F8338E32AEA828E5F3BC1E479EA4D |
SHA1: | D0EC5F2CC0A8A865F7420C5185F39D406DA0523C |
SHA-256: | 847653D9662EB47618CADA712604EFAD95A9093844A40C60546F97D7604208F9 |
SHA-512: | E4A647449E22428D3B3DBD1BED29290B61E8DA8D6CCAA4E53B78699ABC4CED3D46E09C23C62AC5C7321F01F2A8CCF807801E8F7B18B3EC1861856121295BE728 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 28353 |
Entropy (8bit): | 5.247530837724658 |
Encrypted: | false |
SSDEEP: | 384:iRGqs9qVGO2LHItNcLIHJOJF9yX8EzQrwEI6/p9ekFCCq:iu9qk3o0LIHJ4LycFFq |
MD5: | 9174157F50762DD5D6E160C7E0DDADF1 |
SHA1: | D9E0BA6AA58B561D25C5A122A842A7B5DE1D47A4 |
SHA-256: | 80495E26F7ACE00DDE275B5C96292C7C31AF65AC7732D42D4E626EDE68F8C7F8 |
SHA-512: | 9A8A32B1A6648CFFFE2EE44DFC8BD95500738766AC14F13D967006DF35745FCAB18C7D4CB67EEEA2EAC0A2FCC343B2D670B20A67960589236300E522EC20144A |
Malicious: | false |
Antivirus: | |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 528 |
Entropy (8bit): | 2.454669672012672 |
Encrypted: | false |
SSDEEP: | 3:WlWUqt/vllXl+YZcFTS9gXeF+X32Zp9XojoW2mnKt3MGHlXml/4XSkVlXllXl/l5:idq2Vg3F+X32RojB5nKKZ4i |
MD5: | 56D41F7E91B9DCD5E8AF747A13C6004B |
SHA1: | C59F6AE0DE9D72F3046293E9CEE3A8E5077A3F58 |
SHA-256: | 9B8494152724313033EE4A2C2112212816F9C11AB5DEF42D3325617ADFF6DE49 |
SHA-512: | CB28A005BFE866102538AF218606269018D7B433DA559E3496C21A63815D439A397A1B9281C4DDEB1D575BC0645D4C0F8D6156171611534F9CA8F6124CB21CA5 |
Malicious: | false |
Antivirus: | |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 337 |
Entropy (8bit): | 7.0965599412000255 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPys2zWtI1SjYx4LeRiaTJBeWiqIWODcmaq0LsOHmjknp:6v/7W11M3LekaTJkiO9hXOykp |
MD5: | 659220014DDED044AE048DE1F707787D |
SHA1: | 32D7305C1A0315A59B7B6F12A652D409F1E53077 |
SHA-256: | 3C7677231B2B2E41865F2772B97F2ED21235A6D3377A5C18A66D66ABB5F289C5 |
SHA-512: | C577E4688BCB1B98CF559062EB9A158E82FA2FE408A89D53E7C3E857796211166FEB17958001DC397BA04C303C42A6B4E5481BC0434CA58BB3512F4A72C5AE10 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 358 |
Entropy (8bit): | 7.110934101486144 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPWbD+rdtFtN6aho0HHOGaB7YrI1QJYB+rCiYb3FoiiiI99r9Bp:6v/7TrbN7lnOGuY8iJg+eiG1odr9v |
MD5: | 3D4B275979C1C90F8802E34E1AE6BB03 |
SHA1: | 13596B93FB14BE97D6275CCE43969935DEA3762C |
SHA-256: | 2D547F84EA8DF35ECAAF5F4CDB92CA50488514174CF77A2B955D7CD4E0660B9F |
SHA-512: | 77F5F9C39A1C9133682BFCE4BD41FB58D04C226973C86EDD2A12DACD9D2BD06D4A1F3278620A7CAD658EE90D33AD5513EDFBF5AB0B035E6301E97BA4E9006E44 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 244 |
Entropy (8bit): | 6.758520539988057 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPys81g2WMTrmv2GxdaTKUWdXhcorhOZXd5bvn0LGp:6v/7c1ZWarYvDa+UWdxcor87bv0g |
MD5: | 4FD7AA500BD09F4AE3D4D0951D56B095 |
SHA1: | 215730E32EE69DBA4A8CCF190D16903C51803C3C |
SHA-256: | B34B352C04C4578B1130C979A3571DBF058BC939CDC45723E479BCE27D80B7A5 |
SHA-512: | B4EEA2408A0A717EE79DB3BD66DFDA455A67058CF707F5638DF786DADFFEBE0E9DFF508DA6ED235AE5AD73EE82656C1338590910850A046B66ECB82AEE19B036 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | modified |
Size (bytes): | 845 |
Entropy (8bit): | 5.12125030062822 |
Encrypted: | false |
SSDEEP: | 12:t4C8glnfnjdiYJCX+iCydrkeYRAerAFhLtHLAmVAcZ3AGdK5UMtz4y7jXvNM:t4CjlfhZJCX0yKbRAecFhBrN3AGMaM7O |
MD5: | 5CD531D175E59C4A36AC0025E613F689 |
SHA1: | 62F4DF65A5F6E3DE4A89774953F9C41FA9A0A4AA |
SHA-256: | 41B4A84FD5B41F294B59E4CB4D9B76C6ACF4E5066C6AB9E458BEFEF116525B0C |
SHA-512: | 6F2A2241BEC4DA98D1D9949343FBE01B0431C80CC378915B1A62D3CF3F34C3240C35AAA3CE7799A91D9FBAE89203CCAF05C149F45564FCB1C5103AB672229793 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\QT_0948765446-NMPMUST-9876563783.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: | |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.131285242271578 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mnJxtn:cbk4oL600QydbQxIYODOLedq3ZJj |
MD5: | 497F298FC157762F192A7C42854C6FB6 |
SHA1: | 04BEC630F5CC64EA17C0E3E780B3CCF15A35C6E0 |
SHA-256: | 3462CBE62FBB64FC53A0FCF97E43BAAFE9DD9929204F586A86AFE4B89D8048A6 |
SHA-512: | C7C6FD3097F4D1CCD313160FEDF7CB031644E0836B8C3E25481095E5F4B003759BC84FC6EA9421E3A090E66DC2FF875FEC2F394A386691AB178CB164733411B2 |
Malicious: | true |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:+Pn:+P |
MD5: | 6BC2438201E61D11DCA226D4CF7CC0C6 |
SHA1: | B0AC09489C4C9434E24666DF7F133CC07554C444 |
SHA-256: | 382C5A8FC6780DCBCA104B1DCD5C690724D3C2CFECED2B4B6B8A520CE8822673 |
SHA-512: | 0C47E934A9B0CF6CE91AE82DE9B6982CB66F54375C26C8F27A31E884B88EB5993C619E26C4061FEE8DEE0EB0497363B84A6E8E0CD4C6B1DCCEE4AB7CE5F555C1 |
Malicious: | true |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.745141646068962 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSmm:oMLWumm |
MD5: | F781103B538E4159A8F01E3BE09B1F8D |
SHA1: | 27992585DE22A095BABCFD75E8F96710DD921C37 |
SHA-256: | BEA91983791C26C19AA411B2870E89AFC250EAF9855B6E1CE7BEA02B74E7F368 |
SHA-512: | D50AE0A01E74FC263B704FADE17CDF4993B61E34FD498827D546F090CE2DA5E8F24D4D34FBF360AE7EE5C5E7E3F032F3DDA8AD0C2A2CF0E1DAFEED61258AB4CA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 182 |
Entropy (8bit): | 5.07060597644582 |
Encrypted: | false |
SSDEEP: | 3:RGXKRjN3Mxm8d/AjhclROXDD9jmKXVM8/FOoDamd9xraWMZ4MKLJFcLEWgJya7:zx3M7ucLOdBXVNYmd9NaWM6MKnH5JyY |
MD5: | B08826036A3E81B44E7D8C1284381013 |
SHA1: | 96CF7E6BC1B55C69CE33BEC3B78FFF4EB8839B87 |
SHA-256: | E7AD5092F56BB2ACA26262C361FE5F83171D21AB134D4E5D2EF47E9BF641B549 |
SHA-512: | EB9908F6FB6398EDCE4F3B18AA64ABEE8774D1CA3A5B533617C97AAC5E795627CCB8B1176BE64371E6BEF6352004FC2B4862A388D61A6103D05B5B2D02CD0481 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.569756741108006 |
TrID: |
|
File name: | QT_0948765446-NMPMUST-9876563783.exe |
File size: | 260733 |
MD5: | 155a8b146f63fcecc360cc1162974373 |
SHA1: | 7abaf8a0df564b853227fdb8a614e7f8ba3edd15 |
SHA256: | 361deb3d9ef665902441a554d099bd5e43266cd6320ef84facacdee256d325bd |
SHA512: | fd424da3119cb0b13337a867278bec2418b0e9b4e5d7ba7799db15157d1a040a77c71fc585a9d9582980657bdb483d1124f8cfa83745702efdab6e0bc7d416e4 |
SSDEEP: | 6144:UYa6ZtKR5Z0v2uTcWdq+LKimLlF21W0PLpxYwX:UY3Y5Z0eGJq+LuxF2sL0 |
TLSH: | 8344F09576E0C863D9A50674EE35C9F65BF4BE22C8B50A0737E43F5C397A222D80C362 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*..... |
Icon Hash: | 84f68684c4c33fc0 |
Entrypoint: | 0x403640 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 61259b55b8912888e90f516ca08dc514 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A230h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080C8h] |
mov esi, dword ptr [004080CCh] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F084D0B3D5Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F084D0B3D2Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [0042A318h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6c000 | 0x1f320 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6676 | 0x6800 | False | 0.656813401442 | data | 6.41745998719 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x139a | 0x1400 | False | 0.4498046875 | data | 5.14106681717 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20378 | 0x600 | False | 0.509765625 | data | 4.11058212765 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x2b000 | 0x41000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x6c000 | 0x1f320 | 0x1f400 | False | 0.7696953125 | data | 7.24749238687 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x6c448 | 0x93bf | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x75808 | 0x66ac | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x7beb8 | 0x4c28 | dBase IV DBT, blocks size 0, block length 18432, next free block index 40, next free block 0, next used block 4279173120 | English | United States |
RT_ICON | 0x80ae0 | 0x3c12 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x846f8 | 0x25a8 | data | English | United States |
RT_ICON | 0x86ca0 | 0x10a8 | data | English | United States |
RT_ICON | 0x87d48 | 0xea8 | data | English | United States |
RT_ICON | 0x88bf0 | 0x8a8 | data | English | United States |
RT_ICON | 0x89498 | 0x668 | dBase IV DBT of `.DBF, block length 1536, next free block index 40, next free block 251658488, next used block 65535 | English | United States |
RT_ICON | 0x89b00 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8a068 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x8a4d0 | 0x2e8 | data | English | United States |
RT_ICON | 0x8a7b8 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x8a8e0 | 0x100 | data | English | United States |
RT_DIALOG | 0x8a9e0 | 0x11c | data | English | United States |
RT_DIALOG | 0x8ab00 | 0xc4 | data | English | United States |
RT_DIALOG | 0x8abc8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x8ac28 | 0xbc | data | English | United States |
RT_VERSION | 0x8ace8 | 0x2f4 | data | English | United States |
RT_MANIFEST | 0x8afe0 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | Xamasoft |
FileVersion | 32.24.11 |
CompanyName | 1995-2013 Stellar Information Systems Ltd. |
LegalTrademarks | Advanced Micro Devices, Inc. |
Comments | Coca-Cola Co. |
ProductName | Bausch & Lomb Incorporated |
FileDescription | IT Group Inc. |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 17, 2022 16:51:07.190037966 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.190112114 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.190360069 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.215454102 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.215519905 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.265726089 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.265872002 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.265903950 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.268611908 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.268778086 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.384777069 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.384823084 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.385456085 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:07.385618925 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.389369011 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:07.430558920 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:08.023623943 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:08.023834944 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:08.023874044 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:08.024076939 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:08.024179935 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:08.024530888 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:08.024616957 CEST | 443 | 49761 | 142.250.185.78 | 192.168.11.20 |
May 17, 2022 16:51:08.024682999 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:08.024761915 CEST | 49761 | 443 | 192.168.11.20 | 142.250.185.78 |
May 17, 2022 16:51:08.190407991 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.190479040 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.190685987 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.191037893 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.191091061 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.246088028 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.246328115 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.247133017 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.247317076 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.247323036 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.251301050 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.251346111 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.251471996 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.251599073 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.251928091 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.294550896 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.531893015 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.532105923 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.532212019 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.532361031 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.532402992 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.532422066 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.532941103 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.533158064 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.534193039 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.534405947 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.534460068 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.534714937 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.534874916 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.535125971 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.535177946 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.535444021 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.539742947 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.539957047 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.540014029 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.540205002 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.540263891 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.540455103 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.540492058 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.540678978 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.540690899 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.540733099 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.540878057 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.540913105 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.541110992 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.541325092 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.541379929 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.541568995 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.541734934 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.541943073 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.541990995 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.542165041 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.542344093 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.542543888 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.542598963 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.542753935 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.542968988 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.543118954 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.543149948 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.543298006 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.543566942 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.543730974 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.543797016 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.543947935 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.543981075 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.544204950 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.544630051 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.544792891 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.544827938 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.545022011 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.545068026 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.545218945 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.545551062 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
May 17, 2022 16:51:08.545747042 CEST | 49762 | 443 | 192.168.11.20 | 216.58.212.129 |
May 17, 2022 16:51:08.545779943 CEST | 443 | 49762 | 216.58.212.129 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 17, 2022 16:51:07.168174028 CEST | 61173 | 53 | 192.168.11.20 | 1.1.1.1 |
May 17, 2022 16:51:07.176810980 CEST | 53 | 61173 | 1.1.1.1 | 192.168.11.20 |
May 17, 2022 16:51:08.151992083 CEST | 50544 | 53 | 192.168.11.20 | 1.1.1.1 |
May 17, 2022 16:51:08.188951969 CEST | 53 | 50544 | 1.1.1.1 | 192.168.11.20 |
May 17, 2022 16:51:10.621761084 CEST | 62130 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:51:10.632525921 CEST | 53 | 62130 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:51:27.955521107 CEST | 64091 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:51:27.967823982 CEST | 53 | 64091 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:51:45.443244934 CEST | 56468 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:51:45.454966068 CEST | 53 | 56468 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:52:43.042437077 CEST | 52606 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:52:43.052445889 CEST | 53 | 52606 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:52:49.392524958 CEST | 61504 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:52:49.402622938 CEST | 53 | 61504 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:52:55.725764036 CEST | 60379 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:52:55.737930059 CEST | 53 | 60379 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:53:20.766439915 CEST | 52972 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:53:20.774529934 CEST | 53 | 52972 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:53:27.073446035 CEST | 61390 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:53:27.083282948 CEST | 53 | 61390 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:53:33.349845886 CEST | 58965 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:53:33.358505964 CEST | 53 | 58965 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:53:58.378402948 CEST | 64501 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:53:58.389122009 CEST | 53 | 64501 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:54:04.674421072 CEST | 64695 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:54:04.686652899 CEST | 53 | 64695 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:54:10.949335098 CEST | 61671 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:54:10.959651947 CEST | 53 | 61671 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:54:35.913575888 CEST | 63001 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:54:35.924036026 CEST | 53 | 63001 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:54:42.132663965 CEST | 50327 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:54:42.140944958 CEST | 53 | 50327 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:54:48.357333899 CEST | 62516 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:54:48.369702101 CEST | 53 | 62516 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:55:13.249352932 CEST | 63353 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:55:13.259754896 CEST | 53 | 63353 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:55:19.466981888 CEST | 60141 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:55:19.477248907 CEST | 53 | 60141 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:55:25.684072971 CEST | 51024 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:55:25.696228027 CEST | 53 | 51024 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:55:50.615978956 CEST | 58818 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:55:50.628469944 CEST | 53 | 58818 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:55:56.839081049 CEST | 54245 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:55:56.851109982 CEST | 53 | 54245 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:56:03.066593885 CEST | 56835 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:56:03.075602055 CEST | 53 | 56835 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:56:27.954068899 CEST | 56004 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:56:27.969638109 CEST | 53 | 56004 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:56:34.169270039 CEST | 54067 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:56:34.179934978 CEST | 53 | 54067 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:56:40.375978947 CEST | 51115 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:56:40.388808012 CEST | 53 | 51115 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:05.191165924 CEST | 53641 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:05.201400995 CEST | 53 | 53641 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:11.391573906 CEST | 54995 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:11.404478073 CEST | 53 | 54995 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:17.624360085 CEST | 60489 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:17.635689020 CEST | 53 | 60489 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:42.493755102 CEST | 50947 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:42.502353907 CEST | 53 | 50947 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:48.712739944 CEST | 52682 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:48.724761009 CEST | 53 | 52682 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:57:54.961143970 CEST | 57507 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:57:54.969716072 CEST | 53 | 57507 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:58:19.876087904 CEST | 65006 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:58:19.886549950 CEST | 53 | 65006 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:58:26.063860893 CEST | 60524 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:58:26.075479031 CEST | 53 | 60524 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:58:32.296958923 CEST | 54242 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:58:32.307836056 CEST | 53 | 54242 | 8.8.8.8 | 192.168.11.20 |
May 17, 2022 16:58:57.164994955 CEST | 53044 | 53 | 192.168.11.20 | 8.8.8.8 |
May 17, 2022 16:58:57.177076101 CEST | 53 | 53044 | 8.8.8.8 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 17, 2022 16:51:07.168174028 CEST | 192.168.11.20 | 1.1.1.1 | 0x5d20 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:51:08.151992083 CEST | 192.168.11.20 | 1.1.1.1 | 0xa9b1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:51:10.621761084 CEST | 192.168.11.20 | 8.8.8.8 | 0x81d9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:51:27.955521107 CEST | 192.168.11.20 | 8.8.8.8 | 0xc9a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:51:45.443244934 CEST | 192.168.11.20 | 8.8.8.8 | 0x5912 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:52:43.042437077 CEST | 192.168.11.20 | 8.8.8.8 | 0x83d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:52:49.392524958 CEST | 192.168.11.20 | 8.8.8.8 | 0x5606 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:52:55.725764036 CEST | 192.168.11.20 | 8.8.8.8 | 0xdf1b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:53:20.766439915 CEST | 192.168.11.20 | 8.8.8.8 | 0x9c96 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:53:27.073446035 CEST | 192.168.11.20 | 8.8.8.8 | 0x56d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:53:33.349845886 CEST | 192.168.11.20 | 8.8.8.8 | 0x9dbb | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:53:58.378402948 CEST | 192.168.11.20 | 8.8.8.8 | 0x611 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:54:04.674421072 CEST | 192.168.11.20 | 8.8.8.8 | 0x2589 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:54:10.949335098 CEST | 192.168.11.20 | 8.8.8.8 | 0xe44f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:54:35.913575888 CEST | 192.168.11.20 | 8.8.8.8 | 0x484a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:54:42.132663965 CEST | 192.168.11.20 | 8.8.8.8 | 0x29e0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:54:48.357333899 CEST | 192.168.11.20 | 8.8.8.8 | 0x2090 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:55:13.249352932 CEST | 192.168.11.20 | 8.8.8.8 | 0xa927 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:55:19.466981888 CEST | 192.168.11.20 | 8.8.8.8 | 0x2068 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:55:25.684072971 CEST | 192.168.11.20 | 8.8.8.8 | 0x84dd | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:55:50.615978956 CEST | 192.168.11.20 | 8.8.8.8 | 0x6ff2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:55:56.839081049 CEST | 192.168.11.20 | 8.8.8.8 | 0xef66 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:56:03.066593885 CEST | 192.168.11.20 | 8.8.8.8 | 0xb56a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:56:27.954068899 CEST | 192.168.11.20 | 8.8.8.8 | 0x1e92 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:56:34.169270039 CEST | 192.168.11.20 | 8.8.8.8 | 0x812d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:56:40.375978947 CEST | 192.168.11.20 | 8.8.8.8 | 0xa9ea | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:05.191165924 CEST | 192.168.11.20 | 8.8.8.8 | 0xabc5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:11.391573906 CEST | 192.168.11.20 | 8.8.8.8 | 0x8ae3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:17.624360085 CEST | 192.168.11.20 | 8.8.8.8 | 0x4850 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:42.493755102 CEST | 192.168.11.20 | 8.8.8.8 | 0x62ec | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:48.712739944 CEST | 192.168.11.20 | 8.8.8.8 | 0xf7a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:57:54.961143970 CEST | 192.168.11.20 | 8.8.8.8 | 0x9b4f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:58:19.876087904 CEST | 192.168.11.20 | 8.8.8.8 | 0x5de1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:58:26.063860893 CEST | 192.168.11.20 | 8.8.8.8 | 0xe8b8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:58:32.296958923 CEST | 192.168.11.20 | 8.8.8.8 | 0xc92e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 17, 2022 16:58:57.164994955 CEST | 192.168.11.20 | 8.8.8.8 | 0xd62a | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 17, 2022 16:51:07.176810980 CEST | 1.1.1.1 | 192.168.11.20 | 0x5d20 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:51:08.188951969 CEST | 1.1.1.1 | 192.168.11.20 | 0xa9b1 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
May 17, 2022 16:51:08.188951969 CEST | 1.1.1.1 | 192.168.11.20 | 0xa9b1 | No error (0) | 216.58.212.129 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:51:10.632525921 CEST | 8.8.8.8 | 192.168.11.20 | 0x81d9 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:51:27.967823982 CEST | 8.8.8.8 | 192.168.11.20 | 0xc9a9 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:51:45.454966068 CEST | 8.8.8.8 | 192.168.11.20 | 0x5912 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:52:43.052445889 CEST | 8.8.8.8 | 192.168.11.20 | 0x83d5 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:52:49.402622938 CEST | 8.8.8.8 | 192.168.11.20 | 0x5606 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:52:55.737930059 CEST | 8.8.8.8 | 192.168.11.20 | 0xdf1b | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:53:20.774529934 CEST | 8.8.8.8 | 192.168.11.20 | 0x9c96 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:53:27.083282948 CEST | 8.8.8.8 | 192.168.11.20 | 0x56d7 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:53:33.358505964 CEST | 8.8.8.8 | 192.168.11.20 | 0x9dbb | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:53:58.389122009 CEST | 8.8.8.8 | 192.168.11.20 | 0x611 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:54:04.686652899 CEST | 8.8.8.8 | 192.168.11.20 | 0x2589 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:54:10.959651947 CEST | 8.8.8.8 | 192.168.11.20 | 0xe44f | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:54:35.924036026 CEST | 8.8.8.8 | 192.168.11.20 | 0x484a | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:54:42.140944958 CEST | 8.8.8.8 | 192.168.11.20 | 0x29e0 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:54:48.369702101 CEST | 8.8.8.8 | 192.168.11.20 | 0x2090 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:55:13.259754896 CEST | 8.8.8.8 | 192.168.11.20 | 0xa927 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:55:19.477248907 CEST | 8.8.8.8 | 192.168.11.20 | 0x2068 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:55:25.696228027 CEST | 8.8.8.8 | 192.168.11.20 | 0x84dd | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:55:50.628469944 CEST | 8.8.8.8 | 192.168.11.20 | 0x6ff2 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:55:56.851109982 CEST | 8.8.8.8 | 192.168.11.20 | 0xef66 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:56:03.075602055 CEST | 8.8.8.8 | 192.168.11.20 | 0xb56a | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:56:27.969638109 CEST | 8.8.8.8 | 192.168.11.20 | 0x1e92 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:56:34.179934978 CEST | 8.8.8.8 | 192.168.11.20 | 0x812d | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:56:40.388808012 CEST | 8.8.8.8 | 192.168.11.20 | 0xa9ea | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:05.201400995 CEST | 8.8.8.8 | 192.168.11.20 | 0xabc5 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:11.404478073 CEST | 8.8.8.8 | 192.168.11.20 | 0x8ae3 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:17.635689020 CEST | 8.8.8.8 | 192.168.11.20 | 0x4850 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:42.502353907 CEST | 8.8.8.8 | 192.168.11.20 | 0x62ec | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:48.724761009 CEST | 8.8.8.8 | 192.168.11.20 | 0xf7a3 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:57:54.969716072 CEST | 8.8.8.8 | 192.168.11.20 | 0x9b4f | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:58:19.886549950 CEST | 8.8.8.8 | 192.168.11.20 | 0x5de1 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:58:26.075479031 CEST | 8.8.8.8 | 192.168.11.20 | 0xe8b8 | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:58:32.307836056 CEST | 8.8.8.8 | 192.168.11.20 | 0xc92e | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) | ||
May 17, 2022 16:58:57.177076101 CEST | 8.8.8.8 | 192.168.11.20 | 0xd62a | No error (0) | 91.193.75.131 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49761 | 142.250.185.78 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-17 14:51:07 UTC | 0 | OUT | |
2022-05-17 14:51:08 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49762 | 216.58.212.129 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-17 14:51:08 UTC | 1 | OUT | |
2022-05-17 14:51:08 UTC | 1 | IN |