Windows
Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.20966.exe
Overview
General Information
Detection
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w10x64native
- SecuriteInfo.com.W32.AIDetect.malware2.20966.exe (PID: 4060 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.20966.ex e" MD5: 64D7DE9AC600402C1F3E5B9849CBD12C) - CasPol.exe (PID: 5668 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.20966.ex e" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 1776 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "https://cdn.discordapp.com/attachments/963535165500588126/979323922124263434/NANO_uyUuDnXlo102.bin"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.11.2023.105.131.1864981560402816766 05/26/22-16:00:39.811449 |
SID: | 2816766 |
Source Port: | 49815 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982560402816766 05/26/22-16:01:30.751950 |
SID: | 2816766 |
Source Port: | 49825 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984860402816766 05/26/22-16:03:48.494476 |
SID: | 2816766 |
Source Port: | 49848 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980560402816766 05/26/22-15:59:43.928974 |
SID: | 2816766 |
Source Port: | 49805 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983560402816766 05/26/22-16:02:33.314402 |
SID: | 2816766 |
Source Port: | 49835 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980260402816766 05/26/22-15:59:24.960165 |
SID: | 2816766 |
Source Port: | 49802 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983860402816766 05/26/22-16:02:53.694726 |
SID: | 2816766 |
Source Port: | 49838 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982860402025019 05/26/22-16:01:47.699375 |
SID: | 2025019 |
Source Port: | 49828 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983860402025019 05/26/22-16:02:51.890427 |
SID: | 2025019 |
Source Port: | 49838 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984860402025019 05/26/22-16:03:48.023194 |
SID: | 2025019 |
Source Port: | 49848 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980560402025019 05/26/22-15:59:42.351272 |
SID: | 2025019 |
Source Port: | 49805 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980860402816766 05/26/22-15:59:56.200164 |
SID: | 2816766 |
Source Port: | 49808 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982860402816766 05/26/22-16:01:49.192850 |
SID: | 2816766 |
Source Port: | 49828 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981560402025019 05/26/22-16:00:38.576495 |
SID: | 2025019 |
Source Port: | 49815 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981860402816766 05/26/22-16:00:58.648971 |
SID: | 2816766 |
Source Port: | 49818 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982560402025019 05/26/22-16:01:29.065196 |
SID: | 2025019 |
Source Port: | 49825 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976560402025019 05/26/22-15:56:12.879846 |
SID: | 2025019 |
Source Port: | 49765 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983560402025019 05/26/22-16:02:31.953912 |
SID: | 2025019 |
Source Port: | 49835 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977960402816766 05/26/22-15:57:19.190487 |
SID: | 2816766 |
Source Port: | 49779 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979960402816766 05/26/22-15:59:06.257645 |
SID: | 2816766 |
Source Port: | 49799 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981860402025019 05/26/22-16:00:57.495581 |
SID: | 2025019 |
Source Port: | 49818 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978960402816766 05/26/22-15:58:10.277104 |
SID: | 2816766 |
Source Port: | 49789 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977060402816766 05/26/22-15:56:33.178512 |
SID: | 2816766 |
Source Port: | 49770 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980860402025019 05/26/22-15:59:54.775081 |
SID: | 2025019 |
Source Port: | 49808 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976960402816766 05/26/22-15:56:27.425771 |
SID: | 2816766 |
Source Port: | 49769 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984260402816766 05/26/22-16:03:17.908121 |
SID: | 2816766 |
Source Port: | 49842 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979860402816766 05/26/22-15:58:59.800390 |
SID: | 2816766 |
Source Port: | 49798 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981260402816766 05/26/22-16:00:21.076032 |
SID: | 2816766 |
Source Port: | 49812 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983260402816766 05/26/22-16:02:14.500974 |
SID: | 2816766 |
Source Port: | 49832 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979560402025019 05/26/22-15:58:39.522469 |
SID: | 2025019 |
Source Port: | 49795 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979060402816766 05/26/22-15:58:16.133681 |
SID: | 2816766 |
Source Port: | 49790 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978860402816766 05/26/22-15:58:04.100981 |
SID: | 2816766 |
Source Port: | 49788 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981760402025019 05/26/22-16:00:51.220728 |
SID: | 2025019 |
Source Port: | 49817 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982760402025019 05/26/22-16:01:41.566194 |
SID: | 2025019 |
Source Port: | 49827 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983760402025019 05/26/22-16:02:44.519407 |
SID: | 2025019 |
Source Port: | 49837 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977360402025019 05/26/22-15:56:44.690350 |
SID: | 2025019 |
Source Port: | 49773 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984760402025019 05/26/22-16:03:41.655642 |
SID: | 2025019 |
Source Port: | 49847 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980960402816766 05/26/22-16:00:02.620266 |
SID: | 2816766 |
Source Port: | 49809 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982960402816766 05/26/22-16:01:54.973971 |
SID: | 2816766 |
Source Port: | 49829 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979060402025019 05/26/22-15:58:14.803346 |
SID: | 2025019 |
Source Port: | 49790 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981960402816766 05/26/22-16:01:05.464986 |
SID: | 2816766 |
Source Port: | 49819 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983460402816766 05/26/22-16:02:27.319667 |
SID: | 2816766 |
Source Port: | 49834 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980460402816766 05/26/22-15:59:37.256053 |
SID: | 2816766 |
Source Port: | 49804 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984460402816766 05/26/22-16:03:30.418952 |
SID: | 2816766 |
Source Port: | 49844 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977060402025019 05/26/22-15:56:31.788768 |
SID: | 2025019 |
Source Port: | 49770 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979360402025019 05/26/22-15:58:27.110768 |
SID: | 2025019 |
Source Port: | 49793 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984760402816766 05/26/22-16:03:43.011572 |
SID: | 2816766 |
Source Port: | 49847 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981460402816766 05/26/22-16:00:33.731642 |
SID: | 2816766 |
Source Port: | 49814 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978360402025019 05/26/22-15:57:36.897932 |
SID: | 2025019 |
Source Port: | 49783 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982460402816766 05/26/22-16:01:24.617191 |
SID: | 2816766 |
Source Port: | 49824 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980760402816766 05/26/22-15:59:49.737530 |
SID: | 2816766 |
Source Port: | 49807 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978160402025019 05/26/22-15:57:24.359156 |
SID: | 2025019 |
Source Port: | 49781 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977160402025019 05/26/22-15:56:38.170315 |
SID: | 2025019 |
Source Port: | 49771 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983760402816766 05/26/22-16:02:46.019641 |
SID: | 2816766 |
Source Port: | 49837 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984660402816766 05/26/22-16:03:36.972101 |
SID: | 2816766 |
Source Port: | 49846 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983960402025019 05/26/22-16:02:58.151287 |
SID: | 2025019 |
Source Port: | 49839 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982760402816766 05/26/22-16:01:43.014053 |
SID: | 2816766 |
Source Port: | 49827 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976160402025019 05/26/22-15:56:00.383368 |
SID: | 2025019 |
Source Port: | 49761 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981760402816766 05/26/22-16:00:52.533812 |
SID: | 2816766 |
Source Port: | 49817 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981660402816766 05/26/22-16:00:46.292905 |
SID: | 2816766 |
Source Port: | 49816 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976260402025019 05/26/22-15:56:06.629341 |
SID: | 2025019 |
Source Port: | 49762 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978260402025019 05/26/22-15:57:30.508429 |
SID: | 2025019 |
Source Port: | 49782 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983660402816766 05/26/22-16:02:39.799674 |
SID: | 2816766 |
Source Port: | 49836 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982660402816766 05/26/22-16:01:36.741417 |
SID: | 2816766 |
Source Port: | 49826 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979160402025019 05/26/22-15:58:21.000554 |
SID: | 2025019 |
Source Port: | 49791 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976160402816766 05/26/22-15:56:01.939832 |
SID: | 2816766 |
Source Port: | 49761 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981060402025019 05/26/22-16:00:07.364061 |
SID: | 2025019 |
Source Port: | 49810 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983060402025019 05/26/22-16:02:00.188714 |
SID: | 2025019 |
Source Port: | 49830 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978160402816766 05/26/22-15:57:25.603009 |
SID: | 2816766 |
Source Port: | 49781 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984360402025019 05/26/22-16:03:23.027250 |
SID: | 2025019 |
Source Port: | 49843 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977160402816766 05/26/22-15:56:40.126407 |
SID: | 2816766 |
Source Port: | 49771 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977460402816766 05/26/22-15:56:53.223065 |
SID: | 2816766 |
Source Port: | 49774 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980060402025019 05/26/22-15:59:10.769530 |
SID: | 2025019 |
Source Port: | 49800 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984060402025019 05/26/22-16:03:04.351885 |
SID: | 2025019 |
Source Port: | 49840 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979760402816766 05/26/22-15:58:53.460534 |
SID: | 2816766 |
Source Port: | 49797 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978760402816766 05/26/22-15:57:57.478253 |
SID: | 2816766 |
Source Port: | 49787 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979160402816766 05/26/22-15:58:22.263883 |
SID: | 2816766 |
Source Port: | 49791 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982060402025019 05/26/22-16:01:09.994060 |
SID: | 2025019 |
Source Port: | 49820 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976760402816766 05/26/22-15:56:20.799699 |
SID: | 2816766 |
Source Port: | 49767 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977760402816766 05/26/22-15:57:06.208432 |
SID: | 2816766 |
Source Port: | 49777 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977760402025019 05/26/22-15:57:04.863201 |
SID: | 2025019 |
Source Port: | 49777 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979760402025019 05/26/22-15:58:51.980207 |
SID: | 2025019 |
Source Port: | 49797 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977460402025019 05/26/22-15:56:52.056646 |
SID: | 2025019 |
Source Port: | 49774 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976760402025019 05/26/22-15:56:19.211103 |
SID: | 2025019 |
Source Port: | 49767 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984060402816766 05/26/22-16:03:05.884415 |
SID: | 2816766 |
Source Port: | 49840 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982960402025019 05/26/22-16:01:53.841478 |
SID: | 2025019 |
Source Port: | 49829 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983060402816766 05/26/22-16:02:01.313700 |
SID: | 2816766 |
Source Port: | 49830 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982060402816766 05/26/22-16:01:11.525399 |
SID: | 2816766 |
Source Port: | 49820 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980960402025019 05/26/22-16:00:00.999585 |
SID: | 2025019 |
Source Port: | 49809 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981960402025019 05/26/22-16:01:03.813343 |
SID: | 2025019 |
Source Port: | 49819 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978760402025019 05/26/22-15:57:55.960566 |
SID: | 2025019 |
Source Port: | 49787 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984360402816766 05/26/22-16:03:24.726216 |
SID: | 2816766 |
Source Port: | 49843 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983360402816766 05/26/22-16:02:20.467719 |
SID: | 2816766 |
Source Port: | 49833 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980360402816766 05/26/22-15:59:31.064438 |
SID: | 2816766 |
Source Port: | 49803 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978460402025019 05/26/22-15:57:43.260939 |
SID: | 2025019 |
Source Port: | 49784 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979460402025019 05/26/22-15:58:33.245752 |
SID: | 2025019 |
Source Port: | 49794 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981360402816766 05/26/22-16:00:27.333360 |
SID: | 2816766 |
Source Port: | 49813 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981660402025019 05/26/22-16:00:44.925419 |
SID: | 2025019 |
Source Port: | 49816 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982660402025019 05/26/22-16:01:35.304988 |
SID: | 2025019 |
Source Port: | 49826 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984660402025019 05/26/22-16:03:35.492048 |
SID: | 2025019 |
Source Port: | 49846 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983660402025019 05/26/22-16:02:38.225362 |
SID: | 2025019 |
Source Port: | 49836 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983960402816766 05/26/22-16:02:59.932437 |
SID: | 2816766 |
Source Port: | 49839 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980760402025019 05/26/22-15:59:48.573500 |
SID: | 2025019 |
Source Port: | 49807 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979660402025019 05/26/22-15:58:45.848723 |
SID: | 2025019 |
Source Port: | 49796 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977860402816766 05/26/22-15:57:12.760715 |
SID: | 2816766 |
Source Port: | 49778 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984160402816766 05/26/22-16:03:12.022941 |
SID: | 2816766 |
Source Port: | 49841 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981460402025019 05/26/22-16:00:32.341365 |
SID: | 2025019 |
Source Port: | 49814 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983160402816766 05/26/22-16:02:08.268595 |
SID: | 2816766 |
Source Port: | 49831 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980460402025019 05/26/22-15:59:35.877170 |
SID: | 2025019 |
Source Port: | 49804 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982460402025019 05/26/22-16:01:22.833318 |
SID: | 2025019 |
Source Port: | 49824 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977660402025019 05/26/22-15:56:58.432214 |
SID: | 2025019 |
Source Port: | 49776 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982160402816766 05/26/22-16:01:17.588164 |
SID: | 2816766 |
Source Port: | 49821 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978660402025019 05/26/22-15:57:49.740088 |
SID: | 2025019 |
Source Port: | 49786 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979560402816766 05/26/22-15:58:41.279884 |
SID: | 2816766 |
Source Port: | 49795 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981160402025019 05/26/22-16:00:13.535426 |
SID: | 2025019 |
Source Port: | 49811 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976260402816766 05/26/22-15:56:08.310743 |
SID: | 2816766 |
Source Port: | 49762 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984460402025019 05/26/22-16:03:29.170126 |
SID: | 2025019 |
Source Port: | 49844 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981160402816766 05/26/22-16:00:14.960975 |
SID: | 2816766 |
Source Port: | 49811 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983160402025019 05/26/22-16:02:06.553242 |
SID: | 2025019 |
Source Port: | 49831 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983460402025019 05/26/22-16:02:25.719832 |
SID: | 2025019 |
Source Port: | 49834 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980160402025019 05/26/22-15:59:16.908066 |
SID: | 2025019 |
Source Port: | 49801 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980160402816766 05/26/22-15:59:18.628092 |
SID: | 2816766 |
Source Port: | 49801 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984160402025019 05/26/22-16:03:10.571068 |
SID: | 2025019 |
Source Port: | 49841 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978260402816766 05/26/22-15:57:32.216605 |
SID: | 2816766 |
Source Port: | 49782 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979660402816766 05/26/22-15:58:47.615141 |
SID: | 2816766 |
Source Port: | 49796 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864982160402025019 05/26/22-16:01:16.398385 |
SID: | 2025019 |
Source Port: | 49821 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977860402025019 05/26/22-15:57:11.360294 |
SID: | 2025019 |
Source Port: | 49778 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980060402816766 05/26/22-15:59:12.507974 |
SID: | 2816766 |
Source Port: | 49800 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977660402816766 05/26/22-15:56:59.647230 |
SID: | 2816766 |
Source Port: | 49776 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978660402816766 05/26/22-15:57:51.601487 |
SID: | 2816766 |
Source Port: | 49786 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980260402025019 05/26/22-15:59:23.172282 |
SID: | 2025019 |
Source Port: | 49802 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981060402816766 05/26/22-16:00:08.473188 |
SID: | 2816766 |
Source Port: | 49810 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979860402025019 05/26/22-15:58:58.214044 |
SID: | 2025019 |
Source Port: | 49798 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977360402816766 05/26/22-15:56:45.939265 |
SID: | 2816766 |
Source Port: | 49773 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983260402025019 05/26/22-16:02:12.885773 |
SID: | 2025019 |
Source Port: | 49832 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978360402816766 05/26/22-15:57:38.401270 |
SID: | 2816766 |
Source Port: | 49783 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981260402025019 05/26/22-16:00:19.734616 |
SID: | 2025019 |
Source Port: | 49812 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978860402025019 05/26/22-15:58:02.220447 |
SID: | 2025019 |
Source Port: | 49788 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979360402816766 05/26/22-15:58:28.592646 |
SID: | 2816766 |
Source Port: | 49793 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976960402025019 05/26/22-15:56:25.526017 |
SID: | 2025019 |
Source Port: | 49769 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864980360402025019 05/26/22-15:59:29.560470 |
SID: | 2025019 |
Source Port: | 49803 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979960402025019 05/26/22-15:59:04.607442 |
SID: | 2025019 |
Source Port: | 49799 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864983360402025019 05/26/22-16:02:19.231016 |
SID: | 2025019 |
Source Port: | 49833 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864984260402025019 05/26/22-16:03:16.791596 |
SID: | 2025019 |
Source Port: | 49842 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864976560402816766 05/26/22-15:56:14.593777 |
SID: | 2816766 |
Source Port: | 49765 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978460402816766 05/26/22-15:57:44.981952 |
SID: | 2816766 |
Source Port: | 49784 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864977960402025019 05/26/22-15:57:18.052646 |
SID: | 2025019 |
Source Port: | 49779 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864978960402025019 05/26/22-15:58:08.508734 |
SID: | 2025019 |
Source Port: | 49789 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864981360402025019 05/26/22-16:00:26.085390 |
SID: | 2025019 |
Source Port: | 49813 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.2023.105.131.1864979460402816766 05/26/22-15:58:34.260151 |
SID: | 2816766 |
Source Port: | 49794 |
Destination Port: | 6040 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | File opened: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process Stats: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Task registration methods: | ||
Source: | Task registration methods: | ||
Source: | Task registration methods: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File written: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: |
Source: | Registry value created: | Jump to behavior |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | File opened / queried: |
Source: | Process information queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: |
Source: | System information queried: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Memory allocated: |
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 4 File and Directory Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Scheduled Task/Job | 1 Windows Service | 1 Access Token Manipulation | 1 Obfuscated Files or Information | LSASS Memory | 5 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | 1 Scheduled Task/Job | 1 Windows Service | 1 DLL Side-Loading | Security Account Manager | 221 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | 1 Registry Run Keys / Startup Folder | 12 Process Injection | 1 Masquerading | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | 1 Scheduled Task/Job | 141 Virtualization/Sandbox Evasion | LSA Secrets | 141 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 12 Process Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Hidden Files and Directories | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse | ||
7% | ReversingLabs | Win32.Downloader.GuLoader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.discordapp.com | 162.159.129.233 | true | false | high | |
ratagain.gleeze.com | 23.105.131.186 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
162.159.129.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false | |
23.105.131.186 | ratagain.gleeze.com | United States | 396362 | LEASEWEB-USA-NYC-11US | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 634648 |
Start date and time: 26/05/202215:53:31 | 2022-05-26 15:53:31 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 21 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@4/19@76/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- TCP Packets have been reduced to 100
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
15:55:54 | Autostart | |
15:55:58 | API Interceptor | |
15:56:02 | Autostart |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 37 |
Entropy (8bit): | 4.540402352056965 |
Encrypted: | false |
SSDEEP: | 3:5CeXAYpqyn:5CeWy |
MD5: | D5E9EF9561789A05AFB528A1E6C7D9B7 |
SHA1: | B2C92096EE4103A58B41A0754F2E1F1BB823392C |
SHA-256: | 8D2AE334DCB01E0A5EE1F9CA0689E68743E851B96E48A75ED5E20515D03D7FF5 |
SHA-512: | 09FC8CF87BA6D12D744D5560B14DC8CFBCE9F9DA4EAAF36C1F6176AA56C0F40129F0B231C373E7BE1206F0209137782615FB60FFCD4A184D5131FD073A658684 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 920 |
Entropy (8bit): | 2.9814599276151545 |
Encrypted: | false |
SSDEEP: | 12:8wl0gsXUCV/tz+7RafgKDKmY1LmWQ18/rNJkKAh4t2YCBTo8:8vraRMgK0pOS5HALJT |
MD5: | AA6BC79B220719BD39A82A8A4E4153C6 |
SHA1: | A2659B2897A78A5B32268DA79EBCAA71B04C23E7 |
SHA-256: | 44FD1BEE4ED2EB625483C2706DAB8341CAE84D22E043B9B05283A57413221E0A |
SHA-512: | A5EE3930C7477C51FCD3154AD1F6EFAA5EF10677C76AC6DEA1028627CF69A9AB730F7E248CDB078A78B5C448C76C0A376C8858502351AFACFAA441A0D11E7A58 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 515816 |
Entropy (8bit): | 6.444433831771789 |
Encrypted: | false |
SSDEEP: | 12288:hY/Hjc0/Lf7vjm4GjDL7ROBM1SMzRJTp4g4D:hY/Dc+LDLmVL7QMx9Np4g4D |
MD5: | 232371076A23379753EB776CF06FBE5D |
SHA1: | 6A5EA5D44E555AD392725E5AC3D80AF0137386E9 |
SHA-256: | 5940F9D18B9439ECBFCD6EDC60563D6F56623D03F09EAFA786C436185EF156BB |
SHA-512: | 590F67E8455DCFE57795F17C94E6082B54C1FEAEF81942B1E92EFC7905E3E6B6EC7A05EEF12A8F0483B5DC1928DC9E7645A74BAE31E77F7AC403C64344F09625 |
Malicious: | false |
Antivirus: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116720 |
Entropy (8bit): | 5.889271571414613 |
Encrypted: | false |
SSDEEP: | 3072:g3nqpX2I6OhctR+lCTD01Lcy4J93TnCx86:L2W1oy4J93TCT |
MD5: | DBF787BD6E5CE77FB34FF281A144EB96 |
SHA1: | 50B7799ECCA566BE35429828245D44CB04AD8885 |
SHA-256: | CCBACEEA04837229C95C08274C747ABE069279AFB990DDD89EC743C42ADC0AD9 |
SHA-512: | 07949EC3882D9CB6E2341CE60C6E911F24463B01F484C037E65A2A8F3495543A096B632E01F8480D03FF388D1E811ECF760155F97F1D5329785C506603BB18A7 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 104885 |
Entropy (8bit): | 6.616929267685571 |
Encrypted: | false |
SSDEEP: | 1536:zHdJZGScq/G0IQMvlBQ0SqfxeDnSpKJfyTB2jEyGIMe:zHseGdQoBtorHpGIz |
MD5: | 783896AB4BF80A78F5D6EF8CD5E67835 |
SHA1: | 46C7FAB858B604A8CF50FE0F6612152A0D6743CA |
SHA-256: | 49B6243080ED1C14B192FA5D7D9FC04C8A9992AD81E088C4B58B4934877F4618 |
SHA-512: | 7AED4B10EFA8E359FB00B83429EE0363EADD53A7A51AFB622F2B7FEFF195739B0A0BBD96E6D7098E697ECE7E92C4E6E4A72606C8BE6620719CF940A110FC29B3 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 132096 |
Entropy (8bit): | 7.120290023334178 |
Encrypted: | false |
SSDEEP: | 3072:r8z0aOC7z/raqtHAGoJaw10xCMZvMfz+7zDxKlJgWbAh2+b:rY7z/GqtgF43Qi7XxKlJhevb |
MD5: | 75D305F30919530A2C49AC362D2E2D34 |
SHA1: | B9EE4ACF9AC299FCADC4A074AEA0C0FD7888AA1D |
SHA-256: | CF5676ADA0FF425860EE60E3EE7AC4091C568D9FD9E3562D4BC7F06D5A78AD15 |
SHA-512: | 6DB2CE736A5F735FCE1AE4D3573E4E03B3E2F605A39280FC30FF28879130B5F4F2BE45C541D30FC6C29718009FEFC40CEFB2E4F267CFAE3ECFBD8949F48CD37B |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 204192 |
Entropy (8bit): | 6.237429214447198 |
Encrypted: | false |
SSDEEP: | 3072:HzS560/yk/J3HssPqqGLgl+zX3FKZzSzvG7mH28dZOjc/2r6MqRo9HYzsQb5878:HqJ3HssPqqGLgl+zXkZzt84a84 |
MD5: | DA9015DF320DCC2EDDEE493E20F639BA |
SHA1: | 5732E5722D2CB5A668ABC19AED6434852D0A4FC8 |
SHA-256: | 2294EBB89E749E7145628164913251B563EA6641A6CD1AE03FBCE55DA43F9B17 |
SHA-512: | AF2C0E28966537842817174146DEDEA93A00BDBACF97FFAAECE878E3191D3719BF9A2B1618AB645CB68D2039B4EB16524B309A2BF0D76DDCA6AE09708CD2CBFA |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 311390 |
Entropy (8bit): | 6.361387975641255 |
Encrypted: | false |
SSDEEP: | 6144:U/Vk7bUkU6FA8p/eE7Zfjaehfp49MQJZMCJkp5kUKFhRY2:wV8qgZfhhfp49MQJZMCJC5YFZ |
MD5: | 96CF937BBA21CB4D3203E15246837AE9 |
SHA1: | 08B9BF57F8942CA98077B62BB0DBA0BD0AF2C952 |
SHA-256: | 398185CE130D689D5D2B2C3F179F540715F030D91246C876675E84456F1BA488 |
SHA-512: | C9E3B60B266ED39B85E87B083EED132441FB364D443AC60F5C4A1BC7B59595FE97387B00BA6817265DC7BF30F3FFAA4F3DF1385327F85C083B51F91CA169D282 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 725 |
Entropy (8bit): | 7.612179564723704 |
Encrypted: | false |
SSDEEP: | 12:6v/7skki3PkFefEst0cNLbh4rbRiUq4reba3XECLR9ZFahsWujm9dcKjnpdwlkc:VkkMPkxc04Lbh4rViH4rEalLHnWVujuS |
MD5: | 5CE69BDF1125A922B6ED1FE28DCAF92B |
SHA1: | 10C925FAD32D7071A3D96608FD1A04ECDA1B4820 |
SHA-256: | 0537CF9335394EA509ED23021DAA44F781D380FEAA3947B9DD31C290BE706E1A |
SHA-512: | E4F76572FE9613BA184E7988533BC434B61FDD0544C148DFB53EB7691590232A2930515B70F61B9696980EE6FA01202C861BEB9A1AEE859C3ECCDD795BBA75E8 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207 |
Entropy (8bit): | 6.561784186830513 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllJF5peNf2J+Ej+hdc45kjv/iW8DFWwd5sXGQ4Hh9:6v/lhPysPwXx5kjSW8DF3dyTKhAq7p |
MD5: | EBBCB008023C6C1B4EFAB0774A4BB19E |
SHA1: | 7C657C976D7D728E9D6D8F6A603F50B42D86C321 |
SHA-256: | 5FD17A236AF8B520DB2E34E44E71C3634CB8221E0A27617E522ECB8D0FF8EFF8 |
SHA-512: | DCEDCF09A83F2350D42001CFD009B395F8CA7B9B33F4B7CC3C1C787EDCE9749030EB54AC8D90645F92C141C8D882A4F0AB9A32F274320DE260CD3DF37CED71CE |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1007944 |
Entropy (8bit): | 7.706168251042061 |
Encrypted: | false |
SSDEEP: | 24576:nbgt9utUghMeF3HVojgCpaxMiicfJuAJB:bgiUgXXujhpaCib |
MD5: | 1A322630DE0DBCA059FD771A9CD9D863 |
SHA1: | 1F4DDDF6F3E39A42A76B92CCE42FCC981647BC73 |
SHA-256: | D2130DDAD7BD136450499EFEB7E4EF8D8C073AAD36FD0AAB1CD645C1458D3EBF |
SHA-512: | 624FD5C6AF77532A83E03C4B8CED384E5265EF1ECD8A5E1AA71F3DE12E21D13B339F622E9D7D65773FFF2BBC15AC33DD7E418206DBF8EFC2E0892541F262CCD6 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 255 |
Entropy (8bit): | 6.804661221546568 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPEkME03pQi22U1mw7vgdLSPhZjp7YlHgX+nSbw/Vp:6v/7CE03p829ovCAYlNnScz |
MD5: | 0D948AEE5693D469DA3F0DCC0FCC009D |
SHA1: | 61A9DA78E129B3A98855E54F837025CA20DF8017 |
SHA-256: | 85D3314527708E953C393ABE52AD6A7AD63BDA7A31353CE0380CC775AA781A6F |
SHA-512: | C7E601DF3F09BCF1D144F35CF9402E00CCDE7C3CB705D5EC39787F526158DE4110CEE10965DDCBD64BC65B3DC97CD8E504BBFEF20ACF045D0851441C691CE605 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46132 |
Entropy (8bit): | 3.999752590177944 |
Encrypted: | false |
SSDEEP: | 768:1KZto2j5sElk5yRgKwA6/eyPRR0jvf4VDJOPYK/+bszhsAyN/Abdfl82y:OLKkzw3PRRmoV9OPYnbsq1Cpfl8f |
MD5: | B067370FD071B16223FA8E1E5A1474EE |
SHA1: | 4460E6972EE4AEC56907FC10879ED2616E10409A |
SHA-256: | 57197A007044FBC9E7EE63D5C69291EF7A6241C9A71EFAC545C02D18966BFD7C |
SHA-512: | 0BB027C330FB598F63FE0623757DF31AB6CEF7710AD351DCEB285FFA679C3611EB3275C59DBBDAA5C17B138595A1E9AFB06DB417F6186C0F05265F43A130795D |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 274 |
Entropy (8bit): | 6.700098934002617 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysPQcxtmxnHmYR3o5dEYBgQin+ErxwfHDYnIp:6v/7lxUhH/N9YB/inDwfHwi |
MD5: | D8FFE7BA5669DE024607E64126DDFFEC |
SHA1: | D1993BB12041E4C3F7CF45AFB2DBCFB74A544C0D |
SHA-256: | 2A6FD48DE810DE4BD61BD26DDAECCB6C6C9204CB4D213EBE1ACB560054911CDD |
SHA-512: | 47C6D898DE3DFC27E63563F7723F8F690156FBF0F45470FF0DD2FE4E75D4B7108D9700E34E14890DB95C9D20A9D77D7429B32044B2E58708984A4014D35760BD |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2250 |
Entropy (8bit): | 5.060293593237505 |
Encrypted: | false |
SSDEEP: | 48:uTHxDxX7Nrh4sRIjan3/CpUlOpUjWQ05+N2iNM0zjjf47GvSzRU:gxDl7Nl4sDvvOK0/mMu4C5 |
MD5: | 4BCE488F7C4E00ED71170C7D0A593663 |
SHA1: | F49F1FD072D650A8A5DD1F026E003CEE85420BC8 |
SHA-256: | 17365C633230CD05375125AA6C710B76900E2B93D87D14E1F9F2338C3B3BEA1A |
SHA-512: | E570D618B14A39F319DC12F0332BA62E8387C5A9F8104AEC7263F89B806CA7E501DD9762B8B117B34E5F8E401564C015FF269BC432776327C7768C3B67087F7E |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 232 |
Entropy (8bit): | 7.024371743172393 |
Encrypted: | false |
SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 2.75 |
Encrypted: | false |
SSDEEP: | 3:fMtn:k |
MD5: | 3A5EAF0A700BDF9302CA712650C61A17 |
SHA1: | D4B206EA1D5493B9010C390BEE33F040DFE3E398 |
SHA-256: | 1038EF03DC82A289928DE25E2B99B0184A358DEA132EA03B1253C9C65927226E |
SHA-512: | 6BE6C45B8A94FE4E6618AF0BE8E77875A34A319D56F6E5654DE5A4C96B117D797FFA7019CD906C82634905244A4F620A56C4BA3765CF5FAA144EC37D8C59C827 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.7061727765713295 |
TrID: |
|
File name: | SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
File size: | 1007944 |
MD5: | 64d7de9ac600402c1f3e5b9849cbd12c |
SHA1: | 961f113b32ce2f0958ec5fcccf5489524cf30348 |
SHA256: | da36f8024e0a8b325dbd71aceed611d0cc8000af85346ceea1bd2a2cf1a73eb6 |
SHA512: | d2bb0170b1fa8afbabe8a0e2265f29a9bff07879082f25c7d0183b64c60fb2508af985fa5acef8d31e5ffd0f279f55ef831576cb4bad5d94a19da102c1889bff |
SSDEEP: | 24576:gbgt9utUghMeF3HVojgCpaxMiicfJuAJB:qgiUgXXujhpaCib |
TLSH: | D12523153F9CCE22C4A00DB5B9F2C6496BB4ED00065D6A437351783EFEFE6576A0A11B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 34d2c6c3c7c6bc58 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Signature Valid: | false |
Signature Issuer: | CN="kontorrekvisits Oppugned ", O=Ballant5, L=Elizabethtown, S=Kentucky, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | B5BE6BA51DC7F328E361775F3AFB98CE |
Thumbprint SHA-1: | 2BCE3B99E9132A3E6375A192F9D0C64AEF4D8E7B |
Thumbprint SHA-256: | 9645B569EF57649368EF203133C795CF98EBD15713833D5B5C737859188A2774 |
Serial: | F81B94967AC0A1CA |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F0E1462666Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F0E1462663Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x60000 | 0x3a278 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xf4938 | 0x1810 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x36000 | 0x2a000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x60000 | 0x3a278 | 0x3a400 | False | 0.578342945279 | data | 6.13676898317 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x60388 | 0x11db7 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x72140 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x82968 | 0x94a8 | data | English | United States |
RT_ICON | 0x8be10 | 0x5488 | data | English | United States |
RT_ICON | 0x91298 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 234938623, next used block 4294909696 | English | United States |
RT_ICON | 0x954c0 | 0x25a8 | data | English | United States |
RT_ICON | 0x97a68 | 0x10a8 | data | English | United States |
RT_ICON | 0x98b10 | 0x988 | data | English | United States |
RT_ICON | 0x99498 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x99900 | 0x100 | data | English | United States |
RT_DIALOG | 0x99a00 | 0x11c | data | English | United States |
RT_DIALOG | 0x99b20 | 0xc4 | data | English | United States |
RT_DIALOG | 0x99be8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x99c48 | 0x84 | data | English | United States |
RT_VERSION | 0x99cd0 | 0x264 | data | English | United States |
RT_MANIFEST | 0x99f38 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | unawarelymed |
FileVersion | 8.3.15 |
CompanyName | uvanligereomk |
LegalTrademarks | INSTRUKTIONS |
Comments | NONSTIC |
ProductName | Anti60 |
FileDescription | Meousgavebo |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.2023.105.131.1864981560402816766 05/26/22-16:00:39.811449 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49815 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982560402816766 05/26/22-16:01:30.751950 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49825 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984860402816766 05/26/22-16:03:48.494476 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980560402816766 05/26/22-15:59:43.928974 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49805 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983560402816766 05/26/22-16:02:33.314402 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49835 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980260402816766 05/26/22-15:59:24.960165 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49802 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983860402816766 05/26/22-16:02:53.694726 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49838 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982860402025019 05/26/22-16:01:47.699375 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49828 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983860402025019 05/26/22-16:02:51.890427 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49838 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984860402025019 05/26/22-16:03:48.023194 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980560402025019 05/26/22-15:59:42.351272 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49805 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980860402816766 05/26/22-15:59:56.200164 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49808 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982860402816766 05/26/22-16:01:49.192850 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49828 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981560402025019 05/26/22-16:00:38.576495 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49815 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981860402816766 05/26/22-16:00:58.648971 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49818 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982560402025019 05/26/22-16:01:29.065196 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49825 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976560402025019 05/26/22-15:56:12.879846 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49765 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983560402025019 05/26/22-16:02:31.953912 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49835 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977960402816766 05/26/22-15:57:19.190487 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49779 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979960402816766 05/26/22-15:59:06.257645 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49799 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981860402025019 05/26/22-16:00:57.495581 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49818 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978960402816766 05/26/22-15:58:10.277104 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49789 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977060402816766 05/26/22-15:56:33.178512 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49770 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980860402025019 05/26/22-15:59:54.775081 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49808 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976960402816766 05/26/22-15:56:27.425771 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49769 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984260402816766 05/26/22-16:03:17.908121 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49842 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979860402816766 05/26/22-15:58:59.800390 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49798 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981260402816766 05/26/22-16:00:21.076032 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49812 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983260402816766 05/26/22-16:02:14.500974 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49832 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979560402025019 05/26/22-15:58:39.522469 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49795 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979060402816766 05/26/22-15:58:16.133681 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49790 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978860402816766 05/26/22-15:58:04.100981 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49788 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981760402025019 05/26/22-16:00:51.220728 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49817 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982760402025019 05/26/22-16:01:41.566194 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49827 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983760402025019 05/26/22-16:02:44.519407 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49837 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977360402025019 05/26/22-15:56:44.690350 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49773 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984760402025019 05/26/22-16:03:41.655642 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49847 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980960402816766 05/26/22-16:00:02.620266 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49809 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982960402816766 05/26/22-16:01:54.973971 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49829 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979060402025019 05/26/22-15:58:14.803346 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49790 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981960402816766 05/26/22-16:01:05.464986 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49819 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983460402816766 05/26/22-16:02:27.319667 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49834 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980460402816766 05/26/22-15:59:37.256053 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49804 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984460402816766 05/26/22-16:03:30.418952 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49844 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977060402025019 05/26/22-15:56:31.788768 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49770 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979360402025019 05/26/22-15:58:27.110768 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49793 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984760402816766 05/26/22-16:03:43.011572 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49847 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981460402816766 05/26/22-16:00:33.731642 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49814 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978360402025019 05/26/22-15:57:36.897932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49783 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982460402816766 05/26/22-16:01:24.617191 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49824 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980760402816766 05/26/22-15:59:49.737530 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49807 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978160402025019 05/26/22-15:57:24.359156 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49781 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977160402025019 05/26/22-15:56:38.170315 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49771 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983760402816766 05/26/22-16:02:46.019641 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49837 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984660402816766 05/26/22-16:03:36.972101 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49846 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983960402025019 05/26/22-16:02:58.151287 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49839 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982760402816766 05/26/22-16:01:43.014053 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49827 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976160402025019 05/26/22-15:56:00.383368 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49761 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981760402816766 05/26/22-16:00:52.533812 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49817 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981660402816766 05/26/22-16:00:46.292905 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49816 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976260402025019 05/26/22-15:56:06.629341 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49762 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978260402025019 05/26/22-15:57:30.508429 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49782 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983660402816766 05/26/22-16:02:39.799674 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49836 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982660402816766 05/26/22-16:01:36.741417 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49826 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979160402025019 05/26/22-15:58:21.000554 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49791 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976160402816766 05/26/22-15:56:01.939832 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49761 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981060402025019 05/26/22-16:00:07.364061 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49810 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983060402025019 05/26/22-16:02:00.188714 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49830 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978160402816766 05/26/22-15:57:25.603009 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49781 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984360402025019 05/26/22-16:03:23.027250 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49843 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977160402816766 05/26/22-15:56:40.126407 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49771 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977460402816766 05/26/22-15:56:53.223065 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49774 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980060402025019 05/26/22-15:59:10.769530 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49800 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984060402025019 05/26/22-16:03:04.351885 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49840 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979760402816766 05/26/22-15:58:53.460534 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49797 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978760402816766 05/26/22-15:57:57.478253 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49787 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979160402816766 05/26/22-15:58:22.263883 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49791 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982060402025019 05/26/22-16:01:09.994060 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49820 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976760402816766 05/26/22-15:56:20.799699 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49767 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977760402816766 05/26/22-15:57:06.208432 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49777 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977760402025019 05/26/22-15:57:04.863201 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49777 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979760402025019 05/26/22-15:58:51.980207 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49797 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977460402025019 05/26/22-15:56:52.056646 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49774 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976760402025019 05/26/22-15:56:19.211103 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49767 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984060402816766 05/26/22-16:03:05.884415 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49840 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982960402025019 05/26/22-16:01:53.841478 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49829 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983060402816766 05/26/22-16:02:01.313700 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49830 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982060402816766 05/26/22-16:01:11.525399 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49820 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980960402025019 05/26/22-16:00:00.999585 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49809 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981960402025019 05/26/22-16:01:03.813343 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49819 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978760402025019 05/26/22-15:57:55.960566 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49787 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984360402816766 05/26/22-16:03:24.726216 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49843 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983360402816766 05/26/22-16:02:20.467719 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49833 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980360402816766 05/26/22-15:59:31.064438 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49803 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978460402025019 05/26/22-15:57:43.260939 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49784 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979460402025019 05/26/22-15:58:33.245752 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49794 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981360402816766 05/26/22-16:00:27.333360 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49813 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981660402025019 05/26/22-16:00:44.925419 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49816 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982660402025019 05/26/22-16:01:35.304988 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49826 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984660402025019 05/26/22-16:03:35.492048 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49846 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983660402025019 05/26/22-16:02:38.225362 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49836 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983960402816766 05/26/22-16:02:59.932437 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49839 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980760402025019 05/26/22-15:59:48.573500 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49807 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979660402025019 05/26/22-15:58:45.848723 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49796 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977860402816766 05/26/22-15:57:12.760715 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49778 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984160402816766 05/26/22-16:03:12.022941 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49841 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981460402025019 05/26/22-16:00:32.341365 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49814 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983160402816766 05/26/22-16:02:08.268595 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49831 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980460402025019 05/26/22-15:59:35.877170 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49804 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982460402025019 05/26/22-16:01:22.833318 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49824 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977660402025019 05/26/22-15:56:58.432214 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49776 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982160402816766 05/26/22-16:01:17.588164 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49821 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978660402025019 05/26/22-15:57:49.740088 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49786 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979560402816766 05/26/22-15:58:41.279884 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49795 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981160402025019 05/26/22-16:00:13.535426 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49811 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976260402816766 05/26/22-15:56:08.310743 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49762 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984460402025019 05/26/22-16:03:29.170126 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49844 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981160402816766 05/26/22-16:00:14.960975 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49811 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983160402025019 05/26/22-16:02:06.553242 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49831 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983460402025019 05/26/22-16:02:25.719832 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49834 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980160402025019 05/26/22-15:59:16.908066 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49801 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980160402816766 05/26/22-15:59:18.628092 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49801 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984160402025019 05/26/22-16:03:10.571068 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49841 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978260402816766 05/26/22-15:57:32.216605 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49782 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979660402816766 05/26/22-15:58:47.615141 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49796 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864982160402025019 05/26/22-16:01:16.398385 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49821 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977860402025019 05/26/22-15:57:11.360294 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49778 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980060402816766 05/26/22-15:59:12.507974 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49800 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977660402816766 05/26/22-15:56:59.647230 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49776 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978660402816766 05/26/22-15:57:51.601487 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49786 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980260402025019 05/26/22-15:59:23.172282 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49802 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981060402816766 05/26/22-16:00:08.473188 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49810 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979860402025019 05/26/22-15:58:58.214044 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49798 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977360402816766 05/26/22-15:56:45.939265 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49773 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983260402025019 05/26/22-16:02:12.885773 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49832 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978360402816766 05/26/22-15:57:38.401270 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49783 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981260402025019 05/26/22-16:00:19.734616 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49812 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978860402025019 05/26/22-15:58:02.220447 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49788 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979360402816766 05/26/22-15:58:28.592646 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49793 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976960402025019 05/26/22-15:56:25.526017 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49769 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864980360402025019 05/26/22-15:59:29.560470 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49803 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979960402025019 05/26/22-15:59:04.607442 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49799 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864983360402025019 05/26/22-16:02:19.231016 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49833 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864984260402025019 05/26/22-16:03:16.791596 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49842 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864976560402816766 05/26/22-15:56:14.593777 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49765 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978460402816766 05/26/22-15:57:44.981952 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49784 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864977960402025019 05/26/22-15:57:18.052646 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49779 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864978960402025019 05/26/22-15:58:08.508734 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49789 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864981360402025019 05/26/22-16:00:26.085390 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49813 | 6040 | 192.168.11.20 | 23.105.131.186 |
192.168.11.2023.105.131.1864979460402816766 05/26/22-15:58:34.260151 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49794 | 6040 | 192.168.11.20 | 23.105.131.186 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 26, 2022 15:55:58.077184916 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.077277899 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.077524900 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.091212034 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.091291904 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.134210110 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.134481907 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.259740114 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.259799957 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.260484934 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.260616064 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.264041901 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.301702023 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.301954031 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.301986933 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302139044 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302278996 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302438974 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302541971 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.302577019 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302583933 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.302834988 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.302927017 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.302968979 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.303119898 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.303143024 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.303162098 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.303363085 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.303484917 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.303514957 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.303659916 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.303680897 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.303698063 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.303924084 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.304018974 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.304060936 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.304204941 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.304234028 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.304260969 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.304433107 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.304475069 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.304626942 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.304652929 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.304816008 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305016041 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305041075 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.305056095 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.305084944 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305392027 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305418015 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.305453062 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305666924 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.305694103 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.305721045 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305898905 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.305996895 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306024075 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306046009 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306052923 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306291103 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306385994 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306416035 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306576967 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306642056 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306739092 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306766987 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306931019 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306946993 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.306966066 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.306987047 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307156086 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.307185888 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307341099 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.307369947 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307377100 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.307389975 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307558060 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307715893 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.307732105 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307749987 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.307943106 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.308130980 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.308180094 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.308307886 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.308495998 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.314152002 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.314388990 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.314429998 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.314516068 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.314687967 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.314735889 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.314747095 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.314757109 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.314989090 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.315002918 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.315031052 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.315191031 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.315287113 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
May 26, 2022 15:55:58.315354109 CEST | 49760 | 443 | 192.168.11.20 | 162.159.129.233 |
May 26, 2022 15:55:58.315382004 CEST | 443 | 49760 | 162.159.129.233 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 26, 2022 15:55:58.059365034 CEST | 55492 | 53 | 192.168.11.20 | 1.1.1.1 |
May 26, 2022 15:55:58.068025112 CEST | 53 | 55492 | 1.1.1.1 | 192.168.11.20 |
May 26, 2022 15:55:59.785146952 CEST | 62968 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:55:59.947732925 CEST | 53 | 62968 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:06.319639921 CEST | 55546 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:06.328231096 CEST | 53 | 55546 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:12.568069935 CEST | 62445 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:12.578219891 CEST | 53 | 62445 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:18.820745945 CEST | 58673 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:18.831238031 CEST | 53 | 58673 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:25.089342117 CEST | 61096 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:25.217900991 CEST | 53 | 61096 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:31.463027000 CEST | 56251 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:31.473871946 CEST | 53 | 56251 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:37.658298016 CEST | 63470 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:37.817192078 CEST | 53 | 63470 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:44.256490946 CEST | 54784 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:44.382533073 CEST | 53 | 54784 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:50.613763094 CEST | 64656 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:50.741883993 CEST | 53 | 64656 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:56:58.090198994 CEST | 58302 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:56:58.098917007 CEST | 53 | 58302 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:04.362927914 CEST | 55485 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:04.489614964 CEST | 53 | 55485 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:11.049114943 CEST | 56373 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:11.059168100 CEST | 53 | 56373 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:17.519398928 CEST | 54560 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:17.647167921 CEST | 53 | 54560 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:23.948657036 CEST | 57768 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:23.959332943 CEST | 53 | 57768 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:30.189153910 CEST | 55584 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:30.197813988 CEST | 53 | 55584 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:36.524312973 CEST | 61724 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:36.532433033 CEST | 53 | 61724 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:42.825556993 CEST | 63635 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:42.835932016 CEST | 53 | 63635 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:49.265701056 CEST | 50587 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:49.426548958 CEST | 53 | 50587 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:57:55.644877911 CEST | 61046 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:57:55.655297995 CEST | 53 | 61046 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:01.799837112 CEST | 63464 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:01.807840109 CEST | 53 | 63464 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:08.127351999 CEST | 56397 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:08.138127089 CEST | 53 | 56397 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:14.328353882 CEST | 65039 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:14.456190109 CEST | 53 | 65039 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:20.686259031 CEST | 57594 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:20.695019960 CEST | 53 | 57594 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:26.794169903 CEST | 56371 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:26.804810047 CEST | 53 | 56371 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:32.933383942 CEST | 56008 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:32.943698883 CEST | 53 | 56008 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:39.057513952 CEST | 56875 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:39.218426943 CEST | 53 | 56875 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:45.450710058 CEST | 54304 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:45.459042072 CEST | 53 | 54304 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:51.634108067 CEST | 53049 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:51.642990112 CEST | 53 | 53049 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:58:57.896826982 CEST | 56700 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:58:57.907510042 CEST | 53 | 56700 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:04.130081892 CEST | 60809 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:04.291603088 CEST | 53 | 60809 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:10.441032887 CEST | 59275 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:10.451499939 CEST | 53 | 59275 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:16.580655098 CEST | 56232 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:16.591386080 CEST | 53 | 56232 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:22.830924034 CEST | 54970 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:22.841660976 CEST | 53 | 54970 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:29.014625072 CEST | 51918 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:29.167557001 CEST | 53 | 51918 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:35.406285048 CEST | 50757 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:35.532722950 CEST | 53 | 50757 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:41.740061998 CEST | 58397 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:41.901499987 CEST | 53 | 58397 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:48.201394081 CEST | 54284 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:48.212218046 CEST | 53 | 54284 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 15:59:54.431153059 CEST | 57844 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 15:59:54.441189051 CEST | 53 | 57844 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:00.618310928 CEST | 62315 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:00.628546953 CEST | 53 | 62315 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:06.897305012 CEST | 57880 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:07.058650017 CEST | 53 | 57880 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:13.192725897 CEST | 55570 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:13.201380968 CEST | 53 | 55570 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:19.318309069 CEST | 50511 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:19.329124928 CEST | 53 | 50511 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:25.580369949 CEST | 51063 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:25.745245934 CEST | 53 | 51063 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:31.907458067 CEST | 51647 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:31.918302059 CEST | 53 | 51647 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:38.141058922 CEST | 53087 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:38.151762009 CEST | 53 | 53087 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:44.408162117 CEST | 61581 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:44.534817934 CEST | 53 | 61581 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:50.763509989 CEST | 58364 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:50.891216040 CEST | 53 | 58364 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:00:57.042671919 CEST | 58148 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:00:57.051117897 CEST | 53 | 58148 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:03.306709051 CEST | 51953 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:03.315269947 CEST | 53 | 51953 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:09.619093895 CEST | 63503 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:09.629868984 CEST | 53 | 63503 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:15.882076979 CEST | 57026 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:16.040900946 CEST | 53 | 57026 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:22.194180012 CEST | 50276 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:22.204545975 CEST | 53 | 50276 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:28.644593954 CEST | 51111 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:28.655107975 CEST | 53 | 51111 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:34.894716024 CEST | 59009 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:34.905594110 CEST | 53 | 59009 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:41.173273087 CEST | 64812 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:41.183576107 CEST | 53 | 64812 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:47.343661070 CEST | 61948 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:47.354952097 CEST | 53 | 61948 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:53.467328072 CEST | 51898 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:53.478034019 CEST | 53 | 51898 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:01:59.734324932 CEST | 51374 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:01:59.744914055 CEST | 53 | 51374 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:06.069076061 CEST | 52936 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:06.195223093 CEST | 53 | 52936 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:12.432529926 CEST | 59691 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:12.442691088 CEST | 53 | 59691 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:18.743132114 CEST | 55548 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:18.913083076 CEST | 53 | 55548 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:25.133375883 CEST | 59714 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:25.291871071 CEST | 53 | 59714 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:31.521281958 CEST | 51362 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:31.531189919 CEST | 53 | 51362 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:37.794410944 CEST | 64600 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:37.805130959 CEST | 53 | 64600 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:44.159915924 CEST | 53483 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:44.170520067 CEST | 53 | 53483 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:50.331338882 CEST | 64703 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:50.500200033 CEST | 53 | 64703 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:02:57.781626940 CEST | 60770 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:02:57.792268038 CEST | 53 | 60770 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:04.030380964 CEST | 57427 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:04.038685083 CEST | 53 | 57427 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:10.187757969 CEST | 61036 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:10.197859049 CEST | 53 | 61036 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:16.371165991 CEST | 64456 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:16.380263090 CEST | 53 | 64456 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:22.635241032 CEST | 62977 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:22.645586967 CEST | 53 | 62977 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:28.825201035 CEST | 55706 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:28.835760117 CEST | 53 | 55706 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:34.960652113 CEST | 64263 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:35.128395081 CEST | 53 | 64263 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:41.334156036 CEST | 52245 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:41.344512939 CEST | 53 | 52245 | 8.8.8.8 | 192.168.11.20 |
May 26, 2022 16:03:47.582822084 CEST | 55209 | 53 | 192.168.11.20 | 8.8.8.8 |
May 26, 2022 16:03:47.591301918 CEST | 53 | 55209 | 8.8.8.8 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 26, 2022 15:55:58.059365034 CEST | 192.168.11.20 | 1.1.1.1 | 0xb61 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:55:59.785146952 CEST | 192.168.11.20 | 8.8.8.8 | 0xa454 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:06.319639921 CEST | 192.168.11.20 | 8.8.8.8 | 0xef28 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:12.568069935 CEST | 192.168.11.20 | 8.8.8.8 | 0x7b85 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:18.820745945 CEST | 192.168.11.20 | 8.8.8.8 | 0x5e67 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:25.089342117 CEST | 192.168.11.20 | 8.8.8.8 | 0x1f71 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:31.463027000 CEST | 192.168.11.20 | 8.8.8.8 | 0x4b0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:37.658298016 CEST | 192.168.11.20 | 8.8.8.8 | 0x79c2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:44.256490946 CEST | 192.168.11.20 | 8.8.8.8 | 0x34e1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:50.613763094 CEST | 192.168.11.20 | 8.8.8.8 | 0x1668 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:56:58.090198994 CEST | 192.168.11.20 | 8.8.8.8 | 0x6afa | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:04.362927914 CEST | 192.168.11.20 | 8.8.8.8 | 0xadae | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:11.049114943 CEST | 192.168.11.20 | 8.8.8.8 | 0x92ed | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:17.519398928 CEST | 192.168.11.20 | 8.8.8.8 | 0x728e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:23.948657036 CEST | 192.168.11.20 | 8.8.8.8 | 0x49d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:30.189153910 CEST | 192.168.11.20 | 8.8.8.8 | 0x250 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:36.524312973 CEST | 192.168.11.20 | 8.8.8.8 | 0xe32c | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:42.825556993 CEST | 192.168.11.20 | 8.8.8.8 | 0x965 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:49.265701056 CEST | 192.168.11.20 | 8.8.8.8 | 0x7035 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:57:55.644877911 CEST | 192.168.11.20 | 8.8.8.8 | 0x9f7f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:01.799837112 CEST | 192.168.11.20 | 8.8.8.8 | 0x5ec2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:08.127351999 CEST | 192.168.11.20 | 8.8.8.8 | 0xa4b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:14.328353882 CEST | 192.168.11.20 | 8.8.8.8 | 0x578a | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:20.686259031 CEST | 192.168.11.20 | 8.8.8.8 | 0x2f46 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:26.794169903 CEST | 192.168.11.20 | 8.8.8.8 | 0x5bfd | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:32.933383942 CEST | 192.168.11.20 | 8.8.8.8 | 0x8e44 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:39.057513952 CEST | 192.168.11.20 | 8.8.8.8 | 0x1549 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:45.450710058 CEST | 192.168.11.20 | 8.8.8.8 | 0x6f9f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:51.634108067 CEST | 192.168.11.20 | 8.8.8.8 | 0x152d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:58:57.896826982 CEST | 192.168.11.20 | 8.8.8.8 | 0x5191 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:04.130081892 CEST | 192.168.11.20 | 8.8.8.8 | 0xaa1f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:10.441032887 CEST | 192.168.11.20 | 8.8.8.8 | 0x2ca2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:16.580655098 CEST | 192.168.11.20 | 8.8.8.8 | 0x3775 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:22.830924034 CEST | 192.168.11.20 | 8.8.8.8 | 0xb2a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:29.014625072 CEST | 192.168.11.20 | 8.8.8.8 | 0x2e9f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:35.406285048 CEST | 192.168.11.20 | 8.8.8.8 | 0x3b49 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:41.740061998 CEST | 192.168.11.20 | 8.8.8.8 | 0x7669 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:48.201394081 CEST | 192.168.11.20 | 8.8.8.8 | 0x5408 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 15:59:54.431153059 CEST | 192.168.11.20 | 8.8.8.8 | 0x90a9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:00.618310928 CEST | 192.168.11.20 | 8.8.8.8 | 0xd2e9 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:06.897305012 CEST | 192.168.11.20 | 8.8.8.8 | 0x97d5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:13.192725897 CEST | 192.168.11.20 | 8.8.8.8 | 0x3913 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:19.318309069 CEST | 192.168.11.20 | 8.8.8.8 | 0x1ccd | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:25.580369949 CEST | 192.168.11.20 | 8.8.8.8 | 0x560c | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:31.907458067 CEST | 192.168.11.20 | 8.8.8.8 | 0x64b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:38.141058922 CEST | 192.168.11.20 | 8.8.8.8 | 0xb7bb | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:44.408162117 CEST | 192.168.11.20 | 8.8.8.8 | 0x3871 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:50.763509989 CEST | 192.168.11.20 | 8.8.8.8 | 0xdf15 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:00:57.042671919 CEST | 192.168.11.20 | 8.8.8.8 | 0xfd12 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:03.306709051 CEST | 192.168.11.20 | 8.8.8.8 | 0x731e | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:09.619093895 CEST | 192.168.11.20 | 8.8.8.8 | 0xeb4 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:15.882076979 CEST | 192.168.11.20 | 8.8.8.8 | 0xacb2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:22.194180012 CEST | 192.168.11.20 | 8.8.8.8 | 0xaf37 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:28.644593954 CEST | 192.168.11.20 | 8.8.8.8 | 0x416d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:34.894716024 CEST | 192.168.11.20 | 8.8.8.8 | 0xc8d1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:41.173273087 CEST | 192.168.11.20 | 8.8.8.8 | 0xf215 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:47.343661070 CEST | 192.168.11.20 | 8.8.8.8 | 0xd7b3 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:53.467328072 CEST | 192.168.11.20 | 8.8.8.8 | 0xf16d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:01:59.734324932 CEST | 192.168.11.20 | 8.8.8.8 | 0xc23d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:06.069076061 CEST | 192.168.11.20 | 8.8.8.8 | 0xc733 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:12.432529926 CEST | 192.168.11.20 | 8.8.8.8 | 0xb227 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:18.743132114 CEST | 192.168.11.20 | 8.8.8.8 | 0xc3e7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:25.133375883 CEST | 192.168.11.20 | 8.8.8.8 | 0x1d82 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:31.521281958 CEST | 192.168.11.20 | 8.8.8.8 | 0x44f1 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:37.794410944 CEST | 192.168.11.20 | 8.8.8.8 | 0xcb54 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:44.159915924 CEST | 192.168.11.20 | 8.8.8.8 | 0xe1f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:50.331338882 CEST | 192.168.11.20 | 8.8.8.8 | 0x67ed | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:02:57.781626940 CEST | 192.168.11.20 | 8.8.8.8 | 0xf7f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:04.030380964 CEST | 192.168.11.20 | 8.8.8.8 | 0xca2 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:10.187757969 CEST | 192.168.11.20 | 8.8.8.8 | 0x2737 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:16.371165991 CEST | 192.168.11.20 | 8.8.8.8 | 0xd5ba | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:22.635241032 CEST | 192.168.11.20 | 8.8.8.8 | 0xa0e8 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:28.825201035 CEST | 192.168.11.20 | 8.8.8.8 | 0xe10f | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:34.960652113 CEST | 192.168.11.20 | 8.8.8.8 | 0xfc95 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:41.334156036 CEST | 192.168.11.20 | 8.8.8.8 | 0x852d | Standard query (0) | A (IP address) | IN (0x0001) | |
May 26, 2022 16:03:47.582822084 CEST | 192.168.11.20 | 8.8.8.8 | 0x8f26 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 26, 2022 15:55:58.068025112 CEST | 1.1.1.1 | 192.168.11.20 | 0xb61 | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:55:58.068025112 CEST | 1.1.1.1 | 192.168.11.20 | 0xb61 | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:55:58.068025112 CEST | 1.1.1.1 | 192.168.11.20 | 0xb61 | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:55:58.068025112 CEST | 1.1.1.1 | 192.168.11.20 | 0xb61 | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:55:58.068025112 CEST | 1.1.1.1 | 192.168.11.20 | 0xb61 | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:55:59.947732925 CEST | 8.8.8.8 | 192.168.11.20 | 0xa454 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:06.328231096 CEST | 8.8.8.8 | 192.168.11.20 | 0xef28 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:12.578219891 CEST | 8.8.8.8 | 192.168.11.20 | 0x7b85 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:18.831238031 CEST | 8.8.8.8 | 192.168.11.20 | 0x5e67 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:25.217900991 CEST | 8.8.8.8 | 192.168.11.20 | 0x1f71 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:31.473871946 CEST | 8.8.8.8 | 192.168.11.20 | 0x4b0 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:37.817192078 CEST | 8.8.8.8 | 192.168.11.20 | 0x79c2 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:44.382533073 CEST | 8.8.8.8 | 192.168.11.20 | 0x34e1 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:50.741883993 CEST | 8.8.8.8 | 192.168.11.20 | 0x1668 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:56:58.098917007 CEST | 8.8.8.8 | 192.168.11.20 | 0x6afa | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:04.489614964 CEST | 8.8.8.8 | 192.168.11.20 | 0xadae | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:11.059168100 CEST | 8.8.8.8 | 192.168.11.20 | 0x92ed | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:17.647167921 CEST | 8.8.8.8 | 192.168.11.20 | 0x728e | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:23.959332943 CEST | 8.8.8.8 | 192.168.11.20 | 0x49d5 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:30.197813988 CEST | 8.8.8.8 | 192.168.11.20 | 0x250 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:36.532433033 CEST | 8.8.8.8 | 192.168.11.20 | 0xe32c | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:42.835932016 CEST | 8.8.8.8 | 192.168.11.20 | 0x965 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:49.426548958 CEST | 8.8.8.8 | 192.168.11.20 | 0x7035 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:57:55.655297995 CEST | 8.8.8.8 | 192.168.11.20 | 0x9f7f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:01.807840109 CEST | 8.8.8.8 | 192.168.11.20 | 0x5ec2 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:08.138127089 CEST | 8.8.8.8 | 192.168.11.20 | 0xa4b6 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:14.456190109 CEST | 8.8.8.8 | 192.168.11.20 | 0x578a | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:20.695019960 CEST | 8.8.8.8 | 192.168.11.20 | 0x2f46 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:26.804810047 CEST | 8.8.8.8 | 192.168.11.20 | 0x5bfd | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:32.943698883 CEST | 8.8.8.8 | 192.168.11.20 | 0x8e44 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:39.218426943 CEST | 8.8.8.8 | 192.168.11.20 | 0x1549 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:45.459042072 CEST | 8.8.8.8 | 192.168.11.20 | 0x6f9f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:51.642990112 CEST | 8.8.8.8 | 192.168.11.20 | 0x152d | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:58:57.907510042 CEST | 8.8.8.8 | 192.168.11.20 | 0x5191 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:04.291603088 CEST | 8.8.8.8 | 192.168.11.20 | 0xaa1f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:10.451499939 CEST | 8.8.8.8 | 192.168.11.20 | 0x2ca2 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:16.591386080 CEST | 8.8.8.8 | 192.168.11.20 | 0x3775 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:22.841660976 CEST | 8.8.8.8 | 192.168.11.20 | 0xb2a7 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:29.167557001 CEST | 8.8.8.8 | 192.168.11.20 | 0x2e9f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:35.532722950 CEST | 8.8.8.8 | 192.168.11.20 | 0x3b49 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:41.901499987 CEST | 8.8.8.8 | 192.168.11.20 | 0x7669 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:48.212218046 CEST | 8.8.8.8 | 192.168.11.20 | 0x5408 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 15:59:54.441189051 CEST | 8.8.8.8 | 192.168.11.20 | 0x90a9 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:00.628546953 CEST | 8.8.8.8 | 192.168.11.20 | 0xd2e9 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:07.058650017 CEST | 8.8.8.8 | 192.168.11.20 | 0x97d5 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:13.201380968 CEST | 8.8.8.8 | 192.168.11.20 | 0x3913 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:19.329124928 CEST | 8.8.8.8 | 192.168.11.20 | 0x1ccd | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:25.745245934 CEST | 8.8.8.8 | 192.168.11.20 | 0x560c | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:31.918302059 CEST | 8.8.8.8 | 192.168.11.20 | 0x64b6 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:38.151762009 CEST | 8.8.8.8 | 192.168.11.20 | 0xb7bb | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:44.534817934 CEST | 8.8.8.8 | 192.168.11.20 | 0x3871 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:50.891216040 CEST | 8.8.8.8 | 192.168.11.20 | 0xdf15 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:00:57.051117897 CEST | 8.8.8.8 | 192.168.11.20 | 0xfd12 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:03.315269947 CEST | 8.8.8.8 | 192.168.11.20 | 0x731e | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:09.629868984 CEST | 8.8.8.8 | 192.168.11.20 | 0xeb4 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:16.040900946 CEST | 8.8.8.8 | 192.168.11.20 | 0xacb2 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:22.204545975 CEST | 8.8.8.8 | 192.168.11.20 | 0xaf37 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:28.655107975 CEST | 8.8.8.8 | 192.168.11.20 | 0x416d | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:34.905594110 CEST | 8.8.8.8 | 192.168.11.20 | 0xc8d1 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:41.183576107 CEST | 8.8.8.8 | 192.168.11.20 | 0xf215 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:47.354952097 CEST | 8.8.8.8 | 192.168.11.20 | 0xd7b3 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:53.478034019 CEST | 8.8.8.8 | 192.168.11.20 | 0xf16d | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:01:59.744914055 CEST | 8.8.8.8 | 192.168.11.20 | 0xc23d | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:06.195223093 CEST | 8.8.8.8 | 192.168.11.20 | 0xc733 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:12.442691088 CEST | 8.8.8.8 | 192.168.11.20 | 0xb227 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:18.913083076 CEST | 8.8.8.8 | 192.168.11.20 | 0xc3e7 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:25.291871071 CEST | 8.8.8.8 | 192.168.11.20 | 0x1d82 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:31.531189919 CEST | 8.8.8.8 | 192.168.11.20 | 0x44f1 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:37.805130959 CEST | 8.8.8.8 | 192.168.11.20 | 0xcb54 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:44.170520067 CEST | 8.8.8.8 | 192.168.11.20 | 0xe1f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:50.500200033 CEST | 8.8.8.8 | 192.168.11.20 | 0x67ed | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:02:57.792268038 CEST | 8.8.8.8 | 192.168.11.20 | 0xf7f0 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:04.038685083 CEST | 8.8.8.8 | 192.168.11.20 | 0xca2 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:10.197859049 CEST | 8.8.8.8 | 192.168.11.20 | 0x2737 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:16.380263090 CEST | 8.8.8.8 | 192.168.11.20 | 0xd5ba | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:22.645586967 CEST | 8.8.8.8 | 192.168.11.20 | 0xa0e8 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:28.835760117 CEST | 8.8.8.8 | 192.168.11.20 | 0xe10f | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:35.128395081 CEST | 8.8.8.8 | 192.168.11.20 | 0xfc95 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:41.344512939 CEST | 8.8.8.8 | 192.168.11.20 | 0x852d | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) | ||
May 26, 2022 16:03:47.591301918 CEST | 8.8.8.8 | 192.168.11.20 | 0x8f26 | No error (0) | 23.105.131.186 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49760 | 162.159.129.233 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-26 13:55:58 UTC | 0 | OUT | |
2022-05-26 13:55:58 UTC | 0 | IN | |
2022-05-26 13:55:58 UTC | 1 | IN | |
2022-05-26 13:55:58 UTC | 1 | IN | |
2022-05-26 13:55:58 UTC | 2 | IN | |
2022-05-26 13:55:58 UTC | 4 | IN | |
2022-05-26 13:55:58 UTC | 5 | IN | |
2022-05-26 13:55:58 UTC | 6 | IN | |
2022-05-26 13:55:58 UTC | 8 | IN | |
2022-05-26 13:55:58 UTC | 9 | IN | |
2022-05-26 13:55:58 UTC | 10 | IN | |
2022-05-26 13:55:58 UTC | 12 | IN | |
2022-05-26 13:55:58 UTC | 13 | IN | |
2022-05-26 13:55:58 UTC | 14 | IN | |
2022-05-26 13:55:58 UTC | 16 | IN | |
2022-05-26 13:55:58 UTC | 17 | IN | |
2022-05-26 13:55:58 UTC | 18 | IN | |
2022-05-26 13:55:58 UTC | 20 | IN | |
2022-05-26 13:55:58 UTC | 21 | IN | |
2022-05-26 13:55:58 UTC | 22 | IN | |
2022-05-26 13:55:58 UTC | 24 | IN | |
2022-05-26 13:55:58 UTC | 25 | IN | |
2022-05-26 13:55:58 UTC | 26 | IN | |
2022-05-26 13:55:58 UTC | 28 | IN | |
2022-05-26 13:55:58 UTC | 29 | IN | |
2022-05-26 13:55:58 UTC | 30 | IN | |
2022-05-26 13:55:58 UTC | 32 | IN | |
2022-05-26 13:55:58 UTC | 33 | IN | |
2022-05-26 13:55:58 UTC | 34 | IN | |
2022-05-26 13:55:58 UTC | 36 | IN | |
2022-05-26 13:55:58 UTC | 37 | IN | |
2022-05-26 13:55:58 UTC | 38 | IN | |
2022-05-26 13:55:58 UTC | 40 | IN | |
2022-05-26 13:55:58 UTC | 41 | IN | |
2022-05-26 13:55:58 UTC | 42 | IN | |
2022-05-26 13:55:58 UTC | 44 | IN | |
2022-05-26 13:55:58 UTC | 45 | IN | |
2022-05-26 13:55:58 UTC | 46 | IN | |
2022-05-26 13:55:58 UTC | 48 | IN | |
2022-05-26 13:55:58 UTC | 49 | IN | |
2022-05-26 13:55:58 UTC | 50 | IN | |
2022-05-26 13:55:58 UTC | 52 | IN | |
2022-05-26 13:55:58 UTC | 53 | IN | |
2022-05-26 13:55:58 UTC | 54 | IN | |
2022-05-26 13:55:58 UTC | 58 | IN | |
2022-05-26 13:55:58 UTC | 63 | IN | |
2022-05-26 13:55:58 UTC | 64 | IN | |
2022-05-26 13:55:58 UTC | 68 | IN | |
2022-05-26 13:55:58 UTC | 72 | IN | |
2022-05-26 13:55:58 UTC | 76 | IN | |
2022-05-26 13:55:58 UTC | 80 | IN | |
2022-05-26 13:55:58 UTC | 84 | IN | |
2022-05-26 13:55:58 UTC | 88 | IN | |
2022-05-26 13:55:58 UTC | 92 | IN | |
2022-05-26 13:55:58 UTC | 96 | IN | |
2022-05-26 13:55:58 UTC | 100 | IN | |
2022-05-26 13:55:58 UTC | 104 | IN | |
2022-05-26 13:55:58 UTC | 108 | IN | |
2022-05-26 13:55:58 UTC | 112 | IN | |
2022-05-26 13:55:58 UTC | 116 | IN | |
2022-05-26 13:55:58 UTC | 120 | IN | |
2022-05-26 13:55:58 UTC | 124 | IN | |
2022-05-26 13:55:58 UTC | 128 | IN | |
2022-05-26 13:55:58 UTC | 132 | IN | |
2022-05-26 13:55:58 UTC | 136 | IN | |
2022-05-26 13:55:58 UTC | 140 | IN | |
2022-05-26 13:55:58 UTC | 144 | IN | |
2022-05-26 13:55:58 UTC | 148 | IN | |
2022-05-26 13:55:58 UTC | 152 | IN | |
2022-05-26 13:55:58 UTC | 156 | IN | |
2022-05-26 13:55:58 UTC | 160 | IN | |
2022-05-26 13:55:58 UTC | 164 | IN | |
2022-05-26 13:55:58 UTC | 168 | IN | |
2022-05-26 13:55:58 UTC | 172 | IN | |
2022-05-26 13:55:58 UTC | 176 | IN | |
2022-05-26 13:55:58 UTC | 180 | IN | |
2022-05-26 13:55:58 UTC | 184 | IN | |
2022-05-26 13:55:58 UTC | 188 | IN | |
2022-05-26 13:55:58 UTC | 192 | IN | |
2022-05-26 13:55:58 UTC | 196 | IN | |
2022-05-26 13:55:58 UTC | 200 | IN |
Click to jump to process
Target ID: | 1 |
Start time: | 15:55:24 |
Start date: | 26/05/2022 |
Path: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.20966.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 1007944 bytes |
MD5 hash: | 64D7DE9AC600402C1F3E5B9849CBD12C |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Yara matches: |
|
Reputation: | low |
Target ID: | 3 |
Start time: | 15:55:41 |
Start date: | 26/05/2022 |
Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa30000 |
File size: | 106496 bytes |
MD5 hash: | 7BAE06CBE364BB42B8C34FCFB90E3EBD |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | moderate |
Target ID: | 5 |
Start time: | 15:55:41 |
Start date: | 26/05/2022 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff706ba0000 |
File size: | 875008 bytes |
MD5 hash: | 81CA40085FC75BABD2C91D18AA9FFA68 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |