Windows
Analysis Report
INVOICE.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
- INVOICE.exe (PID: 4312 cmdline:
"C:\Users\ user\Deskt op\INVOICE .exe" MD5: A10619D494661C1F8CA180E53C5A11FD) - CasPol.exe (PID: 7412 cmdline:
"C:\Users\ user\Deskt op\INVOICE .exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 7420 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "https://cdn.discordapp.com/attachments/963535165500588126/978282265127825408/NANOBIN_HBsjI150.bin"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.11.2023.105.131.2284980552182816766 05/25/22-16:30:31.751555 |
SID: | 2816766 |
Source Port: | 49805 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981552182816766 05/25/22-16:31:33.404683 |
SID: | 2816766 |
Source Port: | 49815 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984852182816766 05/25/22-16:34:13.846527 |
SID: | 2816766 |
Source Port: | 49848 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981852182816766 05/25/22-16:31:52.701193 |
SID: | 2816766 |
Source Port: | 49818 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984552182816766 05/25/22-16:33:55.542675 |
SID: | 2816766 |
Source Port: | 49845 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980852182816766 05/25/22-16:30:50.298729 |
SID: | 2816766 |
Source Port: | 49808 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981252182816766 05/25/22-16:31:15.327532 |
SID: | 2816766 |
Source Port: | 49812 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980252182816766 05/25/22-16:30:12.634320 |
SID: | 2816766 |
Source Port: | 49802 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977452182816718 05/25/22-16:27:24.086527 |
SID: | 2816718 |
Source Port: | 49774 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979452182816718 05/25/22-16:29:22.407860 |
SID: | 2816718 |
Source Port: | 49794 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983852182816766 05/25/22-16:33:12.305367 |
SID: | 2816766 |
Source Port: | 49838 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978152182816718 05/25/22-16:28:01.588003 |
SID: | 2816718 |
Source Port: | 49781 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979952182816766 05/25/22-16:29:54.854199 |
SID: | 2816766 |
Source Port: | 49799 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984552182025019 05/25/22-16:33:53.705193 |
SID: | 2025019 |
Source Port: | 49845 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284974852182025019 05/25/22-16:26:46.864576 |
SID: | 2025019 |
Source Port: | 49748 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984852182025019 05/25/22-16:34:12.263748 |
SID: | 2025019 |
Source Port: | 49848 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979252182816766 05/25/22-16:29:11.008493 |
SID: | 2816766 |
Source Port: | 49792 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978952182816766 05/25/22-16:28:50.992111 |
SID: | 2816766 |
Source Port: | 49789 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978252182816766 05/25/22-16:28:07.909556 |
SID: | 2816766 |
Source Port: | 49782 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983852182025019 05/25/22-16:33:10.498232 |
SID: | 2025019 |
Source Port: | 49838 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977552182025019 05/25/22-16:27:28.453733 |
SID: | 2025019 |
Source Port: | 49775 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218498512841753 05/25/22-16:34:36.244631 |
SID: | 2841753 |
Source Port: | 5218 |
Destination Port: | 49851 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979552182025019 05/25/22-16:29:28.100659 |
SID: | 2025019 |
Source Port: | 49795 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983252182816766 05/25/22-16:32:41.208691 |
SID: | 2816766 |
Source Port: | 49832 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978552182025019 05/25/22-16:28:24.771071 |
SID: | 2025019 |
Source Port: | 49785 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218497592841753 05/25/22-16:27:00.103276 |
SID: | 2841753 |
Source Port: | 5218 |
Destination Port: | 49759 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979052182816766 05/25/22-16:28:57.526142 |
SID: | 2816766 |
Source Port: | 49790 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980852182025019 05/25/22-16:30:48.603212 |
SID: | 2025019 |
Source Port: | 49808 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981852182025019 05/25/22-16:31:51.045279 |
SID: | 2025019 |
Source Port: | 49818 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284974952182816766 05/25/22-16:26:55.057687 |
SID: | 2816766 |
Source Port: | 49749 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982252182816766 05/25/22-16:32:17.506541 |
SID: | 2816766 |
Source Port: | 49822 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984752182025019 05/25/22-16:34:05.952772 |
SID: | 2025019 |
Source Port: | 49847 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979852182816766 05/25/22-16:29:48.637027 |
SID: | 2816766 |
Source Port: | 49798 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284975952182816766 05/25/22-16:27:00.103543 |
SID: | 2816766 |
Source Port: | 49759 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977952182816766 05/25/22-16:27:49.167335 |
SID: | 2816766 |
Source Port: | 49779 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218498172810290 05/25/22-16:31:45.092800 |
SID: | 2810290 |
Source Port: | 5218 |
Destination Port: | 49817 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983752182025019 05/25/22-16:33:04.168009 |
SID: | 2025019 |
Source Port: | 49837 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984252182816766 05/25/22-16:33:37.063051 |
SID: | 2816766 |
Source Port: | 49842 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980452182816718 05/25/22-16:30:24.424049 |
SID: | 2816718 |
Source Port: | 49804 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978352182025019 05/25/22-16:28:12.382304 |
SID: | 2025019 |
Source Port: | 49783 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977352182025019 05/25/22-16:27:16.213770 |
SID: | 2025019 |
Source Port: | 49773 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978052182816766 05/25/22-16:27:55.336603 |
SID: | 2816766 |
Source Port: | 49780 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981452182816766 05/25/22-16:31:27.677259 |
SID: | 2816766 |
Source Port: | 49814 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983452182816766 05/25/22-16:32:53.455056 |
SID: | 2816766 |
Source Port: | 49834 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978052182025019 05/25/22-16:27:53.470678 |
SID: | 2025019 |
Source Port: | 49780 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981952182816766 05/25/22-16:31:58.993113 |
SID: | 2816766 |
Source Port: | 49819 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984152182816718 05/25/22-16:33:29.977439 |
SID: | 2816718 |
Source Port: | 49841 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979052182025019 05/25/22-16:28:55.697451 |
SID: | 2025019 |
Source Port: | 49790 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979352182025019 05/25/22-16:29:15.457432 |
SID: | 2025019 |
Source Port: | 49793 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980952182816766 05/25/22-16:30:55.689976 |
SID: | 2816766 |
Source Port: | 49809 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982252182816718 05/25/22-16:32:16.717000 |
SID: | 2816718 |
Source Port: | 49822 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984452182816766 05/25/22-16:33:49.422646 |
SID: | 2816766 |
Source Port: | 49844 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978152182025019 05/25/22-16:27:59.670880 |
SID: | 2025019 |
Source Port: | 49781 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979152182025019 05/25/22-16:29:03.014507 |
SID: | 2025019 |
Source Port: | 49791 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981752182816766 05/25/22-16:31:46.470211 |
SID: | 2816766 |
Source Port: | 49817 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984752182816766 05/25/22-16:34:07.795147 |
SID: | 2816766 |
Source Port: | 49847 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983752182816766 05/25/22-16:33:05.936139 |
SID: | 2816766 |
Source Port: | 49837 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980652182816766 05/25/22-16:30:38.113236 |
SID: | 2816766 |
Source Port: | 49806 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978252182025019 05/25/22-16:28:06.138718 |
SID: | 2025019 |
Source Port: | 49782 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981652182816766 05/25/22-16:31:40.194825 |
SID: | 2816766 |
Source Port: | 49816 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979252182025019 05/25/22-16:29:09.264603 |
SID: | 2025019 |
Source Port: | 49792 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983652182816766 05/25/22-16:32:59.707817 |
SID: | 2816766 |
Source Port: | 49836 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982652182816766 05/25/22-16:32:23.833819 |
SID: | 2816766 |
Source Port: | 49826 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984652182816766 05/25/22-16:34:01.648187 |
SID: | 2816766 |
Source Port: | 49846 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980752182816766 05/25/22-16:30:44.246974 |
SID: | 2816766 |
Source Port: | 49807 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979452182816766 05/25/22-16:29:23.408734 |
SID: | 2816766 |
Source Port: | 49794 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978452182816766 05/25/22-16:28:20.281595 |
SID: | 2816766 |
Source Port: | 49784 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981052182025019 05/25/22-16:31:01.082735 |
SID: | 2025019 |
Source Port: | 49810 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982052182025019 05/25/22-16:32:03.376767 |
SID: | 2025019 |
Source Port: | 49820 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979752182816766 05/25/22-16:29:42.453149 |
SID: | 2816766 |
Source Port: | 49797 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284985052182025019 05/25/22-16:34:24.645932 |
SID: | 2025019 |
Source Port: | 49850 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981352182025019 05/25/22-16:31:19.726151 |
SID: | 2025019 |
Source Port: | 49813 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984652182025019 05/25/22-16:33:59.917803 |
SID: | 2025019 |
Source Port: | 49846 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977452182816766 05/25/22-16:27:24.106124 |
SID: | 2816766 |
Source Port: | 49774 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983052182025019 05/25/22-16:32:28.339078 |
SID: | 2025019 |
Source Port: | 49830 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980352182025019 05/25/22-16:30:17.769659 |
SID: | 2025019 |
Source Port: | 49803 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984052182025019 05/25/22-16:33:22.875676 |
SID: | 2025019 |
Source Port: | 49840 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284976752182025019 05/25/22-16:27:04.846136 |
SID: | 2025019 |
Source Port: | 49767 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983652182025019 05/25/22-16:32:58.020068 |
SID: | 2025019 |
Source Port: | 49836 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979752182025019 05/25/22-16:29:40.806456 |
SID: | 2025019 |
Source Port: | 49797 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980652182025019 05/25/22-16:30:36.339999 |
SID: | 2025019 |
Source Port: | 49806 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982652182025019 05/25/22-16:32:22.102445 |
SID: | 2025019 |
Source Port: | 49826 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984952182025019 05/25/22-16:34:18.439602 |
SID: | 2025019 |
Source Port: | 49849 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978752182816766 05/25/22-16:28:38.133818 |
SID: | 2816766 |
Source Port: | 49787 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978752182025019 05/25/22-16:28:37.063244 |
SID: | 2025019 |
Source Port: | 49787 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981652182025019 05/25/22-16:31:38.474206 |
SID: | 2025019 |
Source Port: | 49816 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983052182816766 05/25/22-16:32:30.129444 |
SID: | 2816766 |
Source Port: | 49830 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977452182025019 05/25/22-16:27:22.348086 |
SID: | 2025019 |
Source Port: | 49774 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978452182025019 05/25/22-16:28:18.576555 |
SID: | 2025019 |
Source Port: | 49784 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981952182025019 05/25/22-16:31:57.191772 |
SID: | 2025019 |
Source Port: | 49819 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284985052182816766 05/25/22-16:34:26.408613 |
SID: | 2816766 |
Source Port: | 49850 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218498312841753 05/25/22-16:32:34.844440 |
SID: | 2841753 |
Source Port: | 5218 |
Destination Port: | 49831 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983952182025019 05/25/22-16:33:16.763494 |
SID: | 2025019 |
Source Port: | 49839 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284976752182816766 05/25/22-16:27:06.607242 |
SID: | 2816766 |
Source Port: | 49767 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984052182816766 05/25/22-16:33:24.678606 |
SID: | 2816766 |
Source Port: | 49840 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983352182816766 05/25/22-16:32:47.320512 |
SID: | 2816766 |
Source Port: | 49833 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218498002810290 05/25/22-16:29:59.624575 |
SID: | 2810290 |
Source Port: | 5218 |
Destination Port: | 49800 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981352182816766 05/25/22-16:31:21.456707 |
SID: | 2816766 |
Source Port: | 49813 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979452182025019 05/25/22-16:29:21.751685 |
SID: | 2025019 |
Source Port: | 49794 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980952182025019 05/25/22-16:30:54.829029 |
SID: | 2025019 |
Source Port: | 49809 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981552182816718 05/25/22-16:31:32.812110 |
SID: | 2816718 |
Source Port: | 49815 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980452182816766 05/25/22-16:30:25.689265 |
SID: | 2816766 |
Source Port: | 49804 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984352182816766 05/25/22-16:33:43.265564 |
SID: | 2816766 |
Source Port: | 49843 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983952182816766 05/25/22-16:33:18.245419 |
SID: | 2816766 |
Source Port: | 49839 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984952182816766 05/25/22-16:34:20.172443 |
SID: | 2816766 |
Source Port: | 49849 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979152182816766 05/25/22-16:29:04.010879 |
SID: | 2816766 |
Source Port: | 49791 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978152182816766 05/25/22-16:28:01.588003 |
SID: | 2816766 |
Source Port: | 49781 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977152182816766 05/25/22-16:27:11.283267 |
SID: | 2816766 |
Source Port: | 49771 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980352182816766 05/25/22-16:30:18.720362 |
SID: | 2816766 |
Source Port: | 49803 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980052182025019 05/25/22-16:29:59.232879 |
SID: | 2025019 |
Source Port: | 49800 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284974852182816766 05/25/22-16:26:48.681674 |
SID: | 2816766 |
Source Port: | 49748 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980752182025019 05/25/22-16:30:42.432914 |
SID: | 2025019 |
Source Port: | 49807 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284985152182816766 05/25/22-16:34:32.377118 |
SID: | 2816766 |
Source Port: | 49851 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977652182025019 05/25/22-16:27:34.857766 |
SID: | 2025019 |
Source Port: | 49776 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979652182025019 05/25/22-16:29:34.496572 |
SID: | 2025019 |
Source Port: | 49796 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981752182025019 05/25/22-16:31:44.732801 |
SID: | 2025019 |
Source Port: | 49817 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978652182025019 05/25/22-16:28:30.959545 |
SID: | 2025019 |
Source Port: | 49786 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978852182816766 05/25/22-16:28:44.949511 |
SID: | 2816766 |
Source Port: | 49788 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977852182816766 05/25/22-16:27:42.950814 |
SID: | 2816766 |
Source Port: | 49778 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983152182816766 05/25/22-16:32:34.844642 |
SID: | 2816766 |
Source Port: | 49831 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984152182816766 05/25/22-16:33:30.661382 |
SID: | 2816766 |
Source Port: | 49841 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983452182025019 05/25/22-16:32:51.785059 |
SID: | 2025019 |
Source Port: | 49834 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218498442810290 05/25/22-16:33:47.960213 |
SID: | 2810290 |
Source Port: | 5218 |
Destination Port: | 49844 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980152182025019 05/25/22-16:30:05.428634 |
SID: | 2025019 |
Source Port: | 49801 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984452182025019 05/25/22-16:33:47.586034 |
SID: | 2025019 |
Source Port: | 49844 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284974952182025019 05/25/22-16:26:53.269482 |
SID: | 2025019 |
Source Port: | 49749 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284975952182025019 05/25/22-16:26:59.829388 |
SID: | 2025019 |
Source Port: | 49759 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981152182025019 05/25/22-16:31:07.278886 |
SID: | 2025019 |
Source Port: | 49811 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982152182025019 05/25/22-16:32:09.548587 |
SID: | 2025019 |
Source Port: | 49821 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979352182816766 05/25/22-16:29:17.137280 |
SID: | 2816766 |
Source Port: | 49793 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982152182816766 05/25/22-16:32:11.284736 |
SID: | 2816766 |
Source Port: | 49821 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984152182025019 05/25/22-16:33:29.043736 |
SID: | 2025019 |
Source Port: | 49841 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981152182816766 05/25/22-16:31:09.026560 |
SID: | 2816766 |
Source Port: | 49811 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983152182025019 05/25/22-16:32:34.588426 |
SID: | 2025019 |
Source Port: | 49831 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284985152182025019 05/25/22-16:34:30.894473 |
SID: | 2025019 |
Source Port: | 49851 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978352182816766 05/25/22-16:28:14.229320 |
SID: | 2816766 |
Source Port: | 49783 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980152182816766 05/25/22-16:30:07.044829 |
SID: | 2816766 |
Source Port: | 49801 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980252182025019 05/25/22-16:30:11.623216 |
SID: | 2025019 |
Source Port: | 49802 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977352182816766 05/25/22-16:27:18.010840 |
SID: | 2816766 |
Source Port: | 49773 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977652182816766 05/25/22-16:27:36.667274 |
SID: | 2816766 |
Source Port: | 49776 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977852182025019 05/25/22-16:27:41.011477 |
SID: | 2025019 |
Source Port: | 49778 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978852182025019 05/25/22-16:28:43.166698 |
SID: | 2025019 |
Source Port: | 49788 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978652182816766 05/25/22-16:28:31.884971 |
SID: | 2816766 |
Source Port: | 49786 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979652182816766 05/25/22-16:29:36.135757 |
SID: | 2816766 |
Source Port: | 49796 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981252182025019 05/25/22-16:31:13.574908 |
SID: | 2025019 |
Source Port: | 49812 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982052182816766 05/25/22-16:32:04.963064 |
SID: | 2816766 |
Source Port: | 49820 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 23.105.131.228192.168.11.205218497792810290 05/25/22-16:27:47.647887 |
SID: | 2810290 |
Source Port: | 5218 |
Destination Port: | 49779 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981552182025019 05/25/22-16:31:32.395920 |
SID: | 2025019 |
Source Port: | 49815 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984852182816718 05/25/22-16:34:13.753308 |
SID: | 2816718 |
Source Port: | 49848 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284982252182025019 05/25/22-16:32:15.727698 |
SID: | 2025019 |
Source Port: | 49822 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983252182025019 05/25/22-16:32:39.456089 |
SID: | 2025019 |
Source Port: | 49832 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979852182025019 05/25/22-16:29:46.898756 |
SID: | 2025019 |
Source Port: | 49798 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980552182025019 05/25/22-16:30:30.115828 |
SID: | 2025019 |
Source Port: | 49805 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981052182816766 05/25/22-16:31:02.456519 |
SID: | 2816766 |
Source Port: | 49810 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984252182025019 05/25/22-16:33:35.275332 |
SID: | 2025019 |
Source Port: | 49842 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980052182816766 05/25/22-16:30:00.278352 |
SID: | 2816766 |
Source Port: | 49800 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978552182816766 05/25/22-16:28:26.357244 |
SID: | 2816766 |
Source Port: | 49785 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977952182025019 05/25/22-16:27:47.275839 |
SID: | 2025019 |
Source Port: | 49779 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979552182816766 05/25/22-16:29:29.845796 |
SID: | 2816766 |
Source Port: | 49795 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284981452182025019 05/25/22-16:31:26.168469 |
SID: | 2025019 |
Source Port: | 49814 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284980452182025019 05/25/22-16:30:23.941395 |
SID: | 2025019 |
Source Port: | 49804 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284978952182025019 05/25/22-16:28:49.375932 |
SID: | 2025019 |
Source Port: | 49789 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284979952182025019 05/25/22-16:29:53.078752 |
SID: | 2025019 |
Source Port: | 49799 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284983352182025019 05/25/22-16:32:45.614041 |
SID: | 2025019 |
Source Port: | 49833 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284984352182025019 05/25/22-16:33:41.543999 |
SID: | 2025019 |
Source Port: | 49843 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.2284977552182816766 05/25/22-16:27:30.206122 |
SID: | 2816766 |
Source Port: | 49775 |
Destination Port: | 5218 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | File opened: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: |
System Summary |
---|
Source: | Static PE information: |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File written: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: |
Source: | Registry value created: | Jump to behavior |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: |
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: |
Source: | System information queried: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 4 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | 1 Windows Service | 1 Access Token Manipulation | 1 Obfuscated Files or Information | LSASS Memory | 5 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | 1 Registry Run Keys / Startup Folder | 1 Windows Service | 1 Timestomp | Security Account Manager | 221 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 112 Process Injection | 1 DLL Side-Loading | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | 1 Registry Run Keys / Startup Folder | 1 Masquerading | LSA Secrets | 131 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 131 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 112 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
15% | Virustotal | Browse | ||
42% | ReversingLabs | Win32.Trojan.Shelsy |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
dual-a-0001.dc-msedge.net | 13.107.22.200 | true | false |
| unknown |
timenamoney.ooguy.com | 23.105.131.228 | true | true | unknown | |
cdn.discordapp.com | 162.159.134.233 | true | false | high | |
e-0009.e-msedge.net | 13.107.5.88 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
23.105.131.228 | timenamoney.ooguy.com | United States | 396362 | LEASEWEB-USA-NYC-11US | true | |
162.159.134.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 634111 |
Start date and time: 25/05/202216:24:11 | 2022-05-25 16:24:11 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 48s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | INVOICE.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 36 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@4/13@77/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- TCP Packets have been reduced to 100
- Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, MusNotificationUx.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.93.58.141, 40.117.96.136
- Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-3-fe.northeurope.cloudapp.azure.com, www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, login.live.com, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
16:26:44 | API Interceptor | |
16:26:44 | Autostart | |
16:26:52 | Autostart |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 105748 |
Entropy (8bit): | 6.594105073918034 |
Encrypted: | false |
SSDEEP: | 1536:6/oEoq1Iy3Kyat2nSqglaSi+ksT7ewHxgdR:ioEoq1Iy3Kyg6R8aStewRgX |
MD5: | 6728021C3198EE4F6F422A047AC506EF |
SHA1: | C2E97C1816BAE3AA7D40C3EA59F52812ED6AAE70 |
SHA-256: | 4DB076FA62DAEA04C6634069D10E4C7A67846BD1E524B40A989A5C27498BBB98 |
SHA-512: | 9A3017C4B487F8892E9131EB3452B4A432D997262D169D76133936AB3A5064614F1C3EF93DCE88CE3A84B7BCB5E7D7A3DDA8845DF46D4690A554BDF367FC18D4 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15512 |
Entropy (8bit): | 6.804862962213531 |
Encrypted: | false |
SSDEEP: | 384:PZ152PIWOmWqlC/uPHRN7yYWF//dJR9ztG/+A:R1zSlWMyYWF//dj9zW |
MD5: | 6CFD24EDAD19285628C42E150B13CEFC |
SHA1: | D2349988D62A8047C8194B5C0A25C525B8B58FCB |
SHA-256: | C702F48311386BB45B4A9189058914197B16B5B5B9606A39B0F4C24EE891F04E |
SHA-512: | 1AFA531D42D67BCA0542063DCFB031F06E4CC923F5ADDCD5A954AEEBA03B29EBC37EBD002F6C2CA9144B56D2E3FAD4893C6F3C4C3368D85A5B34F196D1940980 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 78952 |
Entropy (8bit): | 6.515753721409949 |
Encrypted: | false |
SSDEEP: | 1536:ZFCLZygVO0U5/YrxnU9EqOfxdrJ2RH7AGlUMG:ZyZygVO1exnU9EzxdroKGlUJ |
MD5: | 514AE47FAB14E04E3F7EF70179184F43 |
SHA1: | BA17EEA34A75439362C8FB1F12CA438570FBDB77 |
SHA-256: | 3AF3A8B198EADC2120DC9F2CD9AE150EE7BE6F3D0C1985519C3C6E652AD25682 |
SHA-512: | 286ACD03EDD57B36EE72E76995583042B94C244D8C2337DBD63DEB1DA36F5A8D04E0DB6963AB71B033EC442D3C37CF68701B3E4F0A3933E35B111CE9AA8921A6 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37546 |
Entropy (8bit): | 3.9997596847051198 |
Encrypted: | false |
SSDEEP: | 768:2kQDmlZJu47eyQpLGGDER1k5y93KTddS32yNWhv8LIeYnIxy6F60lZo2/E7J:/fYLvFcPapS3Av8LI+06w0t/G |
MD5: | 32EA6BDBD368660B87A6EC28764BC17E |
SHA1: | A6A680014E0A66AD33D2CB5C8A7797C7CEAC17B5 |
SHA-256: | 63A2C9E2B87F9AFBADB3CB8D66A68C75A0ABD483C05E5FAF24CA57B4E2DE8CC7 |
SHA-512: | 02A6CFBFA9E010252AF19BDD2685D309200B6972C707E0611CCEDE1D28754DFFB3AB0AE67C5260458867B68666A3E55524222B572EA8107B04BC01591AD6B8F1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 262120 |
Entropy (8bit): | 7.238241658369799 |
Encrypted: | false |
SSDEEP: | 3072:rbG7N2kDTHUpou5I/QGAhsCKgUbnVCP/+B9F9EbvwwgMvdOHcgW0SpC7Pn5r0K85:rbE/HUhO0XI9FWuMvG006yPnfTMR |
MD5: | 183E5A973298E12DA305DED4205E702A |
SHA1: | 4F3BA6B3D4B5ABBAFFC255B041F9D9AF1802A858 |
SHA-256: | 7112CBF9E0FE7D32310D3AEB5F8CD47A3551C651E42AC1A83914C86A43D301B1 |
SHA-512: | D6BD33D978BC13170B9FB92F18A62016C0FF3599D8C0CFF0570BE8F735F1542BDF2CC8A0A799CBA2388CA5235F4BE563835ABDFF1C18B2D0C15953358F402DDE |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 316 |
Entropy (8bit): | 4.795067099691328 |
Encrypted: | false |
SSDEEP: | 6:tI9mc4slzcWER4tVvgtt7XR9XeTRnVcMdN/NwWULbm8aBJcllf7lNDME:t4CDqtVvg7XaTRtTFwWULpq8Nl9ME |
MD5: | B326D09573739B7BD22AE9BC602BEBE1 |
SHA1: | 6F10B07DF50E425BE75D7C0042E45926CAC06137 |
SHA-256: | BC31190E955A90C3442F3C222435751717A04834EFB8006334CAC55DA27CAF54 |
SHA-512: | 5C27A1148C50568500133D962A9AFE3E434ED704FC64B9DC42CFBA7F52CABBD35468E8B3096CCFAE0D12EF1D80D710D7B57B98F69677EE5612F8FC39055F9293 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 710 |
Entropy (8bit): | 4.447432775965755 |
Encrypted: | false |
SSDEEP: | 12:TMHdPnnl/nu3tlnuIDLfHShZozWlz2WJhWlz5jJhWlzgbVoJmdJWlzLVoJmdJWlp:2dPnnxu3tlrDLfybcNWv6vLbmJmdJYmZ |
MD5: | CF5D546B0985AD2F75E420FDEEE8ABEC |
SHA1: | 222DC112B47362AA10965C3F98D47951A69CC9D4 |
SHA-256: | 8433D0660B758DC3345BD673251ABA619E9376E92AAA132E1844DCF846F188DA |
SHA-512: | D92CB4C6D28DECAE21A065772AABE0A854DDA4EB58C9F425FA6B895949C01F6EF62B461F4F5039712F461AAF5C17673120484EAB581E8ECC688818EB6F5E774E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1225 |
Entropy (8bit): | 4.6943702353982895 |
Encrypted: | false |
SSDEEP: | 24:ShrmEx6IL6UDUXqk2ba4IkhqHXVvuMQqXzTw0Y1nQXiwnpOU8:S9T0IL6U4S5I2euMtzTw0iQXiwngU8 |
MD5: | 99295D6215590991C85E42E9FAF2761F |
SHA1: | FC1C7C55D43FFA7D9CAAC60D248DDC2779ABEBE0 |
SHA-256: | 050A30288F374F867178E9E14FB70192D9A50530E7FE5237A707197EAB028402 |
SHA-512: | 3DE2F860062ED7BD85139B3E0DC9C9388D57A2BECF8731D0550079E19C32AF6EE3578E92C85F42B875C0A55C0682C8105762051996C62D6B77975061198917D9 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\INVOICE.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164 |
Entropy (8bit): | 5.895691362934477 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll7Mlgk0zGDPypLCCuCVu9ZcyxDjrIbvcr/bp:6v/lhPyspkhdqLCCuCVuQi/rIbsTp |
MD5: | 40FD1CB204BCCD773B72525B3FB03265 |
SHA1: | 00745E555F1F69AD74B8926868481658B6DF6DC4 |
SHA-256: | B7793D587D8D1525BB621C577492C00516A940393105A07C435CBAF01619F8E6 |
SHA-512: | B74FB1BE2BD317E2F23B395C25D4B38C4E54BE7C67E195E3E5F8697C08DDBFA4ED5F5E33B385993F4AE798CFBAEFD7D249745D5E9E4B3820F14119391A584047 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:G/t:Gl |
MD5: | 4C93AB6CED3E25EE85C0582A475154DC |
SHA1: | EA80D21D44FC666219C8A6308B40F9DB28E89F2D |
SHA-256: | F033002C87E0B353C322418953603D8CDBA0665E268241976EC3C0D634BE392E |
SHA-512: | F661FCE9D74C2E82EE9D7A6DDEB4C7840645077E0C652D016AA91406DCED7DB6F54BADBC46F26DD64D7075422EDA1C87CCE36C1EB4669D3D6B80879EB5EE2A80 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.238261722532882 |
TrID: |
|
File name: | INVOICE.exe |
File size: | 262120 |
MD5: | a10619d494661c1f8ca180e53c5a11fd |
SHA1: | 1273e17b50d8d33078df02447fa9adaab255b459 |
SHA256: | e126c11aec2897bd7959747e70bc85d4153abdadbe45344bb41771ced23f3228 |
SHA512: | bc1383fa76765e77298ee35d4358bca8b2be7c310d7567f4d93c67790a0f6f03941f1301c11b78bfa5e178dc312ac3d0886417f705e5613f6f732b0b7f23b36a |
SSDEEP: | 3072:EbG7N2kDTHUpou5I/QGAhsCKgUbnVCP/+B9F9EbvwwgMvdOHcgW0SpC7Pn5r0K85:EbE/HUhO0XI9FWuMvG006yPnfTMR |
TLSH: | 4F44D020B7A8BB36CCE25DBA057A127E8EE6DE101605DD4327313A4C1A37ED4AF5B215 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 79c4b6b3b2aae831 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Signature Valid: | false |
Signature Issuer: | CN="MAGNETOSTATIC FORKORTELSESLISTENS Whizgig ", O=Hereticated, L=Wellsville, S=Kansas, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 699972A492A19376B77B2AED92BC1C97 |
Thumbprint SHA-1: | E1F82DA5213EDEC1AB97EC2FFC65EE3DDBD3D55A |
Thumbprint SHA-256: | 4AFC8697012468A5B106CBE76591E9ADE8C5E8C06F6A3B15A12246F487717BE0 |
Serial: | DCE6229CB2DDC799 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F02F0D46E2Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F02F0D46DFAh |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x11320 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3e7a8 | 0x1840 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x36000 | 0x29000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x5f000 | 0x11320 | 0x11400 | False | 0.273027060688 | data | 4.45026203596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x5f208 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_DIALOG | 0x6fa30 | 0x100 | data | English | United States |
RT_DIALOG | 0x6fb30 | 0x11c | data | English | United States |
RT_DIALOG | 0x6fc50 | 0xc4 | data | English | United States |
RT_DIALOG | 0x6fd18 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x6fd78 | 0x14 | data | English | United States |
RT_VERSION | 0x6fd90 | 0x24c | data | English | United States |
RT_MANIFEST | 0x6ffe0 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | Precept |
FileVersion | 1.24.4 |
CompanyName | mimicismudsl |
LegalTrademarks | STAV |
Comments | Overwashv50 |
ProductName | SEMI |
FileDescription | Bortadopte |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.2023.105.131.2284980552182816766 05/25/22-16:30:31.751555 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49805 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981552182816766 05/25/22-16:31:33.404683 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984852182816766 05/25/22-16:34:13.846527 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981852182816766 05/25/22-16:31:52.701193 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49818 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984552182816766 05/25/22-16:33:55.542675 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980852182816766 05/25/22-16:30:50.298729 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981252182816766 05/25/22-16:31:15.327532 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980252182816766 05/25/22-16:30:12.634320 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977452182816718 05/25/22-16:27:24.086527 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979452182816718 05/25/22-16:29:22.407860 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983852182816766 05/25/22-16:33:12.305367 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978152182816718 05/25/22-16:28:01.588003 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979952182816766 05/25/22-16:29:54.854199 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984552182025019 05/25/22-16:33:53.705193 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284974852182025019 05/25/22-16:26:46.864576 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49748 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984852182025019 05/25/22-16:34:12.263748 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979252182816766 05/25/22-16:29:11.008493 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978952182816766 05/25/22-16:28:50.992111 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49789 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978252182816766 05/25/22-16:28:07.909556 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983852182025019 05/25/22-16:33:10.498232 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977552182025019 05/25/22-16:27:28.453733 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218498512841753 05/25/22-16:34:36.244631 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49851 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284979552182025019 05/25/22-16:29:28.100659 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49795 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983252182816766 05/25/22-16:32:41.208691 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978552182025019 05/25/22-16:28:24.771071 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49785 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218497592841753 05/25/22-16:27:00.103276 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49759 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284979052182816766 05/25/22-16:28:57.526142 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980852182025019 05/25/22-16:30:48.603212 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981852182025019 05/25/22-16:31:51.045279 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49818 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284974952182816766 05/25/22-16:26:55.057687 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49749 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982252182816766 05/25/22-16:32:17.506541 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984752182025019 05/25/22-16:34:05.952772 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979852182816766 05/25/22-16:29:48.637027 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49798 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284975952182816766 05/25/22-16:27:00.103543 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49759 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977952182816766 05/25/22-16:27:49.167335 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49779 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218498172810290 05/25/22-16:31:45.092800 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49817 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284983752182025019 05/25/22-16:33:04.168009 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984252182816766 05/25/22-16:33:37.063051 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980452182816718 05/25/22-16:30:24.424049 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978352182025019 05/25/22-16:28:12.382304 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977352182025019 05/25/22-16:27:16.213770 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49773 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978052182816766 05/25/22-16:27:55.336603 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981452182816766 05/25/22-16:31:27.677259 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983452182816766 05/25/22-16:32:53.455056 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978052182025019 05/25/22-16:27:53.470678 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981952182816766 05/25/22-16:31:58.993113 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984152182816718 05/25/22-16:33:29.977439 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979052182025019 05/25/22-16:28:55.697451 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979352182025019 05/25/22-16:29:15.457432 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49793 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980952182816766 05/25/22-16:30:55.689976 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982252182816718 05/25/22-16:32:16.717000 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984452182816766 05/25/22-16:33:49.422646 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978152182025019 05/25/22-16:27:59.670880 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979152182025019 05/25/22-16:29:03.014507 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981752182816766 05/25/22-16:31:46.470211 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984752182816766 05/25/22-16:34:07.795147 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983752182816766 05/25/22-16:33:05.936139 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980652182816766 05/25/22-16:30:38.113236 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978252182025019 05/25/22-16:28:06.138718 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981652182816766 05/25/22-16:31:40.194825 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979252182025019 05/25/22-16:29:09.264603 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983652182816766 05/25/22-16:32:59.707817 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982652182816766 05/25/22-16:32:23.833819 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984652182816766 05/25/22-16:34:01.648187 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980752182816766 05/25/22-16:30:44.246974 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979452182816766 05/25/22-16:29:23.408734 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978452182816766 05/25/22-16:28:20.281595 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981052182025019 05/25/22-16:31:01.082735 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982052182025019 05/25/22-16:32:03.376767 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979752182816766 05/25/22-16:29:42.453149 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284985052182025019 05/25/22-16:34:24.645932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49850 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981352182025019 05/25/22-16:31:19.726151 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984652182025019 05/25/22-16:33:59.917803 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977452182816766 05/25/22-16:27:24.106124 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983052182025019 05/25/22-16:32:28.339078 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980352182025019 05/25/22-16:30:17.769659 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984052182025019 05/25/22-16:33:22.875676 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284976752182025019 05/25/22-16:27:04.846136 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49767 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983652182025019 05/25/22-16:32:58.020068 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979752182025019 05/25/22-16:29:40.806456 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980652182025019 05/25/22-16:30:36.339999 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982652182025019 05/25/22-16:32:22.102445 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984952182025019 05/25/22-16:34:18.439602 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49849 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978752182816766 05/25/22-16:28:38.133818 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978752182025019 05/25/22-16:28:37.063244 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981652182025019 05/25/22-16:31:38.474206 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983052182816766 05/25/22-16:32:30.129444 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977452182025019 05/25/22-16:27:22.348086 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978452182025019 05/25/22-16:28:18.576555 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981952182025019 05/25/22-16:31:57.191772 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284985052182816766 05/25/22-16:34:26.408613 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49850 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218498312841753 05/25/22-16:32:34.844440 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49831 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284983952182025019 05/25/22-16:33:16.763494 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284976752182816766 05/25/22-16:27:06.607242 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49767 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984052182816766 05/25/22-16:33:24.678606 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983352182816766 05/25/22-16:32:47.320512 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218498002810290 05/25/22-16:29:59.624575 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49800 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284981352182816766 05/25/22-16:31:21.456707 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979452182025019 05/25/22-16:29:21.751685 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980952182025019 05/25/22-16:30:54.829029 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981552182816718 05/25/22-16:31:32.812110 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980452182816766 05/25/22-16:30:25.689265 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984352182816766 05/25/22-16:33:43.265564 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983952182816766 05/25/22-16:33:18.245419 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984952182816766 05/25/22-16:34:20.172443 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49849 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979152182816766 05/25/22-16:29:04.010879 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978152182816766 05/25/22-16:28:01.588003 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977152182816766 05/25/22-16:27:11.283267 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49771 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980352182816766 05/25/22-16:30:18.720362 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980052182025019 05/25/22-16:29:59.232879 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284974852182816766 05/25/22-16:26:48.681674 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49748 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980752182025019 05/25/22-16:30:42.432914 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284985152182816766 05/25/22-16:34:32.377118 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49851 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977652182025019 05/25/22-16:27:34.857766 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49776 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979652182025019 05/25/22-16:29:34.496572 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981752182025019 05/25/22-16:31:44.732801 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978652182025019 05/25/22-16:28:30.959545 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978852182816766 05/25/22-16:28:44.949511 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977852182816766 05/25/22-16:27:42.950814 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49778 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983152182816766 05/25/22-16:32:34.844642 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984152182816766 05/25/22-16:33:30.661382 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983452182025019 05/25/22-16:32:51.785059 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218498442810290 05/25/22-16:33:47.960213 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49844 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284980152182025019 05/25/22-16:30:05.428634 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984452182025019 05/25/22-16:33:47.586034 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284974952182025019 05/25/22-16:26:53.269482 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49749 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284975952182025019 05/25/22-16:26:59.829388 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49759 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981152182025019 05/25/22-16:31:07.278886 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982152182025019 05/25/22-16:32:09.548587 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979352182816766 05/25/22-16:29:17.137280 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49793 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982152182816766 05/25/22-16:32:11.284736 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984152182025019 05/25/22-16:33:29.043736 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981152182816766 05/25/22-16:31:09.026560 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983152182025019 05/25/22-16:32:34.588426 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284985152182025019 05/25/22-16:34:30.894473 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49851 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978352182816766 05/25/22-16:28:14.229320 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980152182816766 05/25/22-16:30:07.044829 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980252182025019 05/25/22-16:30:11.623216 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977352182816766 05/25/22-16:27:18.010840 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49773 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977652182816766 05/25/22-16:27:36.667274 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49776 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977852182025019 05/25/22-16:27:41.011477 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49778 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978852182025019 05/25/22-16:28:43.166698 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978652182816766 05/25/22-16:28:31.884971 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979652182816766 05/25/22-16:29:36.135757 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981252182025019 05/25/22-16:31:13.574908 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982052182816766 05/25/22-16:32:04.963064 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
23.105.131.228192.168.11.205218497792810290 05/25/22-16:27:47.647887 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49779 | 23.105.131.228 | 192.168.11.20 |
192.168.11.2023.105.131.2284981552182025019 05/25/22-16:31:32.395920 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984852182816718 05/25/22-16:34:13.753308 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284982252182025019 05/25/22-16:32:15.727698 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983252182025019 05/25/22-16:32:39.456089 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979852182025019 05/25/22-16:29:46.898756 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49798 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980552182025019 05/25/22-16:30:30.115828 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49805 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981052182816766 05/25/22-16:31:02.456519 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984252182025019 05/25/22-16:33:35.275332 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980052182816766 05/25/22-16:30:00.278352 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978552182816766 05/25/22-16:28:26.357244 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49785 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977952182025019 05/25/22-16:27:47.275839 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49779 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979552182816766 05/25/22-16:29:29.845796 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49795 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284981452182025019 05/25/22-16:31:26.168469 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284980452182025019 05/25/22-16:30:23.941395 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284978952182025019 05/25/22-16:28:49.375932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49789 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284979952182025019 05/25/22-16:29:53.078752 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284983352182025019 05/25/22-16:32:45.614041 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284984352182025019 05/25/22-16:33:41.543999 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
192.168.11.2023.105.131.2284977552182816766 05/25/22-16:27:30.206122 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 25, 2022 16:26:44.311292887 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.311387062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.311680079 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.330933094 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.330951929 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.358524084 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.358740091 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.358819008 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.451416969 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.451738119 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.451941967 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.456485987 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.502564907 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.988732100 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.988842010 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.988888025 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.988933086 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989001989 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989003897 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989017963 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989022017 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989048004 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989095926 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989154100 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989166021 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989233971 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989280939 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989324093 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989334106 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989337921 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989346027 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989473104 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989476919 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989540100 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989550114 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989656925 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989664078 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989728928 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989733934 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989742994 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989836931 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989849091 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989917994 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.989918947 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.989928961 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990036011 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990046024 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990108967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990117073 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990128994 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990196943 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990246058 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990257025 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990261078 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990287066 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990294933 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990303040 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990422010 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990433931 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990556955 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990569115 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990605116 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990613937 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990617037 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990621090 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990658045 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990705967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990766048 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990776062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.990847111 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990855932 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990865946 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990942001 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990952015 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990955114 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.990963936 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998097897 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998281002 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998296022 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998318911 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998425007 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998486996 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998501062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998603106 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998631001 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998676062 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998687029 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998756886 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998769999 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998774052 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998806000 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998816013 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998888016 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.998945951 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.998956919 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.999027967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.999125004 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.999136925 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
May 25, 2022 16:26:44.999197960 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
May 25, 2022 16:26:44.999208927 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 25, 2022 16:26:44.294316053 CEST | 62931 | 53 | 192.168.11.20 | 1.1.1.1 |
May 25, 2022 16:26:44.302737951 CEST | 53 | 62931 | 1.1.1.1 | 192.168.11.20 |
May 25, 2022 16:26:46.367461920 CEST | 53387 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:26:46.496171951 CEST | 53 | 53387 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:26:52.816283941 CEST | 63239 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:26:52.945810080 CEST | 53 | 63239 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:26:59.184536934 CEST | 57535 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:26:59.338793039 CEST | 53 | 57535 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:04.361658096 CEST | 54725 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:04.488585949 CEST | 53 | 54725 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:10.737051010 CEST | 53791 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:10.899472952 CEST | 53 | 53791 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:15.688030005 CEST | 55218 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:15.850781918 CEST | 53 | 55218 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:22.073961020 CEST | 64450 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:22.081876040 CEST | 53 | 64450 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:28.181730986 CEST | 55369 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:28.192369938 CEST | 53 | 55369 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:34.461391926 CEST | 50323 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:34.591183901 CEST | 53 | 50323 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:40.725691080 CEST | 51490 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:40.733918905 CEST | 53 | 51490 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:47.006557941 CEST | 53452 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:47.015320063 CEST | 53 | 53452 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:53.191957951 CEST | 63009 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:53.202756882 CEST | 53 | 63009 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:27:59.378154993 CEST | 58861 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:27:59.388636112 CEST | 53 | 58861 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:05.682673931 CEST | 52232 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:05.690783024 CEST | 53 | 52232 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:12.031229973 CEST | 61223 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:12.041929960 CEST | 53 | 61223 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:18.295643091 CEST | 52068 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:18.306184053 CEST | 53 | 52068 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:24.420706034 CEST | 52388 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:24.431077003 CEST | 53 | 52388 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:30.605170965 CEST | 52473 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:30.613787889 CEST | 53 | 52473 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:36.791363955 CEST | 49904 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:36.799427032 CEST | 53 | 49904 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:42.868261099 CEST | 57492 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:42.878732920 CEST | 53 | 57492 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:49.038645029 CEST | 51411 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:49.049251080 CEST | 53 | 51411 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:28:55.272304058 CEST | 60764 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:28:55.440484047 CEST | 53 | 60764 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:01.583784103 CEST | 51546 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:01.592559099 CEST | 53 | 51546 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:08.785187960 CEST | 60507 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:08.795510054 CEST | 53 | 60507 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:15.173650026 CEST | 54566 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:15.184284925 CEST | 53 | 54566 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:21.250252962 CEST | 55321 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:21.377964020 CEST | 53 | 55321 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:27.640067101 CEST | 52439 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:27.807087898 CEST | 53 | 52439 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:33.935833931 CEST | 60723 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:34.096745968 CEST | 53 | 60723 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:40.324234009 CEST | 55523 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:40.486520052 CEST | 53 | 55523 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:46.620007038 CEST | 58321 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:46.630523920 CEST | 53 | 58321 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:52.790397882 CEST | 53383 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:52.801234961 CEST | 53 | 53383 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:29:58.883038998 CEST | 49429 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:29:58.893316031 CEST | 53 | 49429 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:05.147823095 CEST | 64781 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:05.157944918 CEST | 53 | 64781 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:11.270606041 CEST | 51844 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:11.281208992 CEST | 53 | 51844 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:17.457462072 CEST | 62673 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:17.467778921 CEST | 53 | 62673 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:23.627393007 CEST | 57403 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:23.638602972 CEST | 53 | 57403 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:29.829863071 CEST | 60626 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:29.840244055 CEST | 53 | 60626 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:35.937011957 CEST | 52608 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:36.066773891 CEST | 53 | 52608 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:42.171180010 CEST | 54126 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:42.179620981 CEST | 53 | 54126 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:48.327826977 CEST | 64698 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:48.338567972 CEST | 53 | 64698 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:30:54.433226109 CEST | 54527 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:30:54.441349030 CEST | 53 | 54527 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:00.697048903 CEST | 60596 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:00.705347061 CEST | 53 | 60596 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:06.883343935 CEST | 56132 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:07.013132095 CEST | 53 | 56132 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:13.178734064 CEST | 59942 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:13.189310074 CEST | 53 | 59942 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:19.365053892 CEST | 62913 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:19.375124931 CEST | 53 | 62913 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:25.644725084 CEST | 56397 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:25.805777073 CEST | 53 | 56397 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:31.940423965 CEST | 54921 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:32.110677958 CEST | 53 | 54921 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:38.173533916 CEST | 52799 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:38.184058905 CEST | 53 | 52799 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:44.343802929 CEST | 61327 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:44.471309900 CEST | 53 | 61327 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:50.576800108 CEST | 63878 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:50.743858099 CEST | 53 | 63878 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:31:56.872627974 CEST | 50031 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:31:56.881262064 CEST | 53 | 50031 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:03.043845892 CEST | 59902 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:03.054253101 CEST | 53 | 59902 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:09.275831938 CEST | 50875 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:09.286408901 CEST | 53 | 50875 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:15.399728060 CEST | 50036 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:15.408425093 CEST | 53 | 50036 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:21.585504055 CEST | 61638 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:21.595853090 CEST | 53 | 61638 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:27.928093910 CEST | 62089 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:27.938632965 CEST | 53 | 62089 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:34.176703930 CEST | 57308 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:34.333075047 CEST | 53 | 57308 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:39.036358118 CEST | 54139 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:39.044857025 CEST | 53 | 54139 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:45.330924988 CEST | 54688 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:45.341310978 CEST | 53 | 54688 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:51.440654993 CEST | 61173 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:51.451075077 CEST | 53 | 61173 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:32:57.562170029 CEST | 55655 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:32:57.570897102 CEST | 53 | 55655 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:03.803839922 CEST | 51825 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:03.813878059 CEST | 53 | 51825 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:10.075063944 CEST | 62263 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:10.239430904 CEST | 53 | 62263 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:16.386579037 CEST | 54182 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:16.397475004 CEST | 53 | 54182 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:22.603480101 CEST | 61917 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:22.613768101 CEST | 53 | 61917 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:28.774039984 CEST | 50888 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:28.782891035 CEST | 53 | 50888 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:34.850794077 CEST | 57715 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:35.018151045 CEST | 53 | 57715 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:41.100344896 CEST | 51694 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:41.227715969 CEST | 53 | 51694 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:47.316979885 CEST | 62367 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:47.327317953 CEST | 53 | 62367 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:53.440607071 CEST | 49982 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:53.451368093 CEST | 53 | 49982 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:33:59.580002069 CEST | 53227 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:33:59.590660095 CEST | 53 | 53227 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:34:05.688107014 CEST | 58115 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:34:05.696618080 CEST | 53 | 58115 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:34:11.811841011 CEST | 60270 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:34:11.941778898 CEST | 53 | 60270 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:34:18.046516895 CEST | 57262 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:34:18.178221941 CEST | 53 | 57262 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:34:24.324470997 CEST | 53721 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:34:24.335089922 CEST | 53 | 53721 | 8.8.8.8 | 192.168.11.20 |
May 25, 2022 16:34:30.510663986 CEST | 49168 | 53 | 192.168.11.20 | 8.8.8.8 |
May 25, 2022 16:34:30.640336990 CEST | 53 | 49168 | 8.8.8.8 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 25, 2022 16:26:44.294316053 CEST | 192.168.11.20 | 1.1.1.1 | 0xf6b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:26:46.367461920 CEST | 192.168.11.20 | 8.8.8.8 | 0xebfb | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:26:52.816283941 CEST | 192.168.11.20 | 8.8.8.8 | 0x5b53 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:26:59.184536934 CEST | 192.168.11.20 | 8.8.8.8 | 0xd3df | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:04.361658096 CEST | 192.168.11.20 | 8.8.8.8 | 0x3fb6 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:10.737051010 CEST | 192.168.11.20 | 8.8.8.8 | 0x5e69 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:15.688030005 CEST | 192.168.11.20 | 8.8.8.8 | 0xb1e2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:22.073961020 CEST | 192.168.11.20 | 8.8.8.8 | 0x20ad | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:28.181730986 CEST | 192.168.11.20 | 8.8.8.8 | 0x83b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:34.461391926 CEST | 192.168.11.20 | 8.8.8.8 | 0xf5a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:40.725691080 CEST | 192.168.11.20 | 8.8.8.8 | 0x1815 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:47.006557941 CEST | 192.168.11.20 | 8.8.8.8 | 0x9821 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:53.191957951 CEST | 192.168.11.20 | 8.8.8.8 | 0xd799 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:27:59.378154993 CEST | 192.168.11.20 | 8.8.8.8 | 0xc091 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:05.682673931 CEST | 192.168.11.20 | 8.8.8.8 | 0x4c7b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:12.031229973 CEST | 192.168.11.20 | 8.8.8.8 | 0x7da8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:18.295643091 CEST | 192.168.11.20 | 8.8.8.8 | 0x6467 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:24.420706034 CEST | 192.168.11.20 | 8.8.8.8 | 0x9c5e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:30.605170965 CEST | 192.168.11.20 | 8.8.8.8 | 0xe652 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:36.791363955 CEST | 192.168.11.20 | 8.8.8.8 | 0x69aa | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:42.868261099 CEST | 192.168.11.20 | 8.8.8.8 | 0xbcf3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:49.038645029 CEST | 192.168.11.20 | 8.8.8.8 | 0x7b94 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:28:55.272304058 CEST | 192.168.11.20 | 8.8.8.8 | 0x4aed | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:01.583784103 CEST | 192.168.11.20 | 8.8.8.8 | 0x673a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:08.785187960 CEST | 192.168.11.20 | 8.8.8.8 | 0x2518 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:15.173650026 CEST | 192.168.11.20 | 8.8.8.8 | 0xcc90 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:21.250252962 CEST | 192.168.11.20 | 8.8.8.8 | 0x1d53 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:27.640067101 CEST | 192.168.11.20 | 8.8.8.8 | 0xa835 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:33.935833931 CEST | 192.168.11.20 | 8.8.8.8 | 0x8893 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:40.324234009 CEST | 192.168.11.20 | 8.8.8.8 | 0x36c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:46.620007038 CEST | 192.168.11.20 | 8.8.8.8 | 0x801f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:52.790397882 CEST | 192.168.11.20 | 8.8.8.8 | 0x5513 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:29:58.883038998 CEST | 192.168.11.20 | 8.8.8.8 | 0x407c | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:05.147823095 CEST | 192.168.11.20 | 8.8.8.8 | 0x52c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:11.270606041 CEST | 192.168.11.20 | 8.8.8.8 | 0x62a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:17.457462072 CEST | 192.168.11.20 | 8.8.8.8 | 0x8ee0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:23.627393007 CEST | 192.168.11.20 | 8.8.8.8 | 0x32ef | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:29.829863071 CEST | 192.168.11.20 | 8.8.8.8 | 0xf9a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:35.937011957 CEST | 192.168.11.20 | 8.8.8.8 | 0x55fe | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:42.171180010 CEST | 192.168.11.20 | 8.8.8.8 | 0xb5a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:48.327826977 CEST | 192.168.11.20 | 8.8.8.8 | 0x47a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:30:54.433226109 CEST | 192.168.11.20 | 8.8.8.8 | 0xabf7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:00.697048903 CEST | 192.168.11.20 | 8.8.8.8 | 0x93de | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:06.883343935 CEST | 192.168.11.20 | 8.8.8.8 | 0x190b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:13.178734064 CEST | 192.168.11.20 | 8.8.8.8 | 0x768b | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:19.365053892 CEST | 192.168.11.20 | 8.8.8.8 | 0x92b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:25.644725084 CEST | 192.168.11.20 | 8.8.8.8 | 0x7181 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:31.940423965 CEST | 192.168.11.20 | 8.8.8.8 | 0xfb4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:38.173533916 CEST | 192.168.11.20 | 8.8.8.8 | 0xf893 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:44.343802929 CEST | 192.168.11.20 | 8.8.8.8 | 0x18ad | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:50.576800108 CEST | 192.168.11.20 | 8.8.8.8 | 0x6536 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:31:56.872627974 CEST | 192.168.11.20 | 8.8.8.8 | 0x3578 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:03.043845892 CEST | 192.168.11.20 | 8.8.8.8 | 0xfdea | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:09.275831938 CEST | 192.168.11.20 | 8.8.8.8 | 0xff54 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:15.399728060 CEST | 192.168.11.20 | 8.8.8.8 | 0xf934 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:21.585504055 CEST | 192.168.11.20 | 8.8.8.8 | 0xdc73 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:27.928093910 CEST | 192.168.11.20 | 8.8.8.8 | 0x34d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:34.176703930 CEST | 192.168.11.20 | 8.8.8.8 | 0x48fb | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:39.036358118 CEST | 192.168.11.20 | 8.8.8.8 | 0x4d81 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:45.330924988 CEST | 192.168.11.20 | 8.8.8.8 | 0x8b6d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:51.440654993 CEST | 192.168.11.20 | 8.8.8.8 | 0x303a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:32:57.562170029 CEST | 192.168.11.20 | 8.8.8.8 | 0xb887 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:03.803839922 CEST | 192.168.11.20 | 8.8.8.8 | 0x8bd9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:10.075063944 CEST | 192.168.11.20 | 8.8.8.8 | 0xfb23 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:16.386579037 CEST | 192.168.11.20 | 8.8.8.8 | 0x5147 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:22.603480101 CEST | 192.168.11.20 | 8.8.8.8 | 0x35e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:28.774039984 CEST | 192.168.11.20 | 8.8.8.8 | 0x2bf2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:34.850794077 CEST | 192.168.11.20 | 8.8.8.8 | 0x3567 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:41.100344896 CEST | 192.168.11.20 | 8.8.8.8 | 0xa9ea | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:47.316979885 CEST | 192.168.11.20 | 8.8.8.8 | 0x2152 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:53.440607071 CEST | 192.168.11.20 | 8.8.8.8 | 0xf225 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:33:59.580002069 CEST | 192.168.11.20 | 8.8.8.8 | 0x7d83 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:34:05.688107014 CEST | 192.168.11.20 | 8.8.8.8 | 0x1d45 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:34:11.811841011 CEST | 192.168.11.20 | 8.8.8.8 | 0xa2f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:34:18.046516895 CEST | 192.168.11.20 | 8.8.8.8 | 0x7e06 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:34:24.324470997 CEST | 192.168.11.20 | 8.8.8.8 | 0x2966 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 16:34:30.510663986 CEST | 192.168.11.20 | 8.8.8.8 | 0x57e6 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | dual-a-0001.dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | 13.107.22.200 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | 131.253.33.200 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:02.573157072 CEST | 1.1.1.1 | 192.168.11.20 | 0x99fd | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
May 25, 2022 16:26:02.573157072 CEST | 1.1.1.1 | 192.168.11.20 | 0x99fd | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
May 25, 2022 16:26:03.195127964 CEST | 1.1.1.1 | 192.168.11.20 | 0xc538 | No error (0) | e-0009.e-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
May 25, 2022 16:26:03.195127964 CEST | 1.1.1.1 | 192.168.11.20 | 0xc538 | No error (0) | 13.107.5.88 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:46.496171951 CEST | 8.8.8.8 | 192.168.11.20 | 0xebfb | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:52.945810080 CEST | 8.8.8.8 | 192.168.11.20 | 0x5b53 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:26:59.338793039 CEST | 8.8.8.8 | 192.168.11.20 | 0xd3df | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:04.488585949 CEST | 8.8.8.8 | 192.168.11.20 | 0x3fb6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:10.899472952 CEST | 8.8.8.8 | 192.168.11.20 | 0x5e69 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:15.850781918 CEST | 8.8.8.8 | 192.168.11.20 | 0xb1e2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:22.081876040 CEST | 8.8.8.8 | 192.168.11.20 | 0x20ad | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:28.192369938 CEST | 8.8.8.8 | 192.168.11.20 | 0x83b7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:34.591183901 CEST | 8.8.8.8 | 192.168.11.20 | 0xf5a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:40.733918905 CEST | 8.8.8.8 | 192.168.11.20 | 0x1815 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:47.015320063 CEST | 8.8.8.8 | 192.168.11.20 | 0x9821 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:53.202756882 CEST | 8.8.8.8 | 192.168.11.20 | 0xd799 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:27:59.388636112 CEST | 8.8.8.8 | 192.168.11.20 | 0xc091 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:05.690783024 CEST | 8.8.8.8 | 192.168.11.20 | 0x4c7b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:12.041929960 CEST | 8.8.8.8 | 192.168.11.20 | 0x7da8 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:18.306184053 CEST | 8.8.8.8 | 192.168.11.20 | 0x6467 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:24.431077003 CEST | 8.8.8.8 | 192.168.11.20 | 0x9c5e | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:30.613787889 CEST | 8.8.8.8 | 192.168.11.20 | 0xe652 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:36.799427032 CEST | 8.8.8.8 | 192.168.11.20 | 0x69aa | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:42.878732920 CEST | 8.8.8.8 | 192.168.11.20 | 0xbcf3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:49.049251080 CEST | 8.8.8.8 | 192.168.11.20 | 0x7b94 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:28:55.440484047 CEST | 8.8.8.8 | 192.168.11.20 | 0x4aed | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:01.592559099 CEST | 8.8.8.8 | 192.168.11.20 | 0x673a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:08.795510054 CEST | 8.8.8.8 | 192.168.11.20 | 0x2518 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:15.184284925 CEST | 8.8.8.8 | 192.168.11.20 | 0xcc90 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:21.377964020 CEST | 8.8.8.8 | 192.168.11.20 | 0x1d53 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:27.807087898 CEST | 8.8.8.8 | 192.168.11.20 | 0xa835 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:34.096745968 CEST | 8.8.8.8 | 192.168.11.20 | 0x8893 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:40.486520052 CEST | 8.8.8.8 | 192.168.11.20 | 0x36c5 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:46.630523920 CEST | 8.8.8.8 | 192.168.11.20 | 0x801f | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:52.801234961 CEST | 8.8.8.8 | 192.168.11.20 | 0x5513 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:29:58.893316031 CEST | 8.8.8.8 | 192.168.11.20 | 0x407c | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:05.157944918 CEST | 8.8.8.8 | 192.168.11.20 | 0x52c4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:11.281208992 CEST | 8.8.8.8 | 192.168.11.20 | 0x62a3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:17.467778921 CEST | 8.8.8.8 | 192.168.11.20 | 0x8ee0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:23.638602972 CEST | 8.8.8.8 | 192.168.11.20 | 0x32ef | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:29.840244055 CEST | 8.8.8.8 | 192.168.11.20 | 0xf9a3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:36.066773891 CEST | 8.8.8.8 | 192.168.11.20 | 0x55fe | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:42.179620981 CEST | 8.8.8.8 | 192.168.11.20 | 0xb5a9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:48.338567972 CEST | 8.8.8.8 | 192.168.11.20 | 0x47a9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:30:54.441349030 CEST | 8.8.8.8 | 192.168.11.20 | 0xabf7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:00.705347061 CEST | 8.8.8.8 | 192.168.11.20 | 0x93de | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:07.013132095 CEST | 8.8.8.8 | 192.168.11.20 | 0x190b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:13.189310074 CEST | 8.8.8.8 | 192.168.11.20 | 0x768b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:19.375124931 CEST | 8.8.8.8 | 192.168.11.20 | 0x92b4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:25.805777073 CEST | 8.8.8.8 | 192.168.11.20 | 0x7181 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:32.110677958 CEST | 8.8.8.8 | 192.168.11.20 | 0xfb4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:38.184058905 CEST | 8.8.8.8 | 192.168.11.20 | 0xf893 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:44.471309900 CEST | 8.8.8.8 | 192.168.11.20 | 0x18ad | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:50.743858099 CEST | 8.8.8.8 | 192.168.11.20 | 0x6536 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:31:56.881262064 CEST | 8.8.8.8 | 192.168.11.20 | 0x3578 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:03.054253101 CEST | 8.8.8.8 | 192.168.11.20 | 0xfdea | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:09.286408901 CEST | 8.8.8.8 | 192.168.11.20 | 0xff54 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:15.408425093 CEST | 8.8.8.8 | 192.168.11.20 | 0xf934 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:21.595853090 CEST | 8.8.8.8 | 192.168.11.20 | 0xdc73 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:27.938632965 CEST | 8.8.8.8 | 192.168.11.20 | 0x34d0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:34.333075047 CEST | 8.8.8.8 | 192.168.11.20 | 0x48fb | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:39.044857025 CEST | 8.8.8.8 | 192.168.11.20 | 0x4d81 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:45.341310978 CEST | 8.8.8.8 | 192.168.11.20 | 0x8b6d | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:51.451075077 CEST | 8.8.8.8 | 192.168.11.20 | 0x303a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:32:57.570897102 CEST | 8.8.8.8 | 192.168.11.20 | 0xb887 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:03.813878059 CEST | 8.8.8.8 | 192.168.11.20 | 0x8bd9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:10.239430904 CEST | 8.8.8.8 | 192.168.11.20 | 0xfb23 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:16.397475004 CEST | 8.8.8.8 | 192.168.11.20 | 0x5147 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:22.613768101 CEST | 8.8.8.8 | 192.168.11.20 | 0x35e1 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:28.782891035 CEST | 8.8.8.8 | 192.168.11.20 | 0x2bf2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:35.018151045 CEST | 8.8.8.8 | 192.168.11.20 | 0x3567 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:41.227715969 CEST | 8.8.8.8 | 192.168.11.20 | 0xa9ea | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:47.327317953 CEST | 8.8.8.8 | 192.168.11.20 | 0x2152 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:53.451368093 CEST | 8.8.8.8 | 192.168.11.20 | 0xf225 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:33:59.590660095 CEST | 8.8.8.8 | 192.168.11.20 | 0x7d83 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:34:05.696618080 CEST | 8.8.8.8 | 192.168.11.20 | 0x1d45 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:34:11.941778898 CEST | 8.8.8.8 | 192.168.11.20 | 0xa2f8 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:34:18.178221941 CEST | 8.8.8.8 | 192.168.11.20 | 0x7e06 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:34:24.335089922 CEST | 8.8.8.8 | 192.168.11.20 | 0x2966 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
May 25, 2022 16:34:30.640336990 CEST | 8.8.8.8 | 192.168.11.20 | 0x57e6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49747 | 162.159.134.233 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-25 14:26:44 UTC | 0 | OUT | |
2022-05-25 14:26:44 UTC | 0 | IN | |
2022-05-25 14:26:44 UTC | 1 | IN | |
2022-05-25 14:26:44 UTC | 1 | IN | |
2022-05-25 14:26:44 UTC | 2 | IN | |
2022-05-25 14:26:44 UTC | 4 | IN | |
2022-05-25 14:26:44 UTC | 5 | IN | |
2022-05-25 14:26:44 UTC | 6 | IN | |
2022-05-25 14:26:44 UTC | 8 | IN | |
2022-05-25 14:26:44 UTC | 9 | IN | |
2022-05-25 14:26:44 UTC | 10 | IN | |
2022-05-25 14:26:44 UTC | 12 | IN | |
2022-05-25 14:26:44 UTC | 13 | IN | |
2022-05-25 14:26:44 UTC | 14 | IN | |
2022-05-25 14:26:44 UTC | 16 | IN | |
2022-05-25 14:26:44 UTC | 17 | IN | |
2022-05-25 14:26:44 UTC | 18 | IN | |
2022-05-25 14:26:44 UTC | 20 | IN | |
2022-05-25 14:26:44 UTC | 21 | IN | |
2022-05-25 14:26:44 UTC | 22 | IN | |
2022-05-25 14:26:44 UTC | 24 | IN | |
2022-05-25 14:26:44 UTC | 25 | IN | |
2022-05-25 14:26:44 UTC | 26 | IN | |
2022-05-25 14:26:44 UTC | 28 | IN | |
2022-05-25 14:26:44 UTC | 29 | IN | |
2022-05-25 14:26:44 UTC | 30 | IN | |
2022-05-25 14:26:44 UTC | 32 | IN | |
2022-05-25 14:26:44 UTC | 33 | IN | |
2022-05-25 14:26:44 UTC | 34 | IN | |
2022-05-25 14:26:44 UTC | 36 | IN | |
2022-05-25 14:26:44 UTC | 37 | IN | |
2022-05-25 14:26:44 UTC | 38 | IN | |
2022-05-25 14:26:44 UTC | 40 | IN | |
2022-05-25 14:26:44 UTC | 41 | IN | |
2022-05-25 14:26:44 UTC | 42 | IN | |
2022-05-25 14:26:44 UTC | 44 | IN | |
2022-05-25 14:26:44 UTC | 45 | IN | |
2022-05-25 14:26:44 UTC | 46 | IN | |
2022-05-25 14:26:44 UTC | 48 | IN | |
2022-05-25 14:26:44 UTC | 49 | IN | |
2022-05-25 14:26:44 UTC | 50 | IN | |
2022-05-25 14:26:44 UTC | 52 | IN | |
2022-05-25 14:26:44 UTC | 53 | IN | |
2022-05-25 14:26:44 UTC | 54 | IN | |
2022-05-25 14:26:44 UTC | 58 | IN | |
2022-05-25 14:26:44 UTC | 63 | IN | |
2022-05-25 14:26:44 UTC | 64 | IN | |
2022-05-25 14:26:44 UTC | 68 | IN | |
2022-05-25 14:26:44 UTC | 72 | IN | |
2022-05-25 14:26:44 UTC | 76 | IN | |
2022-05-25 14:26:44 UTC | 80 | IN | |
2022-05-25 14:26:44 UTC | 84 | IN | |
2022-05-25 14:26:44 UTC | 88 | IN | |
2022-05-25 14:26:44 UTC | 92 | IN | |
2022-05-25 14:26:44 UTC | 96 | IN | |
2022-05-25 14:26:44 UTC | 100 | IN | |
2022-05-25 14:26:44 UTC | 104 | IN | |
2022-05-25 14:26:44 UTC | 108 | IN | |
2022-05-25 14:26:44 UTC | 112 | IN | |
2022-05-25 14:26:44 UTC | 116 | IN | |
2022-05-25 14:26:45 UTC | 120 | IN | |
2022-05-25 14:26:45 UTC | 124 | IN | |
2022-05-25 14:26:45 UTC | 128 | IN | |
2022-05-25 14:26:45 UTC | 132 | IN | |
2022-05-25 14:26:45 UTC | 136 | IN | |
2022-05-25 14:26:45 UTC | 140 | IN | |
2022-05-25 14:26:45 UTC | 144 | IN | |
2022-05-25 14:26:45 UTC | 148 | IN | |
2022-05-25 14:26:45 UTC | 152 | IN | |
2022-05-25 14:26:45 UTC | 156 | IN | |
2022-05-25 14:26:45 UTC | 160 | IN | |
2022-05-25 14:26:45 UTC | 164 | IN | |
2022-05-25 14:26:45 UTC | 168 | IN | |
2022-05-25 14:26:45 UTC | 172 | IN | |
2022-05-25 14:26:45 UTC | 176 | IN | |
2022-05-25 14:26:45 UTC | 180 | IN | |
2022-05-25 14:26:45 UTC | 184 | IN | |
2022-05-25 14:26:45 UTC | 188 | IN | |
2022-05-25 14:26:45 UTC | 192 | IN | |
2022-05-25 14:26:45 UTC | 196 | IN | |
2022-05-25 14:26:45 UTC | 200 | IN |
Click to jump to process
Target ID: | 0 |
Start time: | 16:26:07 |
Start date: | 25/05/2022 |
Path: | C:\Users\user\Desktop\INVOICE.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 262120 bytes |
MD5 hash: | A10619D494661C1F8CA180E53C5A11FD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 16:26:26 |
Start date: | 25/05/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd50000 |
File size: | 106496 bytes |
MD5 hash: | 7BAE06CBE364BB42B8C34FCFB90E3EBD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 4 |
Start time: | 16:26:26 |
Start date: | 25/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7dae10000 |
File size: | 875008 bytes |
MD5 hash: | 81CA40085FC75BABD2C91D18AA9FFA68 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |