Edit tour
Windows
Analysis Report
INVOICE.exe
Overview
General Information
| Sample Name: | INVOICE.exe |
| Analysis ID: | 634111 |
| MD5: | a10619d494661c1f8ca180e53c5a11fd |
| SHA1: | 1273e17b50d8d33078df02447fa9adaab255b459 |
| SHA256: | e126c11aec2897bd7959747e70bc85d4153abdadbe45344bb41771ced23f3228 |
| Infos: |   |
 | |
Detection
NanoCore, GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Yara detected GuLoader
Snort IDS alert for network traffic
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Binary contains a suspicious time stamp
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
INVOICE.exe (PID: 4312 cmdline: "C:\Users\ user\Deskt op\INVOICE .exe" MD5: A10619D494661C1F8CA180E53C5A11FD) 
CasPol.exe (PID: 7412 cmdline: "C:\Users\ user\Deskt op\INVOICE .exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) 
conhost.exe (PID: 7420 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "https://cdn.discordapp.com/attachments/963535165500588126/978282265127825408/NANOBIN_HBsjI150.bin"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |   |
|---|
| Source: | Author: Joe Security: | ||
E-Banking Fraud | |
|---|
| Source: | Author: Joe Security: | ||
Stealing of Sensitive Information | |
|---|
| Source: | Author: Joe Security: | ||
Remote Access Functionality | |
|---|
| Source: | Author: Joe Security: | ||
| Timestamp: | 192.168.11.2023.105.131.2284980552182816766 05/25/22-16:30:31.751555 |
| SID: | 2816766 |
| Source Port: | 49805 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981552182816766 05/25/22-16:31:33.404683 |
| SID: | 2816766 |
| Source Port: | 49815 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984852182816766 05/25/22-16:34:13.846527 |
| SID: | 2816766 |
| Source Port: | 49848 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981852182816766 05/25/22-16:31:52.701193 |
| SID: | 2816766 |
| Source Port: | 49818 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984552182816766 05/25/22-16:33:55.542675 |
| SID: | 2816766 |
| Source Port: | 49845 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980852182816766 05/25/22-16:30:50.298729 |
| SID: | 2816766 |
| Source Port: | 49808 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981252182816766 05/25/22-16:31:15.327532 |
| SID: | 2816766 |
| Source Port: | 49812 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980252182816766 05/25/22-16:30:12.634320 |
| SID: | 2816766 |
| Source Port: | 49802 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977452182816718 05/25/22-16:27:24.086527 |
| SID: | 2816718 |
| Source Port: | 49774 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979452182816718 05/25/22-16:29:22.407860 |
| SID: | 2816718 |
| Source Port: | 49794 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983852182816766 05/25/22-16:33:12.305367 |
| SID: | 2816766 |
| Source Port: | 49838 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978152182816718 05/25/22-16:28:01.588003 |
| SID: | 2816718 |
| Source Port: | 49781 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979952182816766 05/25/22-16:29:54.854199 |
| SID: | 2816766 |
| Source Port: | 49799 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984552182025019 05/25/22-16:33:53.705193 |
| SID: | 2025019 |
| Source Port: | 49845 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284974852182025019 05/25/22-16:26:46.864576 |
| SID: | 2025019 |
| Source Port: | 49748 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984852182025019 05/25/22-16:34:12.263748 |
| SID: | 2025019 |
| Source Port: | 49848 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979252182816766 05/25/22-16:29:11.008493 |
| SID: | 2816766 |
| Source Port: | 49792 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978952182816766 05/25/22-16:28:50.992111 |
| SID: | 2816766 |
| Source Port: | 49789 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978252182816766 05/25/22-16:28:07.909556 |
| SID: | 2816766 |
| Source Port: | 49782 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983852182025019 05/25/22-16:33:10.498232 |
| SID: | 2025019 |
| Source Port: | 49838 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977552182025019 05/25/22-16:27:28.453733 |
| SID: | 2025019 |
| Source Port: | 49775 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498512841753 05/25/22-16:34:36.244631 |
| SID: | 2841753 |
| Source Port: | 5218 |
| Destination Port: | 49851 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979552182025019 05/25/22-16:29:28.100659 |
| SID: | 2025019 |
| Source Port: | 49795 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983252182816766 05/25/22-16:32:41.208691 |
| SID: | 2816766 |
| Source Port: | 49832 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978552182025019 05/25/22-16:28:24.771071 |
| SID: | 2025019 |
| Source Port: | 49785 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218497592841753 05/25/22-16:27:00.103276 |
| SID: | 2841753 |
| Source Port: | 5218 |
| Destination Port: | 49759 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979052182816766 05/25/22-16:28:57.526142 |
| SID: | 2816766 |
| Source Port: | 49790 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980852182025019 05/25/22-16:30:48.603212 |
| SID: | 2025019 |
| Source Port: | 49808 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981852182025019 05/25/22-16:31:51.045279 |
| SID: | 2025019 |
| Source Port: | 49818 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284974952182816766 05/25/22-16:26:55.057687 |
| SID: | 2816766 |
| Source Port: | 49749 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982252182816766 05/25/22-16:32:17.506541 |
| SID: | 2816766 |
| Source Port: | 49822 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984752182025019 05/25/22-16:34:05.952772 |
| SID: | 2025019 |
| Source Port: | 49847 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979852182816766 05/25/22-16:29:48.637027 |
| SID: | 2816766 |
| Source Port: | 49798 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284975952182816766 05/25/22-16:27:00.103543 |
| SID: | 2816766 |
| Source Port: | 49759 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977952182816766 05/25/22-16:27:49.167335 |
| SID: | 2816766 |
| Source Port: | 49779 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498172810290 05/25/22-16:31:45.092800 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49817 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983752182025019 05/25/22-16:33:04.168009 |
| SID: | 2025019 |
| Source Port: | 49837 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984252182816766 05/25/22-16:33:37.063051 |
| SID: | 2816766 |
| Source Port: | 49842 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980452182816718 05/25/22-16:30:24.424049 |
| SID: | 2816718 |
| Source Port: | 49804 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978352182025019 05/25/22-16:28:12.382304 |
| SID: | 2025019 |
| Source Port: | 49783 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977352182025019 05/25/22-16:27:16.213770 |
| SID: | 2025019 |
| Source Port: | 49773 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978052182816766 05/25/22-16:27:55.336603 |
| SID: | 2816766 |
| Source Port: | 49780 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981452182816766 05/25/22-16:31:27.677259 |
| SID: | 2816766 |
| Source Port: | 49814 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983452182816766 05/25/22-16:32:53.455056 |
| SID: | 2816766 |
| Source Port: | 49834 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978052182025019 05/25/22-16:27:53.470678 |
| SID: | 2025019 |
| Source Port: | 49780 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981952182816766 05/25/22-16:31:58.993113 |
| SID: | 2816766 |
| Source Port: | 49819 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984152182816718 05/25/22-16:33:29.977439 |
| SID: | 2816718 |
| Source Port: | 49841 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979052182025019 05/25/22-16:28:55.697451 |
| SID: | 2025019 |
| Source Port: | 49790 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979352182025019 05/25/22-16:29:15.457432 |
| SID: | 2025019 |
| Source Port: | 49793 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980952182816766 05/25/22-16:30:55.689976 |
| SID: | 2816766 |
| Source Port: | 49809 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982252182816718 05/25/22-16:32:16.717000 |
| SID: | 2816718 |
| Source Port: | 49822 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984452182816766 05/25/22-16:33:49.422646 |
| SID: | 2816766 |
| Source Port: | 49844 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978152182025019 05/25/22-16:27:59.670880 |
| SID: | 2025019 |
| Source Port: | 49781 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979152182025019 05/25/22-16:29:03.014507 |
| SID: | 2025019 |
| Source Port: | 49791 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981752182816766 05/25/22-16:31:46.470211 |
| SID: | 2816766 |
| Source Port: | 49817 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984752182816766 05/25/22-16:34:07.795147 |
| SID: | 2816766 |
| Source Port: | 49847 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983752182816766 05/25/22-16:33:05.936139 |
| SID: | 2816766 |
| Source Port: | 49837 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980652182816766 05/25/22-16:30:38.113236 |
| SID: | 2816766 |
| Source Port: | 49806 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978252182025019 05/25/22-16:28:06.138718 |
| SID: | 2025019 |
| Source Port: | 49782 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981652182816766 05/25/22-16:31:40.194825 |
| SID: | 2816766 |
| Source Port: | 49816 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979252182025019 05/25/22-16:29:09.264603 |
| SID: | 2025019 |
| Source Port: | 49792 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983652182816766 05/25/22-16:32:59.707817 |
| SID: | 2816766 |
| Source Port: | 49836 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982652182816766 05/25/22-16:32:23.833819 |
| SID: | 2816766 |
| Source Port: | 49826 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984652182816766 05/25/22-16:34:01.648187 |
| SID: | 2816766 |
| Source Port: | 49846 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980752182816766 05/25/22-16:30:44.246974 |
| SID: | 2816766 |
| Source Port: | 49807 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979452182816766 05/25/22-16:29:23.408734 |
| SID: | 2816766 |
| Source Port: | 49794 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978452182816766 05/25/22-16:28:20.281595 |
| SID: | 2816766 |
| Source Port: | 49784 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981052182025019 05/25/22-16:31:01.082735 |
| SID: | 2025019 |
| Source Port: | 49810 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982052182025019 05/25/22-16:32:03.376767 |
| SID: | 2025019 |
| Source Port: | 49820 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979752182816766 05/25/22-16:29:42.453149 |
| SID: | 2816766 |
| Source Port: | 49797 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985052182025019 05/25/22-16:34:24.645932 |
| SID: | 2025019 |
| Source Port: | 49850 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981352182025019 05/25/22-16:31:19.726151 |
| SID: | 2025019 |
| Source Port: | 49813 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984652182025019 05/25/22-16:33:59.917803 |
| SID: | 2025019 |
| Source Port: | 49846 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977452182816766 05/25/22-16:27:24.106124 |
| SID: | 2816766 |
| Source Port: | 49774 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983052182025019 05/25/22-16:32:28.339078 |
| SID: | 2025019 |
| Source Port: | 49830 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980352182025019 05/25/22-16:30:17.769659 |
| SID: | 2025019 |
| Source Port: | 49803 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984052182025019 05/25/22-16:33:22.875676 |
| SID: | 2025019 |
| Source Port: | 49840 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976752182025019 05/25/22-16:27:04.846136 |
| SID: | 2025019 |
| Source Port: | 49767 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983652182025019 05/25/22-16:32:58.020068 |
| SID: | 2025019 |
| Source Port: | 49836 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979752182025019 05/25/22-16:29:40.806456 |
| SID: | 2025019 |
| Source Port: | 49797 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980652182025019 05/25/22-16:30:36.339999 |
| SID: | 2025019 |
| Source Port: | 49806 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982652182025019 05/25/22-16:32:22.102445 |
| SID: | 2025019 |
| Source Port: | 49826 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984952182025019 05/25/22-16:34:18.439602 |
| SID: | 2025019 |
| Source Port: | 49849 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978752182816766 05/25/22-16:28:38.133818 |
| SID: | 2816766 |
| Source Port: | 49787 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978752182025019 05/25/22-16:28:37.063244 |
| SID: | 2025019 |
| Source Port: | 49787 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981652182025019 05/25/22-16:31:38.474206 |
| SID: | 2025019 |
| Source Port: | 49816 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983052182816766 05/25/22-16:32:30.129444 |
| SID: | 2816766 |
| Source Port: | 49830 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977452182025019 05/25/22-16:27:22.348086 |
| SID: | 2025019 |
| Source Port: | 49774 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978452182025019 05/25/22-16:28:18.576555 |
| SID: | 2025019 |
| Source Port: | 49784 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981952182025019 05/25/22-16:31:57.191772 |
| SID: | 2025019 |
| Source Port: | 49819 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985052182816766 05/25/22-16:34:26.408613 |
| SID: | 2816766 |
| Source Port: | 49850 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498312841753 05/25/22-16:32:34.844440 |
| SID: | 2841753 |
| Source Port: | 5218 |
| Destination Port: | 49831 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983952182025019 05/25/22-16:33:16.763494 |
| SID: | 2025019 |
| Source Port: | 49839 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976752182816766 05/25/22-16:27:06.607242 |
| SID: | 2816766 |
| Source Port: | 49767 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984052182816766 05/25/22-16:33:24.678606 |
| SID: | 2816766 |
| Source Port: | 49840 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983352182816766 05/25/22-16:32:47.320512 |
| SID: | 2816766 |
| Source Port: | 49833 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498002810290 05/25/22-16:29:59.624575 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49800 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981352182816766 05/25/22-16:31:21.456707 |
| SID: | 2816766 |
| Source Port: | 49813 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979452182025019 05/25/22-16:29:21.751685 |
| SID: | 2025019 |
| Source Port: | 49794 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980952182025019 05/25/22-16:30:54.829029 |
| SID: | 2025019 |
| Source Port: | 49809 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981552182816718 05/25/22-16:31:32.812110 |
| SID: | 2816718 |
| Source Port: | 49815 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980452182816766 05/25/22-16:30:25.689265 |
| SID: | 2816766 |
| Source Port: | 49804 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984352182816766 05/25/22-16:33:43.265564 |
| SID: | 2816766 |
| Source Port: | 49843 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983952182816766 05/25/22-16:33:18.245419 |
| SID: | 2816766 |
| Source Port: | 49839 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984952182816766 05/25/22-16:34:20.172443 |
| SID: | 2816766 |
| Source Port: | 49849 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979152182816766 05/25/22-16:29:04.010879 |
| SID: | 2816766 |
| Source Port: | 49791 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978152182816766 05/25/22-16:28:01.588003 |
| SID: | 2816766 |
| Source Port: | 49781 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977152182816766 05/25/22-16:27:11.283267 |
| SID: | 2816766 |
| Source Port: | 49771 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980352182816766 05/25/22-16:30:18.720362 |
| SID: | 2816766 |
| Source Port: | 49803 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980052182025019 05/25/22-16:29:59.232879 |
| SID: | 2025019 |
| Source Port: | 49800 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284974852182816766 05/25/22-16:26:48.681674 |
| SID: | 2816766 |
| Source Port: | 49748 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980752182025019 05/25/22-16:30:42.432914 |
| SID: | 2025019 |
| Source Port: | 49807 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985152182816766 05/25/22-16:34:32.377118 |
| SID: | 2816766 |
| Source Port: | 49851 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977652182025019 05/25/22-16:27:34.857766 |
| SID: | 2025019 |
| Source Port: | 49776 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979652182025019 05/25/22-16:29:34.496572 |
| SID: | 2025019 |
| Source Port: | 49796 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981752182025019 05/25/22-16:31:44.732801 |
| SID: | 2025019 |
| Source Port: | 49817 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978652182025019 05/25/22-16:28:30.959545 |
| SID: | 2025019 |
| Source Port: | 49786 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978852182816766 05/25/22-16:28:44.949511 |
| SID: | 2816766 |
| Source Port: | 49788 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977852182816766 05/25/22-16:27:42.950814 |
| SID: | 2816766 |
| Source Port: | 49778 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983152182816766 05/25/22-16:32:34.844642 |
| SID: | 2816766 |
| Source Port: | 49831 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984152182816766 05/25/22-16:33:30.661382 |
| SID: | 2816766 |
| Source Port: | 49841 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983452182025019 05/25/22-16:32:51.785059 |
| SID: | 2025019 |
| Source Port: | 49834 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498442810290 05/25/22-16:33:47.960213 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49844 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980152182025019 05/25/22-16:30:05.428634 |
| SID: | 2025019 |
| Source Port: | 49801 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984452182025019 05/25/22-16:33:47.586034 |
| SID: | 2025019 |
| Source Port: | 49844 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284974952182025019 05/25/22-16:26:53.269482 |
| SID: | 2025019 |
| Source Port: | 49749 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284975952182025019 05/25/22-16:26:59.829388 |
| SID: | 2025019 |
| Source Port: | 49759 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981152182025019 05/25/22-16:31:07.278886 |
| SID: | 2025019 |
| Source Port: | 49811 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982152182025019 05/25/22-16:32:09.548587 |
| SID: | 2025019 |
| Source Port: | 49821 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979352182816766 05/25/22-16:29:17.137280 |
| SID: | 2816766 |
| Source Port: | 49793 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982152182816766 05/25/22-16:32:11.284736 |
| SID: | 2816766 |
| Source Port: | 49821 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984152182025019 05/25/22-16:33:29.043736 |
| SID: | 2025019 |
| Source Port: | 49841 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981152182816766 05/25/22-16:31:09.026560 |
| SID: | 2816766 |
| Source Port: | 49811 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983152182025019 05/25/22-16:32:34.588426 |
| SID: | 2025019 |
| Source Port: | 49831 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985152182025019 05/25/22-16:34:30.894473 |
| SID: | 2025019 |
| Source Port: | 49851 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978352182816766 05/25/22-16:28:14.229320 |
| SID: | 2816766 |
| Source Port: | 49783 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980152182816766 05/25/22-16:30:07.044829 |
| SID: | 2816766 |
| Source Port: | 49801 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980252182025019 05/25/22-16:30:11.623216 |
| SID: | 2025019 |
| Source Port: | 49802 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977352182816766 05/25/22-16:27:18.010840 |
| SID: | 2816766 |
| Source Port: | 49773 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977652182816766 05/25/22-16:27:36.667274 |
| SID: | 2816766 |
| Source Port: | 49776 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977852182025019 05/25/22-16:27:41.011477 |
| SID: | 2025019 |
| Source Port: | 49778 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978852182025019 05/25/22-16:28:43.166698 |
| SID: | 2025019 |
| Source Port: | 49788 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978652182816766 05/25/22-16:28:31.884971 |
| SID: | 2816766 |
| Source Port: | 49786 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979652182816766 05/25/22-16:29:36.135757 |
| SID: | 2816766 |
| Source Port: | 49796 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981252182025019 05/25/22-16:31:13.574908 |
| SID: | 2025019 |
| Source Port: | 49812 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982052182816766 05/25/22-16:32:04.963064 |
| SID: | 2816766 |
| Source Port: | 49820 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218497792810290 05/25/22-16:27:47.647887 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49779 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981552182025019 05/25/22-16:31:32.395920 |
| SID: | 2025019 |
| Source Port: | 49815 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984852182816718 05/25/22-16:34:13.753308 |
| SID: | 2816718 |
| Source Port: | 49848 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982252182025019 05/25/22-16:32:15.727698 |
| SID: | 2025019 |
| Source Port: | 49822 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983252182025019 05/25/22-16:32:39.456089 |
| SID: | 2025019 |
| Source Port: | 49832 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979852182025019 05/25/22-16:29:46.898756 |
| SID: | 2025019 |
| Source Port: | 49798 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980552182025019 05/25/22-16:30:30.115828 |
| SID: | 2025019 |
| Source Port: | 49805 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981052182816766 05/25/22-16:31:02.456519 |
| SID: | 2816766 |
| Source Port: | 49810 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984252182025019 05/25/22-16:33:35.275332 |
| SID: | 2025019 |
| Source Port: | 49842 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980052182816766 05/25/22-16:30:00.278352 |
| SID: | 2816766 |
| Source Port: | 49800 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978552182816766 05/25/22-16:28:26.357244 |
| SID: | 2816766 |
| Source Port: | 49785 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977952182025019 05/25/22-16:27:47.275839 |
| SID: | 2025019 |
| Source Port: | 49779 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979552182816766 05/25/22-16:29:29.845796 |
| SID: | 2816766 |
| Source Port: | 49795 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981452182025019 05/25/22-16:31:26.168469 |
| SID: | 2025019 |
| Source Port: | 49814 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980452182025019 05/25/22-16:30:23.941395 |
| SID: | 2025019 |
| Source Port: | 49804 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978952182025019 05/25/22-16:28:49.375932 |
| SID: | 2025019 |
| Source Port: | 49789 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979952182025019 05/25/22-16:29:53.078752 |
| SID: | 2025019 |
| Source Port: | 49799 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983352182025019 05/25/22-16:32:45.614041 |
| SID: | 2025019 |
| Source Port: | 49833 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984352182025019 05/25/22-16:33:41.543999 |
| SID: | 2025019 |
| Source Port: | 49843 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977552182816766 05/25/22-16:27:30.206122 |
| SID: | 2816766 |
| Source Port: | 49775 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Static PE information: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | File opened: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | ||
System Summary | |
|---|
| Source: | Static PE information: | ||
| Source: | Static file information: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Static PE information: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Key value queried: | ||
| Source: | Code function: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Code function: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | File opened: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
Malware Analysis System Evasion | |
|---|
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread sleep time: | ||
| Source: | Thread sleep time: | ||
| Source: | Last function: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | ||
| Source: | Thread delayed: | ||
| Source: | Window / User API: | ||
| Source: | Window / User API: | ||
| Source: | Window / User API: | ||
| Source: | Process information queried: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Thread delayed: | ||
| Source: | System information queried: | ||
| Source: | API call chain: | ||
| Source: | API call chain: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process token adjusted: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process queried: | ||
| Source: | Process queried: | ||
| Source: | Memory allocated: | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | ||
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Key value queried: | ||
| Source: | Code function: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 4 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | Scheduled Task/Job | 1 Windows Service | 1 Access Token Manipulation | 1 Obfuscated Files or Information | LSASS Memory | 5 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | 1 Registry Run Keys / Startup Folder | 1 Windows Service | 1 Timestomp | Security Account Manager | 221 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | 112 Process Injection | 1 DLL Side-Loading | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | 1 Registry Run Keys / Startup Folder | 1 Masquerading | LSA Secrets | 131 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 131 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 112 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 15% | Virustotal | Browse | ||
| 42% | ReversingLabs | Win32.Trojan.Shelsy |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | ReversingLabs | |||
| 0% | ReversingLabs | |||
| 3% | Metadefender | Browse | ||
| 0% | ReversingLabs |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
⊘No Antivirus matches
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| dual-a-0001.dc-msedge.net | 13.107.22.200 | true | false |
| unknown |
| timenamoney.ooguy.com | 23.105.131.228 | true | true | unknown | |
| cdn.discordapp.com | 162.159.134.233 | true | false | high | |
| e-0009.e-msedge.net | 13.107.5.88 | true | false |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.105.131.228 | timenamoney.ooguy.com | United States | 396362 | LEASEWEB-USA-NYC-11US | true | |
| 162.159.134.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 634111 |
| Start date and time: 25/05/202216:24:11 | 2022-05-25 16:24:11 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 13m 48s |
| Hypervisor based Inspection enabled: | false |
| Report type: | light |
| Sample file name: | INVOICE.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
| Run name: | Suspected Instruction Hammering |
| Number of analysed new started processes analysed: | 36 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@4/13@77/2 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- TCP Packets have been reduced to 100
- Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, MusNotificationUx.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.93.58.141, 40.117.96.136
- Excluded domains from analysis (whitelisted): wd-prod-cp-eu-north-3-fe.northeurope.cloudapp.azure.com, www.bing.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, login.live.com, apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net, evoke-windowsservices-tas.msedge.net, apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net, img-prod-cms-rt-microsoft-com.akamaized.net, nexusrules.officeapps.live.com, manage.devcenter.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
| Time | Type | Description |
|---|---|---|
| 16:26:44 | API Interceptor | |
| 16:26:44 | Autostart | |
| 16:26:52 | Autostart |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 105748 |
| Entropy (8bit): | 6.594105073918034 |
| Encrypted: | false |
| SSDEEP: | 1536:6/oEoq1Iy3Kyat2nSqglaSi+ksT7ewHxgdR:ioEoq1Iy3Kyg6R8aStewRgX |
| MD5: | 6728021C3198EE4F6F422A047AC506EF |
| SHA1: | C2E97C1816BAE3AA7D40C3EA59F52812ED6AAE70 |
| SHA-256: | 4DB076FA62DAEA04C6634069D10E4C7A67846BD1E524B40A989A5C27498BBB98 |
| SHA-512: | 9A3017C4B487F8892E9131EB3452B4A432D997262D169D76133936AB3A5064614F1C3EF93DCE88CE3A84B7BCB5E7D7A3DDA8845DF46D4690A554BDF367FC18D4 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1245 |
| Entropy (8bit): | 5.462849750105637 |
| Encrypted: | false |
| SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
| MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
| SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
| SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
| SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 15512 |
| Entropy (8bit): | 6.804862962213531 |
| Encrypted: | false |
| SSDEEP: | 384:PZ152PIWOmWqlC/uPHRN7yYWF//dJR9ztG/+A:R1zSlWMyYWF//dj9zW |
| MD5: | 6CFD24EDAD19285628C42E150B13CEFC |
| SHA1: | D2349988D62A8047C8194B5C0A25C525B8B58FCB |
| SHA-256: | C702F48311386BB45B4A9189058914197B16B5B5B9606A39B0F4C24EE891F04E |
| SHA-512: | 1AFA531D42D67BCA0542063DCFB031F06E4CC923F5ADDCD5A954AEEBA03B29EBC37EBD002F6C2CA9144B56D2E3FAD4893C6F3C4C3368D85A5B34F196D1940980 |
| Malicious: | false |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 78952 |
| Entropy (8bit): | 6.515753721409949 |
| Encrypted: | false |
| SSDEEP: | 1536:ZFCLZygVO0U5/YrxnU9EqOfxdrJ2RH7AGlUMG:ZyZygVO1exnU9EzxdroKGlUJ |
| MD5: | 514AE47FAB14E04E3F7EF70179184F43 |
| SHA1: | BA17EEA34A75439362C8FB1F12CA438570FBDB77 |
| SHA-256: | 3AF3A8B198EADC2120DC9F2CD9AE150EE7BE6F3D0C1985519C3C6E652AD25682 |
| SHA-512: | 286ACD03EDD57B36EE72E76995583042B94C244D8C2337DBD63DEB1DA36F5A8D04E0DB6963AB71B033EC442D3C37CF68701B3E4F0A3933E35B111CE9AA8921A6 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 37546 |
| Entropy (8bit): | 3.9997596847051198 |
| Encrypted: | false |
| SSDEEP: | 768:2kQDmlZJu47eyQpLGGDER1k5y93KTddS32yNWhv8LIeYnIxy6F60lZo2/E7J:/fYLvFcPapS3Av8LI+06w0t/G |
| MD5: | 32EA6BDBD368660B87A6EC28764BC17E |
| SHA1: | A6A680014E0A66AD33D2CB5C8A7797C7CEAC17B5 |
| SHA-256: | 63A2C9E2B87F9AFBADB3CB8D66A68C75A0ABD483C05E5FAF24CA57B4E2DE8CC7 |
| SHA-512: | 02A6CFBFA9E010252AF19BDD2685D309200B6972C707E0611CCEDE1D28754DFFB3AB0AE67C5260458867B68666A3E55524222B572EA8107B04BC01591AD6B8F1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 262120 |
| Entropy (8bit): | 7.238241658369799 |
| Encrypted: | false |
| SSDEEP: | 3072:rbG7N2kDTHUpou5I/QGAhsCKgUbnVCP/+B9F9EbvwwgMvdOHcgW0SpC7Pn5r0K85:rbE/HUhO0XI9FWuMvG006yPnfTMR |
| MD5: | 183E5A973298E12DA305DED4205E702A |
| SHA1: | 4F3BA6B3D4B5ABBAFFC255B041F9D9AF1802A858 |
| SHA-256: | 7112CBF9E0FE7D32310D3AEB5F8CD47A3551C651E42AC1A83914C86A43D301B1 |
| SHA-512: | D6BD33D978BC13170B9FB92F18A62016C0FF3599D8C0CFF0570BE8F735F1542BDF2CC8A0A799CBA2388CA5235F4BE563835ABDFF1C18B2D0C15953358F402DDE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 316 |
| Entropy (8bit): | 4.795067099691328 |
| Encrypted: | false |
| SSDEEP: | 6:tI9mc4slzcWER4tVvgtt7XR9XeTRnVcMdN/NwWULbm8aBJcllf7lNDME:t4CDqtVvg7XaTRtTFwWULpq8Nl9ME |
| MD5: | B326D09573739B7BD22AE9BC602BEBE1 |
| SHA1: | 6F10B07DF50E425BE75D7C0042E45926CAC06137 |
| SHA-256: | BC31190E955A90C3442F3C222435751717A04834EFB8006334CAC55DA27CAF54 |
| SHA-512: | 5C27A1148C50568500133D962A9AFE3E434ED704FC64B9DC42CFBA7F52CABBD35468E8B3096CCFAE0D12EF1D80D710D7B57B98F69677EE5612F8FC39055F9293 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 710 |
| Entropy (8bit): | 4.447432775965755 |
| Encrypted: | false |
| SSDEEP: | 12:TMHdPnnl/nu3tlnuIDLfHShZozWlz2WJhWlz5jJhWlzgbVoJmdJWlzLVoJmdJWlp:2dPnnxu3tlrDLfybcNWv6vLbmJmdJYmZ |
| MD5: | CF5D546B0985AD2F75E420FDEEE8ABEC |
| SHA1: | 222DC112B47362AA10965C3F98D47951A69CC9D4 |
| SHA-256: | 8433D0660B758DC3345BD673251ABA619E9376E92AAA132E1844DCF846F188DA |
| SHA-512: | D92CB4C6D28DECAE21A065772AABE0A854DDA4EB58C9F425FA6B895949C01F6EF62B461F4F5039712F461AAF5C17673120484EAB581E8ECC688818EB6F5E774E |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.814115788739565 |
| Encrypted: | false |
| SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
| MD5: | CFF85C549D536F651D4FB8387F1976F2 |
| SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
| SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
| SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1225 |
| Entropy (8bit): | 4.6943702353982895 |
| Encrypted: | false |
| SSDEEP: | 24:ShrmEx6IL6UDUXqk2ba4IkhqHXVvuMQqXzTw0Y1nQXiwnpOU8:S9T0IL6U4S5I2euMtzTw0iQXiwngU8 |
| MD5: | 99295D6215590991C85E42E9FAF2761F |
| SHA1: | FC1C7C55D43FFA7D9CAAC60D248DDC2779ABEBE0 |
| SHA-256: | 050A30288F374F867178E9E14FB70192D9A50530E7FE5237A707197EAB028402 |
| SHA-512: | 3DE2F860062ED7BD85139B3E0DC9C9388D57A2BECF8731D0550079E19C32AF6EE3578E92C85F42B875C0A55C0682C8105762051996C62D6B77975061198917D9 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\INVOICE.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 164 |
| Entropy (8bit): | 5.895691362934477 |
| Encrypted: | false |
| SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll7Mlgk0zGDPypLCCuCVu9ZcyxDjrIbvcr/bp:6v/lhPyspkhdqLCCuCVuQi/rIbsTp |
| MD5: | 40FD1CB204BCCD773B72525B3FB03265 |
| SHA1: | 00745E555F1F69AD74B8926868481658B6DF6DC4 |
| SHA-256: | B7793D587D8D1525BB621C577492C00516A940393105A07C435CBAF01619F8E6 |
| SHA-512: | B74FB1BE2BD317E2F23B395C25D4B38C4E54BE7C67E195E3E5F8697C08DDBFA4ED5F5E33B385993F4AE798CFBAEFD7D249745D5E9E4B3820F14119391A584047 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232 |
| Entropy (8bit): | 7.024371743172393 |
| Encrypted: | false |
| SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
| MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
| SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
| SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
| SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 3.0 |
| Encrypted: | false |
| SSDEEP: | 3:G/t:Gl |
| MD5: | 4C93AB6CED3E25EE85C0582A475154DC |
| SHA1: | EA80D21D44FC666219C8A6308B40F9DB28E89F2D |
| SHA-256: | F033002C87E0B353C322418953603D8CDBA0665E268241976EC3C0D634BE392E |
| SHA-512: | F661FCE9D74C2E82EE9D7A6DDEB4C7840645077E0C652D016AA91406DCED7DB6F54BADBC46F26DD64D7075422EDA1C87CCE36C1EB4669D3D6B80879EB5EE2A80 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.238261722532882 |
| TrID: |
|
| File name: | INVOICE.exe |
| File size: | 262120 |
| MD5: | a10619d494661c1f8ca180e53c5a11fd |
| SHA1: | 1273e17b50d8d33078df02447fa9adaab255b459 |
| SHA256: | e126c11aec2897bd7959747e70bc85d4153abdadbe45344bb41771ced23f3228 |
| SHA512: | bc1383fa76765e77298ee35d4358bca8b2be7c310d7567f4d93c67790a0f6f03941f1301c11b78bfa5e178dc312ac3d0886417f705e5613f6f732b0b7f23b36a |
| SSDEEP: | 3072:EbG7N2kDTHUpou5I/QGAhsCKgUbnVCP/+B9F9EbvwwgMvdOHcgW0SpC7Pn5r0K85:EbE/HUhO0XI9FWuMvG006yPnfTMR |
| TLSH: | 4F44D020B7A8BB36CCE25DBA057A127E8EE6DE101605DD4327313A4C1A37ED4AF5B215 |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
 | |
| Icon Hash: | 79c4b6b3b2aae831 |
| Entrypoint: | 0x40352d |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
| Signature Valid: | false |
| Signature Issuer: | CN="MAGNETOSTATIC FORKORTELSESLISTENS Whizgig ", O=Hereticated, L=Wellsville, S=Kansas, C=US |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 699972A492A19376B77B2AED92BC1C97 |
| Thumbprint SHA-1: | E1F82DA5213EDEC1AB97EC2FFC65EE3DDBD3D55A |
| Thumbprint SHA-256: | 4AFC8697012468A5B106CBE76591E9ADE8C5E8C06F6A3B15A12246F487717BE0 |
| Serial: | DCE6229CB2DDC799 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| sub esp, 000003F4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [ebp-14h], ebx |
| mov dword ptr [ebp-04h], 0040A2E0h |
| mov dword ptr [ebp-10h], ebx |
| call dword ptr [004080CCh] |
| mov esi, dword ptr [004080D0h] |
| lea eax, dword ptr [ebp-00000140h] |
| push eax |
| mov dword ptr [ebp-0000012Ch], ebx |
| mov dword ptr [ebp-2Ch], ebx |
| mov dword ptr [ebp-28h], ebx |
| mov dword ptr [ebp-00000140h], 0000011Ch |
| call esi |
| test eax, eax |
| jne 00007F02F0D46E2Ah |
| lea eax, dword ptr [ebp-00000140h] |
| mov dword ptr [ebp-00000140h], 00000114h |
| push eax |
| call esi |
| mov ax, word ptr [ebp-0000012Ch] |
| mov ecx, dword ptr [ebp-00000112h] |
| sub ax, 00000053h |
| add ecx, FFFFFFD0h |
| neg ax |
| sbb eax, eax |
| mov byte ptr [ebp-26h], 00000004h |
| not eax |
| and eax, ecx |
| mov word ptr [ebp-2Ch], ax |
| cmp dword ptr [ebp-0000013Ch], 0Ah |
| jnc 00007F02F0D46DFAh |
| and word ptr [ebp-00000132h], 0000h |
| mov eax, dword ptr [ebp-00000134h] |
| movzx ecx, byte ptr [ebp-00000138h] |
| mov dword ptr [00434FB8h], eax |
| xor eax, eax |
| mov ah, byte ptr [ebp-0000013Ch] |
| movzx eax, ax |
| or eax, ecx |
| xor ecx, ecx |
| mov ch, byte ptr [ebp-2Ch] |
| movzx ecx, cx |
| shl eax, 10h |
| or eax, ecx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x5f000 | 0x11320 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3e7a8 | 0x1840 | .ndata |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .ndata | 0x36000 | 0x29000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x5f000 | 0x11320 | 0x11400 | False | 0.273027060688 | data | 4.45026203596 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x5f208 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_DIALOG | 0x6fa30 | 0x100 | data | English | United States |
| RT_DIALOG | 0x6fb30 | 0x11c | data | English | United States |
| RT_DIALOG | 0x6fc50 | 0xc4 | data | English | United States |
| RT_DIALOG | 0x6fd18 | 0x60 | data | English | United States |
| RT_GROUP_ICON | 0x6fd78 | 0x14 | data | English | United States |
| RT_VERSION | 0x6fd90 | 0x24c | data | English | United States |
| RT_MANIFEST | 0x6ffe0 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
| SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
| ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
| USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
| GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
| KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
| Description | Data |
|---|---|
| LegalCopyright | Precept |
| FileVersion | 1.24.4 |
| CompanyName | mimicismudsl |
| LegalTrademarks | STAV |
| Comments | Overwashv50 |
| ProductName | SEMI |
| FileDescription | Bortadopte |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 192.168.11.2023.105.131.2284980552182816766 05/25/22-16:30:31.751555 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49805 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981552182816766 05/25/22-16:31:33.404683 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984852182816766 05/25/22-16:34:13.846527 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981852182816766 05/25/22-16:31:52.701193 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49818 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984552182816766 05/25/22-16:33:55.542675 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980852182816766 05/25/22-16:30:50.298729 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981252182816766 05/25/22-16:31:15.327532 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980252182816766 05/25/22-16:30:12.634320 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977452182816718 05/25/22-16:27:24.086527 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979452182816718 05/25/22-16:29:22.407860 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983852182816766 05/25/22-16:33:12.305367 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978152182816718 05/25/22-16:28:01.588003 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979952182816766 05/25/22-16:29:54.854199 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984552182025019 05/25/22-16:33:53.705193 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284974852182025019 05/25/22-16:26:46.864576 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49748 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984852182025019 05/25/22-16:34:12.263748 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979252182816766 05/25/22-16:29:11.008493 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978952182816766 05/25/22-16:28:50.992111 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49789 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978252182816766 05/25/22-16:28:07.909556 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983852182025019 05/25/22-16:33:10.498232 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977552182025019 05/25/22-16:27:28.453733 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498512841753 05/25/22-16:34:36.244631 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49851 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284979552182025019 05/25/22-16:29:28.100659 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49795 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983252182816766 05/25/22-16:32:41.208691 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978552182025019 05/25/22-16:28:24.771071 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49785 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218497592841753 05/25/22-16:27:00.103276 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49759 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284979052182816766 05/25/22-16:28:57.526142 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980852182025019 05/25/22-16:30:48.603212 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981852182025019 05/25/22-16:31:51.045279 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49818 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284974952182816766 05/25/22-16:26:55.057687 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49749 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982252182816766 05/25/22-16:32:17.506541 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984752182025019 05/25/22-16:34:05.952772 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979852182816766 05/25/22-16:29:48.637027 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49798 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284975952182816766 05/25/22-16:27:00.103543 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49759 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977952182816766 05/25/22-16:27:49.167335 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49779 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498172810290 05/25/22-16:31:45.092800 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49817 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284983752182025019 05/25/22-16:33:04.168009 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984252182816766 05/25/22-16:33:37.063051 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980452182816718 05/25/22-16:30:24.424049 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978352182025019 05/25/22-16:28:12.382304 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977352182025019 05/25/22-16:27:16.213770 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49773 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978052182816766 05/25/22-16:27:55.336603 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981452182816766 05/25/22-16:31:27.677259 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983452182816766 05/25/22-16:32:53.455056 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978052182025019 05/25/22-16:27:53.470678 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981952182816766 05/25/22-16:31:58.993113 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984152182816718 05/25/22-16:33:29.977439 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979052182025019 05/25/22-16:28:55.697451 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979352182025019 05/25/22-16:29:15.457432 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49793 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980952182816766 05/25/22-16:30:55.689976 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982252182816718 05/25/22-16:32:16.717000 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984452182816766 05/25/22-16:33:49.422646 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978152182025019 05/25/22-16:27:59.670880 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979152182025019 05/25/22-16:29:03.014507 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981752182816766 05/25/22-16:31:46.470211 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984752182816766 05/25/22-16:34:07.795147 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983752182816766 05/25/22-16:33:05.936139 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980652182816766 05/25/22-16:30:38.113236 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978252182025019 05/25/22-16:28:06.138718 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981652182816766 05/25/22-16:31:40.194825 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979252182025019 05/25/22-16:29:09.264603 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983652182816766 05/25/22-16:32:59.707817 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982652182816766 05/25/22-16:32:23.833819 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984652182816766 05/25/22-16:34:01.648187 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980752182816766 05/25/22-16:30:44.246974 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979452182816766 05/25/22-16:29:23.408734 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978452182816766 05/25/22-16:28:20.281595 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981052182025019 05/25/22-16:31:01.082735 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982052182025019 05/25/22-16:32:03.376767 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979752182816766 05/25/22-16:29:42.453149 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985052182025019 05/25/22-16:34:24.645932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49850 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981352182025019 05/25/22-16:31:19.726151 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984652182025019 05/25/22-16:33:59.917803 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977452182816766 05/25/22-16:27:24.106124 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983052182025019 05/25/22-16:32:28.339078 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980352182025019 05/25/22-16:30:17.769659 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984052182025019 05/25/22-16:33:22.875676 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976752182025019 05/25/22-16:27:04.846136 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49767 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983652182025019 05/25/22-16:32:58.020068 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979752182025019 05/25/22-16:29:40.806456 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980652182025019 05/25/22-16:30:36.339999 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982652182025019 05/25/22-16:32:22.102445 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984952182025019 05/25/22-16:34:18.439602 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49849 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978752182816766 05/25/22-16:28:38.133818 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978752182025019 05/25/22-16:28:37.063244 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981652182025019 05/25/22-16:31:38.474206 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983052182816766 05/25/22-16:32:30.129444 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977452182025019 05/25/22-16:27:22.348086 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49774 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978452182025019 05/25/22-16:28:18.576555 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981952182025019 05/25/22-16:31:57.191772 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985052182816766 05/25/22-16:34:26.408613 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49850 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498312841753 05/25/22-16:32:34.844440 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49831 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284983952182025019 05/25/22-16:33:16.763494 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976752182816766 05/25/22-16:27:06.607242 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49767 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984052182816766 05/25/22-16:33:24.678606 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983352182816766 05/25/22-16:32:47.320512 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498002810290 05/25/22-16:29:59.624575 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49800 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284981352182816766 05/25/22-16:31:21.456707 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979452182025019 05/25/22-16:29:21.751685 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49794 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980952182025019 05/25/22-16:30:54.829029 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981552182816718 05/25/22-16:31:32.812110 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980452182816766 05/25/22-16:30:25.689265 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984352182816766 05/25/22-16:33:43.265564 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983952182816766 05/25/22-16:33:18.245419 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984952182816766 05/25/22-16:34:20.172443 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49849 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979152182816766 05/25/22-16:29:04.010879 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978152182816766 05/25/22-16:28:01.588003 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49781 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977152182816766 05/25/22-16:27:11.283267 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49771 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980352182816766 05/25/22-16:30:18.720362 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980052182025019 05/25/22-16:29:59.232879 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284974852182816766 05/25/22-16:26:48.681674 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49748 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980752182025019 05/25/22-16:30:42.432914 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985152182816766 05/25/22-16:34:32.377118 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49851 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977652182025019 05/25/22-16:27:34.857766 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49776 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979652182025019 05/25/22-16:29:34.496572 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981752182025019 05/25/22-16:31:44.732801 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978652182025019 05/25/22-16:28:30.959545 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978852182816766 05/25/22-16:28:44.949511 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977852182816766 05/25/22-16:27:42.950814 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49778 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983152182816766 05/25/22-16:32:34.844642 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984152182816766 05/25/22-16:33:30.661382 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983452182025019 05/25/22-16:32:51.785059 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498442810290 05/25/22-16:33:47.960213 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49844 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284980152182025019 05/25/22-16:30:05.428634 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984452182025019 05/25/22-16:33:47.586034 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284974952182025019 05/25/22-16:26:53.269482 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49749 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284975952182025019 05/25/22-16:26:59.829388 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49759 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981152182025019 05/25/22-16:31:07.278886 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982152182025019 05/25/22-16:32:09.548587 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979352182816766 05/25/22-16:29:17.137280 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49793 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982152182816766 05/25/22-16:32:11.284736 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984152182025019 05/25/22-16:33:29.043736 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49841 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981152182816766 05/25/22-16:31:09.026560 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983152182025019 05/25/22-16:32:34.588426 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985152182025019 05/25/22-16:34:30.894473 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49851 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978352182816766 05/25/22-16:28:14.229320 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980152182816766 05/25/22-16:30:07.044829 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980252182025019 05/25/22-16:30:11.623216 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977352182816766 05/25/22-16:27:18.010840 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49773 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977652182816766 05/25/22-16:27:36.667274 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49776 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977852182025019 05/25/22-16:27:41.011477 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49778 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978852182025019 05/25/22-16:28:43.166698 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978652182816766 05/25/22-16:28:31.884971 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979652182816766 05/25/22-16:29:36.135757 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981252182025019 05/25/22-16:31:13.574908 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982052182816766 05/25/22-16:32:04.963064 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218497792810290 05/25/22-16:27:47.647887 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49779 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284981552182025019 05/25/22-16:31:32.395920 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984852182816718 05/25/22-16:34:13.753308 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982252182025019 05/25/22-16:32:15.727698 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983252182025019 05/25/22-16:32:39.456089 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979852182025019 05/25/22-16:29:46.898756 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49798 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980552182025019 05/25/22-16:30:30.115828 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49805 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981052182816766 05/25/22-16:31:02.456519 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984252182025019 05/25/22-16:33:35.275332 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980052182816766 05/25/22-16:30:00.278352 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978552182816766 05/25/22-16:28:26.357244 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49785 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977952182025019 05/25/22-16:27:47.275839 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49779 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979552182816766 05/25/22-16:29:29.845796 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49795 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981452182025019 05/25/22-16:31:26.168469 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980452182025019 05/25/22-16:30:23.941395 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978952182025019 05/25/22-16:28:49.375932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49789 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979952182025019 05/25/22-16:29:53.078752 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983352182025019 05/25/22-16:32:45.614041 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984352182025019 05/25/22-16:33:41.543999 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977552182816766 05/25/22-16:27:30.206122 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 25, 2022 16:26:44.311292887 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.311387062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.311680079 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.330933094 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.330951929 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.358524084 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.358740091 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.358819008 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.451416969 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.451738119 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.451941967 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.456485987 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.502564907 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.988732100 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.988842010 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.988888025 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.988933086 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989001989 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989003897 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989017963 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989022017 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989048004 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989095926 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989154100 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989166021 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989233971 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989280939 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989324093 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989334106 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989337921 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989346027 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989473104 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989476919 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989540100 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989550114 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989656925 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989664078 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989728928 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989733934 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989742994 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989836931 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989849091 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989917994 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.989918947 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.989928961 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990036011 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990046024 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990108967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990117073 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990128994 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990196943 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990246058 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990257025 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990261078 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990287066 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990294933 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990303040 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990422010 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990433931 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990556955 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990569115 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990605116 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990613937 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990617037 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990621090 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990658045 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990705967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990766048 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990776062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.990847111 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990855932 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990865946 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990942001 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990952015 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990955114 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.990963936 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998097897 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998281002 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998296022 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998318911 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998425007 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998486996 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998501062 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998603106 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998631001 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998676062 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998687029 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998756886 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998769999 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998774052 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998806000 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998816013 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998888016 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.998945951 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.998956919 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.999027967 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.999125004 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.999136925 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| May 25, 2022 16:26:44.999197960 CEST | 49747 | 443 | 192.168.11.20 | 162.159.134.233 |
| May 25, 2022 16:26:44.999208927 CEST | 443 | 49747 | 162.159.134.233 | 192.168.11.20 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 25, 2022 16:26:44.294316053 CEST | 62931 | 53 | 192.168.11.20 | 1.1.1.1 |
| May 25, 2022 16:26:44.302737951 CEST | 53 | 62931 | 1.1.1.1 | 192.168.11.20 |
| May 25, 2022 16:26:46.367461920 CEST | 53387 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:26:46.496171951 CEST | 53 | 53387 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:26:52.816283941 CEST | 63239 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:26:52.945810080 CEST | 53 | 63239 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:26:59.184536934 CEST | 57535 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:26:59.338793039 CEST | 53 | 57535 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:04.361658096 CEST | 54725 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:04.488585949 CEST | 53 | 54725 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:10.737051010 CEST | 53791 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:10.899472952 CEST | 53 | 53791 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:15.688030005 CEST | 55218 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:15.850781918 CEST | 53 | 55218 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:22.073961020 CEST | 64450 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:22.081876040 CEST | 53 | 64450 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:28.181730986 CEST | 55369 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:28.192369938 CEST | 53 | 55369 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:34.461391926 CEST | 50323 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:34.591183901 CEST | 53 | 50323 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:40.725691080 CEST | 51490 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:40.733918905 CEST | 53 | 51490 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:47.006557941 CEST | 53452 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:47.015320063 CEST | 53 | 53452 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:53.191957951 CEST | 63009 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:53.202756882 CEST | 53 | 63009 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:27:59.378154993 CEST | 58861 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:27:59.388636112 CEST | 53 | 58861 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:05.682673931 CEST | 52232 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:05.690783024 CEST | 53 | 52232 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:12.031229973 CEST | 61223 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:12.041929960 CEST | 53 | 61223 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:18.295643091 CEST | 52068 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:18.306184053 CEST | 53 | 52068 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:24.420706034 CEST | 52388 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:24.431077003 CEST | 53 | 52388 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:30.605170965 CEST | 52473 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:30.613787889 CEST | 53 | 52473 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:36.791363955 CEST | 49904 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:36.799427032 CEST | 53 | 49904 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:42.868261099 CEST | 57492 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:42.878732920 CEST | 53 | 57492 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:49.038645029 CEST | 51411 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:49.049251080 CEST | 53 | 51411 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:28:55.272304058 CEST | 60764 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:28:55.440484047 CEST | 53 | 60764 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:01.583784103 CEST | 51546 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:01.592559099 CEST | 53 | 51546 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:08.785187960 CEST | 60507 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:08.795510054 CEST | 53 | 60507 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:15.173650026 CEST | 54566 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:15.184284925 CEST | 53 | 54566 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:21.250252962 CEST | 55321 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:21.377964020 CEST | 53 | 55321 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:27.640067101 CEST | 52439 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:27.807087898 CEST | 53 | 52439 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:33.935833931 CEST | 60723 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:34.096745968 CEST | 53 | 60723 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:40.324234009 CEST | 55523 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:40.486520052 CEST | 53 | 55523 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:46.620007038 CEST | 58321 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:46.630523920 CEST | 53 | 58321 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:52.790397882 CEST | 53383 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:52.801234961 CEST | 53 | 53383 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:29:58.883038998 CEST | 49429 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:29:58.893316031 CEST | 53 | 49429 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:05.147823095 CEST | 64781 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:05.157944918 CEST | 53 | 64781 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:11.270606041 CEST | 51844 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:11.281208992 CEST | 53 | 51844 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:17.457462072 CEST | 62673 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:17.467778921 CEST | 53 | 62673 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:23.627393007 CEST | 57403 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:23.638602972 CEST | 53 | 57403 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:29.829863071 CEST | 60626 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:29.840244055 CEST | 53 | 60626 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:35.937011957 CEST | 52608 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:36.066773891 CEST | 53 | 52608 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:42.171180010 CEST | 54126 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:42.179620981 CEST | 53 | 54126 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:48.327826977 CEST | 64698 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:48.338567972 CEST | 53 | 64698 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:30:54.433226109 CEST | 54527 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:30:54.441349030 CEST | 53 | 54527 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:00.697048903 CEST | 60596 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:00.705347061 CEST | 53 | 60596 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:06.883343935 CEST | 56132 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:07.013132095 CEST | 53 | 56132 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:13.178734064 CEST | 59942 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:13.189310074 CEST | 53 | 59942 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:19.365053892 CEST | 62913 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:19.375124931 CEST | 53 | 62913 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:25.644725084 CEST | 56397 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:25.805777073 CEST | 53 | 56397 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:31.940423965 CEST | 54921 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:32.110677958 CEST | 53 | 54921 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:38.173533916 CEST | 52799 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:38.184058905 CEST | 53 | 52799 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:44.343802929 CEST | 61327 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:44.471309900 CEST | 53 | 61327 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:50.576800108 CEST | 63878 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:50.743858099 CEST | 53 | 63878 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:31:56.872627974 CEST | 50031 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:31:56.881262064 CEST | 53 | 50031 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:03.043845892 CEST | 59902 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:03.054253101 CEST | 53 | 59902 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:09.275831938 CEST | 50875 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:09.286408901 CEST | 53 | 50875 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:15.399728060 CEST | 50036 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:15.408425093 CEST | 53 | 50036 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:21.585504055 CEST | 61638 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:21.595853090 CEST | 53 | 61638 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:27.928093910 CEST | 62089 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:27.938632965 CEST | 53 | 62089 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:34.176703930 CEST | 57308 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:34.333075047 CEST | 53 | 57308 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:39.036358118 CEST | 54139 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:39.044857025 CEST | 53 | 54139 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:45.330924988 CEST | 54688 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:45.341310978 CEST | 53 | 54688 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:51.440654993 CEST | 61173 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:51.451075077 CEST | 53 | 61173 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:32:57.562170029 CEST | 55655 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:32:57.570897102 CEST | 53 | 55655 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:03.803839922 CEST | 51825 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:03.813878059 CEST | 53 | 51825 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:10.075063944 CEST | 62263 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:10.239430904 CEST | 53 | 62263 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:16.386579037 CEST | 54182 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:16.397475004 CEST | 53 | 54182 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:22.603480101 CEST | 61917 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:22.613768101 CEST | 53 | 61917 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:28.774039984 CEST | 50888 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:28.782891035 CEST | 53 | 50888 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:34.850794077 CEST | 57715 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:35.018151045 CEST | 53 | 57715 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:41.100344896 CEST | 51694 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:41.227715969 CEST | 53 | 51694 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:47.316979885 CEST | 62367 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:47.327317953 CEST | 53 | 62367 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:53.440607071 CEST | 49982 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:53.451368093 CEST | 53 | 49982 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:33:59.580002069 CEST | 53227 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:33:59.590660095 CEST | 53 | 53227 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:34:05.688107014 CEST | 58115 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:34:05.696618080 CEST | 53 | 58115 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:34:11.811841011 CEST | 60270 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:34:11.941778898 CEST | 53 | 60270 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:34:18.046516895 CEST | 57262 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:34:18.178221941 CEST | 53 | 57262 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:34:24.324470997 CEST | 53721 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:34:24.335089922 CEST | 53 | 53721 | 8.8.8.8 | 192.168.11.20 |
| May 25, 2022 16:34:30.510663986 CEST | 49168 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 25, 2022 16:34:30.640336990 CEST | 53 | 49168 | 8.8.8.8 | 192.168.11.20 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| May 25, 2022 16:26:44.294316053 CEST | 192.168.11.20 | 1.1.1.1 | 0xf6b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:26:46.367461920 CEST | 192.168.11.20 | 8.8.8.8 | 0xebfb | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:26:52.816283941 CEST | 192.168.11.20 | 8.8.8.8 | 0x5b53 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:26:59.184536934 CEST | 192.168.11.20 | 8.8.8.8 | 0xd3df | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:04.361658096 CEST | 192.168.11.20 | 8.8.8.8 | 0x3fb6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:10.737051010 CEST | 192.168.11.20 | 8.8.8.8 | 0x5e69 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:15.688030005 CEST | 192.168.11.20 | 8.8.8.8 | 0xb1e2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:22.073961020 CEST | 192.168.11.20 | 8.8.8.8 | 0x20ad | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:28.181730986 CEST | 192.168.11.20 | 8.8.8.8 | 0x83b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:34.461391926 CEST | 192.168.11.20 | 8.8.8.8 | 0xf5a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:40.725691080 CEST | 192.168.11.20 | 8.8.8.8 | 0x1815 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:47.006557941 CEST | 192.168.11.20 | 8.8.8.8 | 0x9821 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:53.191957951 CEST | 192.168.11.20 | 8.8.8.8 | 0xd799 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:27:59.378154993 CEST | 192.168.11.20 | 8.8.8.8 | 0xc091 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:05.682673931 CEST | 192.168.11.20 | 8.8.8.8 | 0x4c7b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:12.031229973 CEST | 192.168.11.20 | 8.8.8.8 | 0x7da8 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:18.295643091 CEST | 192.168.11.20 | 8.8.8.8 | 0x6467 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:24.420706034 CEST | 192.168.11.20 | 8.8.8.8 | 0x9c5e | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:30.605170965 CEST | 192.168.11.20 | 8.8.8.8 | 0xe652 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:36.791363955 CEST | 192.168.11.20 | 8.8.8.8 | 0x69aa | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:42.868261099 CEST | 192.168.11.20 | 8.8.8.8 | 0xbcf3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:49.038645029 CEST | 192.168.11.20 | 8.8.8.8 | 0x7b94 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:28:55.272304058 CEST | 192.168.11.20 | 8.8.8.8 | 0x4aed | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:01.583784103 CEST | 192.168.11.20 | 8.8.8.8 | 0x673a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:08.785187960 CEST | 192.168.11.20 | 8.8.8.8 | 0x2518 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:15.173650026 CEST | 192.168.11.20 | 8.8.8.8 | 0xcc90 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:21.250252962 CEST | 192.168.11.20 | 8.8.8.8 | 0x1d53 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:27.640067101 CEST | 192.168.11.20 | 8.8.8.8 | 0xa835 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:33.935833931 CEST | 192.168.11.20 | 8.8.8.8 | 0x8893 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:40.324234009 CEST | 192.168.11.20 | 8.8.8.8 | 0x36c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:46.620007038 CEST | 192.168.11.20 | 8.8.8.8 | 0x801f | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:52.790397882 CEST | 192.168.11.20 | 8.8.8.8 | 0x5513 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:29:58.883038998 CEST | 192.168.11.20 | 8.8.8.8 | 0x407c | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:05.147823095 CEST | 192.168.11.20 | 8.8.8.8 | 0x52c4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:11.270606041 CEST | 192.168.11.20 | 8.8.8.8 | 0x62a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:17.457462072 CEST | 192.168.11.20 | 8.8.8.8 | 0x8ee0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:23.627393007 CEST | 192.168.11.20 | 8.8.8.8 | 0x32ef | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:29.829863071 CEST | 192.168.11.20 | 8.8.8.8 | 0xf9a3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:35.937011957 CEST | 192.168.11.20 | 8.8.8.8 | 0x55fe | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:42.171180010 CEST | 192.168.11.20 | 8.8.8.8 | 0xb5a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:48.327826977 CEST | 192.168.11.20 | 8.8.8.8 | 0x47a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:30:54.433226109 CEST | 192.168.11.20 | 8.8.8.8 | 0xabf7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:00.697048903 CEST | 192.168.11.20 | 8.8.8.8 | 0x93de | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:06.883343935 CEST | 192.168.11.20 | 8.8.8.8 | 0x190b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:13.178734064 CEST | 192.168.11.20 | 8.8.8.8 | 0x768b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:19.365053892 CEST | 192.168.11.20 | 8.8.8.8 | 0x92b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:25.644725084 CEST | 192.168.11.20 | 8.8.8.8 | 0x7181 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:31.940423965 CEST | 192.168.11.20 | 8.8.8.8 | 0xfb4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:38.173533916 CEST | 192.168.11.20 | 8.8.8.8 | 0xf893 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:44.343802929 CEST | 192.168.11.20 | 8.8.8.8 | 0x18ad | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:50.576800108 CEST | 192.168.11.20 | 8.8.8.8 | 0x6536 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:31:56.872627974 CEST | 192.168.11.20 | 8.8.8.8 | 0x3578 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:03.043845892 CEST | 192.168.11.20 | 8.8.8.8 | 0xfdea | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:09.275831938 CEST | 192.168.11.20 | 8.8.8.8 | 0xff54 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:15.399728060 CEST | 192.168.11.20 | 8.8.8.8 | 0xf934 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:21.585504055 CEST | 192.168.11.20 | 8.8.8.8 | 0xdc73 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:27.928093910 CEST | 192.168.11.20 | 8.8.8.8 | 0x34d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:34.176703930 CEST | 192.168.11.20 | 8.8.8.8 | 0x48fb | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:39.036358118 CEST | 192.168.11.20 | 8.8.8.8 | 0x4d81 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:45.330924988 CEST | 192.168.11.20 | 8.8.8.8 | 0x8b6d | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:51.440654993 CEST | 192.168.11.20 | 8.8.8.8 | 0x303a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:32:57.562170029 CEST | 192.168.11.20 | 8.8.8.8 | 0xb887 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:03.803839922 CEST | 192.168.11.20 | 8.8.8.8 | 0x8bd9 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:10.075063944 CEST | 192.168.11.20 | 8.8.8.8 | 0xfb23 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:16.386579037 CEST | 192.168.11.20 | 8.8.8.8 | 0x5147 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:22.603480101 CEST | 192.168.11.20 | 8.8.8.8 | 0x35e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:28.774039984 CEST | 192.168.11.20 | 8.8.8.8 | 0x2bf2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:34.850794077 CEST | 192.168.11.20 | 8.8.8.8 | 0x3567 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:41.100344896 CEST | 192.168.11.20 | 8.8.8.8 | 0xa9ea | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:47.316979885 CEST | 192.168.11.20 | 8.8.8.8 | 0x2152 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:53.440607071 CEST | 192.168.11.20 | 8.8.8.8 | 0xf225 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:33:59.580002069 CEST | 192.168.11.20 | 8.8.8.8 | 0x7d83 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:34:05.688107014 CEST | 192.168.11.20 | 8.8.8.8 | 0x1d45 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:34:11.811841011 CEST | 192.168.11.20 | 8.8.8.8 | 0xa2f8 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:34:18.046516895 CEST | 192.168.11.20 | 8.8.8.8 | 0x7e06 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:34:24.324470997 CEST | 192.168.11.20 | 8.8.8.8 | 0x2966 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 25, 2022 16:34:30.510663986 CEST | 192.168.11.20 | 8.8.8.8 | 0x57e6 | Standard query (0) | A (IP address) | IN (0x0001) |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | dual-a-0001.dc-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
| May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | 13.107.22.200 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:02.380574942 CEST | 1.1.1.1 | 192.168.11.20 | 0xb940 | No error (0) | 131.253.33.200 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:02.573157072 CEST | 1.1.1.1 | 192.168.11.20 | 0x99fd | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
| May 25, 2022 16:26:02.573157072 CEST | 1.1.1.1 | 192.168.11.20 | 0x99fd | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
| May 25, 2022 16:26:03.195127964 CEST | 1.1.1.1 | 192.168.11.20 | 0xc538 | No error (0) | e-0009.e-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
| May 25, 2022 16:26:03.195127964 CEST | 1.1.1.1 | 192.168.11.20 | 0xc538 | No error (0) | 13.107.5.88 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:44.302737951 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b9 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:46.496171951 CEST | 8.8.8.8 | 192.168.11.20 | 0xebfb | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:52.945810080 CEST | 8.8.8.8 | 192.168.11.20 | 0x5b53 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:26:59.338793039 CEST | 8.8.8.8 | 192.168.11.20 | 0xd3df | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:04.488585949 CEST | 8.8.8.8 | 192.168.11.20 | 0x3fb6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:10.899472952 CEST | 8.8.8.8 | 192.168.11.20 | 0x5e69 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:15.850781918 CEST | 8.8.8.8 | 192.168.11.20 | 0xb1e2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:22.081876040 CEST | 8.8.8.8 | 192.168.11.20 | 0x20ad | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:28.192369938 CEST | 8.8.8.8 | 192.168.11.20 | 0x83b7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:34.591183901 CEST | 8.8.8.8 | 192.168.11.20 | 0xf5a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:40.733918905 CEST | 8.8.8.8 | 192.168.11.20 | 0x1815 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:47.015320063 CEST | 8.8.8.8 | 192.168.11.20 | 0x9821 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:53.202756882 CEST | 8.8.8.8 | 192.168.11.20 | 0xd799 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:27:59.388636112 CEST | 8.8.8.8 | 192.168.11.20 | 0xc091 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:05.690783024 CEST | 8.8.8.8 | 192.168.11.20 | 0x4c7b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:12.041929960 CEST | 8.8.8.8 | 192.168.11.20 | 0x7da8 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:18.306184053 CEST | 8.8.8.8 | 192.168.11.20 | 0x6467 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:24.431077003 CEST | 8.8.8.8 | 192.168.11.20 | 0x9c5e | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:30.613787889 CEST | 8.8.8.8 | 192.168.11.20 | 0xe652 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:36.799427032 CEST | 8.8.8.8 | 192.168.11.20 | 0x69aa | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:42.878732920 CEST | 8.8.8.8 | 192.168.11.20 | 0xbcf3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:49.049251080 CEST | 8.8.8.8 | 192.168.11.20 | 0x7b94 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:28:55.440484047 CEST | 8.8.8.8 | 192.168.11.20 | 0x4aed | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:01.592559099 CEST | 8.8.8.8 | 192.168.11.20 | 0x673a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:08.795510054 CEST | 8.8.8.8 | 192.168.11.20 | 0x2518 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:15.184284925 CEST | 8.8.8.8 | 192.168.11.20 | 0xcc90 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:21.377964020 CEST | 8.8.8.8 | 192.168.11.20 | 0x1d53 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:27.807087898 CEST | 8.8.8.8 | 192.168.11.20 | 0xa835 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:34.096745968 CEST | 8.8.8.8 | 192.168.11.20 | 0x8893 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:40.486520052 CEST | 8.8.8.8 | 192.168.11.20 | 0x36c5 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:46.630523920 CEST | 8.8.8.8 | 192.168.11.20 | 0x801f | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:52.801234961 CEST | 8.8.8.8 | 192.168.11.20 | 0x5513 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:29:58.893316031 CEST | 8.8.8.8 | 192.168.11.20 | 0x407c | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:05.157944918 CEST | 8.8.8.8 | 192.168.11.20 | 0x52c4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:11.281208992 CEST | 8.8.8.8 | 192.168.11.20 | 0x62a3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:17.467778921 CEST | 8.8.8.8 | 192.168.11.20 | 0x8ee0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:23.638602972 CEST | 8.8.8.8 | 192.168.11.20 | 0x32ef | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:29.840244055 CEST | 8.8.8.8 | 192.168.11.20 | 0xf9a3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:36.066773891 CEST | 8.8.8.8 | 192.168.11.20 | 0x55fe | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:42.179620981 CEST | 8.8.8.8 | 192.168.11.20 | 0xb5a9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:48.338567972 CEST | 8.8.8.8 | 192.168.11.20 | 0x47a9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:30:54.441349030 CEST | 8.8.8.8 | 192.168.11.20 | 0xabf7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:00.705347061 CEST | 8.8.8.8 | 192.168.11.20 | 0x93de | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:07.013132095 CEST | 8.8.8.8 | 192.168.11.20 | 0x190b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:13.189310074 CEST | 8.8.8.8 | 192.168.11.20 | 0x768b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:19.375124931 CEST | 8.8.8.8 | 192.168.11.20 | 0x92b4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:25.805777073 CEST | 8.8.8.8 | 192.168.11.20 | 0x7181 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:32.110677958 CEST | 8.8.8.8 | 192.168.11.20 | 0xfb4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:38.184058905 CEST | 8.8.8.8 | 192.168.11.20 | 0xf893 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:44.471309900 CEST | 8.8.8.8 | 192.168.11.20 | 0x18ad | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:50.743858099 CEST | 8.8.8.8 | 192.168.11.20 | 0x6536 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:31:56.881262064 CEST | 8.8.8.8 | 192.168.11.20 | 0x3578 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:03.054253101 CEST | 8.8.8.8 | 192.168.11.20 | 0xfdea | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:09.286408901 CEST | 8.8.8.8 | 192.168.11.20 | 0xff54 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:15.408425093 CEST | 8.8.8.8 | 192.168.11.20 | 0xf934 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:21.595853090 CEST | 8.8.8.8 | 192.168.11.20 | 0xdc73 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:27.938632965 CEST | 8.8.8.8 | 192.168.11.20 | 0x34d0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:34.333075047 CEST | 8.8.8.8 | 192.168.11.20 | 0x48fb | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:39.044857025 CEST | 8.8.8.8 | 192.168.11.20 | 0x4d81 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:45.341310978 CEST | 8.8.8.8 | 192.168.11.20 | 0x8b6d | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:51.451075077 CEST | 8.8.8.8 | 192.168.11.20 | 0x303a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:32:57.570897102 CEST | 8.8.8.8 | 192.168.11.20 | 0xb887 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:03.813878059 CEST | 8.8.8.8 | 192.168.11.20 | 0x8bd9 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:10.239430904 CEST | 8.8.8.8 | 192.168.11.20 | 0xfb23 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:16.397475004 CEST | 8.8.8.8 | 192.168.11.20 | 0x5147 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:22.613768101 CEST | 8.8.8.8 | 192.168.11.20 | 0x35e1 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:28.782891035 CEST | 8.8.8.8 | 192.168.11.20 | 0x2bf2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:35.018151045 CEST | 8.8.8.8 | 192.168.11.20 | 0x3567 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:41.227715969 CEST | 8.8.8.8 | 192.168.11.20 | 0xa9ea | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:47.327317953 CEST | 8.8.8.8 | 192.168.11.20 | 0x2152 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:53.451368093 CEST | 8.8.8.8 | 192.168.11.20 | 0xf225 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:33:59.590660095 CEST | 8.8.8.8 | 192.168.11.20 | 0x7d83 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:34:05.696618080 CEST | 8.8.8.8 | 192.168.11.20 | 0x1d45 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:34:11.941778898 CEST | 8.8.8.8 | 192.168.11.20 | 0xa2f8 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:34:18.178221941 CEST | 8.8.8.8 | 192.168.11.20 | 0x7e06 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:34:24.335089922 CEST | 8.8.8.8 | 192.168.11.20 | 0x2966 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 25, 2022 16:34:30.640336990 CEST | 8.8.8.8 | 192.168.11.20 | 0x57e6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.11.20 | 49747 | 162.159.134.233 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-05-25 14:26:44 UTC | 0 | OUT | |
| 2022-05-25 14:26:44 UTC | 0 | IN | |
| 2022-05-25 14:26:44 UTC | 1 | IN | |
| 2022-05-25 14:26:44 UTC | 1 | IN | |
| 2022-05-25 14:26:44 UTC | 2 | IN | |
| 2022-05-25 14:26:44 UTC | 4 | IN | |
| 2022-05-25 14:26:44 UTC | 5 | IN | |
| 2022-05-25 14:26:44 UTC | 6 | IN | |
| 2022-05-25 14:26:44 UTC | 8 | IN | |
| 2022-05-25 14:26:44 UTC | 9 | IN | |
| 2022-05-25 14:26:44 UTC | 10 | IN | |
| 2022-05-25 14:26:44 UTC | 12 | IN | |
| 2022-05-25 14:26:44 UTC | 13 | IN | |
| 2022-05-25 14:26:44 UTC | 14 | IN | |
| 2022-05-25 14:26:44 UTC | 16 | IN | |
| 2022-05-25 14:26:44 UTC | 17 | IN | |
| 2022-05-25 14:26:44 UTC | 18 | IN | |
| 2022-05-25 14:26:44 UTC | 20 | IN | |
| 2022-05-25 14:26:44 UTC | 21 | IN | |
| 2022-05-25 14:26:44 UTC | 22 | IN | |
| 2022-05-25 14:26:44 UTC | 24 | IN | |
| 2022-05-25 14:26:44 UTC | 25 | IN | |
| 2022-05-25 14:26:44 UTC | 26 | IN | |
| 2022-05-25 14:26:44 UTC | 28 | IN | |
| 2022-05-25 14:26:44 UTC | 29 | IN | |
| 2022-05-25 14:26:44 UTC | 30 | IN | |
| 2022-05-25 14:26:44 UTC | 32 | IN | |
| 2022-05-25 14:26:44 UTC | 33 | IN | |
| 2022-05-25 14:26:44 UTC | 34 | IN | |
| 2022-05-25 14:26:44 UTC | 36 | IN | |
| 2022-05-25 14:26:44 UTC | 37 | IN | |
| 2022-05-25 14:26:44 UTC | 38 | IN | |
| 2022-05-25 14:26:44 UTC | 40 | IN | |
| 2022-05-25 14:26:44 UTC | 41 | IN | |
| 2022-05-25 14:26:44 UTC | 42 | IN | |
| 2022-05-25 14:26:44 UTC | 44 | IN | |
| 2022-05-25 14:26:44 UTC | 45 | IN | |
| 2022-05-25 14:26:44 UTC | 46 | IN | |
| 2022-05-25 14:26:44 UTC | 48 | IN | |
| 2022-05-25 14:26:44 UTC | 49 | IN | |
| 2022-05-25 14:26:44 UTC | 50 | IN | |
| 2022-05-25 14:26:44 UTC | 52 | IN | |
| 2022-05-25 14:26:44 UTC | 53 | IN | |
| 2022-05-25 14:26:44 UTC | 54 | IN | |
| 2022-05-25 14:26:44 UTC | 58 | IN | |
| 2022-05-25 14:26:44 UTC | 63 | IN | |
| 2022-05-25 14:26:44 UTC | 64 | IN | |
| 2022-05-25 14:26:44 UTC | 68 | IN | |
| 2022-05-25 14:26:44 UTC | 72 | IN | |
| 2022-05-25 14:26:44 UTC | 76 | IN | |
| 2022-05-25 14:26:44 UTC | 80 | IN | |
| 2022-05-25 14:26:44 UTC | 84 | IN | |
| 2022-05-25 14:26:44 UTC | 88 | IN | |
| 2022-05-25 14:26:44 UTC | 92 | IN | |
| 2022-05-25 14:26:44 UTC | 96 | IN | |
| 2022-05-25 14:26:44 UTC | 100 | IN | |
| 2022-05-25 14:26:44 UTC | 104 | IN | |
| 2022-05-25 14:26:44 UTC | 108 | IN | |
| 2022-05-25 14:26:44 UTC | 112 | IN | |
| 2022-05-25 14:26:44 UTC | 116 | IN | |
| 2022-05-25 14:26:45 UTC | 120 | IN | |
| 2022-05-25 14:26:45 UTC | 124 | IN | |
| 2022-05-25 14:26:45 UTC | 128 | IN | |
| 2022-05-25 14:26:45 UTC | 132 | IN | |
| 2022-05-25 14:26:45 UTC | 136 | IN | |
| 2022-05-25 14:26:45 UTC | 140 | IN | |
| 2022-05-25 14:26:45 UTC | 144 | IN | |
| 2022-05-25 14:26:45 UTC | 148 | IN | |
| 2022-05-25 14:26:45 UTC | 152 | IN | |
| 2022-05-25 14:26:45 UTC | 156 | IN | |
| 2022-05-25 14:26:45 UTC | 160 | IN | |
| 2022-05-25 14:26:45 UTC | 164 | IN | |
| 2022-05-25 14:26:45 UTC | 168 | IN | |
| 2022-05-25 14:26:45 UTC | 172 | IN | |
| 2022-05-25 14:26:45 UTC | 176 | IN | |
| 2022-05-25 14:26:45 UTC | 180 | IN | |
| 2022-05-25 14:26:45 UTC | 184 | IN | |
| 2022-05-25 14:26:45 UTC | 188 | IN | |
| 2022-05-25 14:26:45 UTC | 192 | IN | |
| 2022-05-25 14:26:45 UTC | 196 | IN | |
| 2022-05-25 14:26:45 UTC | 200 | IN |
Click to jump to process
| Target ID: | 0 |
| Start time: | 16:26:07 |
| Start date: | 25/05/2022 |
| Path: | C:\Users\user\Desktop\INVOICE.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 262120 bytes |
| MD5 hash: | A10619D494661C1F8CA180E53C5A11FD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 3 |
| Start time: | 16:26:26 |
| Start date: | 25/05/2022 |
| Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0xd50000 |
| File size: | 106496 bytes |
| MD5 hash: | 7BAE06CBE364BB42B8C34FCFB90E3EBD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | moderate |
| Target ID: | 4 |
| Start time: | 16:26:26 |
| Start date: | 25/05/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff7dae10000 |
| File size: | 875008 bytes |
| MD5 hash: | 81CA40085FC75BABD2C91D18AA9FFA68 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
⊘No disassembly