Edit tour
Windows
Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.23037.exe
Overview
General Information
| Sample Name: | SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| Analysis ID: | 634855 |
| MD5: | be43b751bd103fe5a64b4e0aa7a30060 |
| SHA1: | ab293504fe7636c3cfc74718973bbd1cbca05fb4 |
| SHA256: | 87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b |
| Infos: |   |
 | |
Detection
NanoCore, GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Yara detected GuLoader
Snort IDS alert for network traffic
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
SecuriteInfo.com.W32.AIDetect.malware2.23037.exe (PID: 3104 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.23037.ex e" MD5: BE43B751BD103FE5A64B4E0AA7A30060) 
CasPol.exe (PID: 8108 cmdline: "C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.23037.ex e" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) 
conhost.exe (PID: 6432 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Payload URL": "https://cdn.discordapp.com/attachments/963535165500588126/979423160845869128/nanoexp_bWgaxBaEn43.bin"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |   |
|---|
| Source: | Author: Joe Security: | ||
E-Banking Fraud | |
|---|
| Source: | Author: Joe Security: | ||
Stealing of Sensitive Information | |
|---|
| Source: | Author: Joe Security: | ||
Remote Access Functionality | |
|---|
| Source: | Author: Joe Security: | ||
| Timestamp: | 192.168.11.2023.105.131.2284981552182816766 05/26/22-22:59:36.110765 |
| SID: | 2816766 |
| Source Port: | 49815 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984852182816766 05/26/22-23:02:46.099381 |
| SID: | 2816766 |
| Source Port: | 49848 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982552182816766 05/26/22-23:00:31.508103 |
| SID: | 2816766 |
| Source Port: | 49825 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984352182816718 05/26/22-23:02:15.749636 |
| SID: | 2816718 |
| Source Port: | 49843 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985852182816766 05/26/22-23:03:28.855065 |
| SID: | 2816766 |
| Source Port: | 49858 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984552182816766 05/26/22-23:02:28.261536 |
| SID: | 2816766 |
| Source Port: | 49845 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985552182816766 05/26/22-23:03:10.672551 |
| SID: | 2816766 |
| Source Port: | 49855 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980852182816766 05/26/22-22:58:52.132477 |
| SID: | 2816766 |
| Source Port: | 49808 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981252182816766 05/26/22-22:59:17.847332 |
| SID: | 2816766 |
| Source Port: | 49812 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983552182816766 05/26/22-23:01:32.797260 |
| SID: | 2816766 |
| Source Port: | 49835 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980252182816766 05/26/22-22:58:21.911604 |
| SID: | 2816766 |
| Source Port: | 49802 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498532810290 05/26/22-23:02:57.070574 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49853 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982852182816766 05/26/22-23:00:49.935151 |
| SID: | 2816766 |
| Source Port: | 49828 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983852182816766 05/26/22-23:01:51.496168 |
| SID: | 2816766 |
| Source Port: | 49838 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985952182816718 05/26/22-23:03:34.321491 |
| SID: | 2816718 |
| Source Port: | 49859 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979952182816766 05/26/22-22:58:04.753817 |
| SID: | 2816766 |
| Source Port: | 49799 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984552182025019 05/26/22-23:02:26.487154 |
| SID: | 2025019 |
| Source Port: | 49845 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984852182025019 05/26/22-23:02:44.373603 |
| SID: | 2025019 |
| Source Port: | 49848 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985852182025019 05/26/22-23:03:27.284937 |
| SID: | 2025019 |
| Source Port: | 49858 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979252182816766 05/26/22-22:57:44.769854 |
| SID: | 2816766 |
| Source Port: | 49792 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985552182025019 05/26/22-23:03:08.914161 |
| SID: | 2025019 |
| Source Port: | 49855 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978252182816766 05/26/22-22:56:53.274979 |
| SID: | 2816766 |
| Source Port: | 49782 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982852182025019 05/26/22-23:00:48.235087 |
| SID: | 2025019 |
| Source Port: | 49828 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983852182025019 05/26/22-23:01:49.783134 |
| SID: | 2025019 |
| Source Port: | 49838 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977552182025019 05/26/22-22:56:38.901418 |
| SID: | 2025019 |
| Source Port: | 49775 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986552182025019 05/26/22-23:04:10.629863 |
| SID: | 2025019 |
| Source Port: | 49865 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983252182816766 05/26/22-23:01:14.490168 |
| SID: | 2816766 |
| Source Port: | 49832 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985252182816766 05/26/22-23:02:52.215713 |
| SID: | 2816766 |
| Source Port: | 49852 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979052182816766 05/26/22-22:57:32.337282 |
| SID: | 2816766 |
| Source Port: | 49790 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980852182025019 05/26/22-22:58:50.992423 |
| SID: | 2025019 |
| Source Port: | 49808 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985752182025019 05/26/22-23:03:21.170637 |
| SID: | 2025019 |
| Source Port: | 49857 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982252182816766 05/26/22-23:00:13.070615 |
| SID: | 2816766 |
| Source Port: | 49822 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986252182816766 05/26/22-23:03:53.418371 |
| SID: | 2816766 |
| Source Port: | 49862 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984752182025019 05/26/22-23:02:38.235595 |
| SID: | 2025019 |
| Source Port: | 49847 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982752182025019 05/26/22-23:00:42.060298 |
| SID: | 2025019 |
| Source Port: | 49827 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983752182025019 05/26/22-23:01:43.592376 |
| SID: | 2025019 |
| Source Port: | 49837 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976952182816766 05/26/22-22:56:27.805928 |
| SID: | 2816766 |
| Source Port: | 49769 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984252182816766 05/26/22-23:02:09.830094 |
| SID: | 2816766 |
| Source Port: | 49842 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978352182816718 05/26/22-22:56:58.156949 |
| SID: | 2816718 |
| Source Port: | 49783 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986452182816766 05/26/22-23:04:05.819303 |
| SID: | 2816766 |
| Source Port: | 49864 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978352182025019 05/26/22-22:56:57.850644 |
| SID: | 2025019 |
| Source Port: | 49783 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978052182816766 05/26/22-22:56:46.808015 |
| SID: | 2816766 |
| Source Port: | 49780 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982452182816766 05/26/22-23:00:25.238881 |
| SID: | 2816766 |
| Source Port: | 49824 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981452182816766 05/26/22-22:59:29.900867 |
| SID: | 2816766 |
| Source Port: | 49814 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982952182816766 05/26/22-23:00:56.084760 |
| SID: | 2816766 |
| Source Port: | 49829 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983452182816766 05/26/22-23:01:26.679844 |
| SID: | 2816766 |
| Source Port: | 49834 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978052182025019 05/26/22-22:56:45.202082 |
| SID: | 2025019 |
| Source Port: | 49780 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981952182816766 05/26/22-22:59:54.510819 |
| SID: | 2816766 |
| Source Port: | 49819 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985752182816766 05/26/22-23:03:22.706542 |
| SID: | 2816766 |
| Source Port: | 49857 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979052182025019 05/26/22-22:57:30.455323 |
| SID: | 2025019 |
| Source Port: | 49790 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980952182816766 05/26/22-22:58:58.970372 |
| SID: | 2816766 |
| Source Port: | 49809 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985452182816766 05/26/22-23:03:04.405194 |
| SID: | 2816766 |
| Source Port: | 49854 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984452182816766 05/26/22-23:02:22.023762 |
| SID: | 2816766 |
| Source Port: | 49844 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980252182816718 05/26/22-22:58:21.911604 |
| SID: | 2816718 |
| Source Port: | 49802 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218497882810290 05/26/22-22:57:25.234060 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49788 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979152182025019 05/26/22-22:57:36.817105 |
| SID: | 2025019 |
| Source Port: | 49791 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985652182816766 05/26/22-23:03:16.808039 |
| SID: | 2816766 |
| Source Port: | 49856 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981752182816766 05/26/22-22:59:48.482502 |
| SID: | 2816766 |
| Source Port: | 49817 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982752182816766 05/26/22-23:00:43.669560 |
| SID: | 2816766 |
| Source Port: | 49827 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984752182816766 05/26/22-23:02:39.985491 |
| SID: | 2816766 |
| Source Port: | 49847 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983752182816766 05/26/22-23:01:45.080902 |
| SID: | 2816766 |
| Source Port: | 49837 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977152182025019 05/26/22-22:56:32.568998 |
| SID: | 2025019 |
| Source Port: | 49771 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980652182816766 05/26/22-22:58:40.386913 |
| SID: | 2816766 |
| Source Port: | 49806 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978252182025019 05/26/22-22:56:51.581864 |
| SID: | 2025019 |
| Source Port: | 49782 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981652182816766 05/26/22-22:59:42.426003 |
| SID: | 2816766 |
| Source Port: | 49816 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986552182816766 05/26/22-23:04:10.953670 |
| SID: | 2816766 |
| Source Port: | 49865 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979252182025019 05/26/22-22:57:43.061898 |
| SID: | 2025019 |
| Source Port: | 49792 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983652182816766 05/26/22-23:01:38.486462 |
| SID: | 2816766 |
| Source Port: | 49836 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982652182816766 05/26/22-23:00:37.718065 |
| SID: | 2816766 |
| Source Port: | 49826 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984652182816766 05/26/22-23:02:33.763111 |
| SID: | 2816766 |
| Source Port: | 49846 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980752182816766 05/26/22-22:58:46.392335 |
| SID: | 2816766 |
| Source Port: | 49807 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985352182025019 05/26/22-23:02:56.695701 |
| SID: | 2025019 |
| Source Port: | 49853 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978452182816766 05/26/22-22:57:05.959460 |
| SID: | 2816766 |
| Source Port: | 49784 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986352182025019 05/26/22-23:03:58.052969 |
| SID: | 2025019 |
| Source Port: | 49863 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981052182025019 05/26/22-22:59:03.494428 |
| SID: | 2025019 |
| Source Port: | 49810 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982052182025019 05/26/22-22:59:59.112186 |
| SID: | 2025019 |
| Source Port: | 49820 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979752182816766 05/26/22-22:57:58.434919 |
| SID: | 2816766 |
| Source Port: | 49797 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981352182025019 05/26/22-22:59:22.171911 |
| SID: | 2025019 |
| Source Port: | 49813 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984652182025019 05/26/22-23:02:32.786547 |
| SID: | 2025019 |
| Source Port: | 49846 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983052182025019 05/26/22-23:01:00.431074 |
| SID: | 2025019 |
| Source Port: | 49830 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980352182025019 05/26/22-22:58:26.260383 |
| SID: | 2025019 |
| Source Port: | 49803 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984052182025019 05/26/22-23:02:02.026018 |
| SID: | 2025019 |
| Source Port: | 49840 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983652182025019 05/26/22-23:01:37.235701 |
| SID: | 2025019 |
| Source Port: | 49836 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985952182025019 05/26/22-23:03:33.430761 |
| SID: | 2025019 |
| Source Port: | 49859 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979752182025019 05/26/22-22:57:56.674729 |
| SID: | 2025019 |
| Source Port: | 49797 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980652182025019 05/26/22-22:58:38.629823 |
| SID: | 2025019 |
| Source Port: | 49806 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982652182025019 05/26/22-23:00:35.948670 |
| SID: | 2025019 |
| Source Port: | 49826 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978752182816766 05/26/22-22:57:19.771138 |
| SID: | 2816766 |
| Source Port: | 49787 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986052182025019 05/26/22-23:03:39.544308 |
| SID: | 2025019 |
| Source Port: | 49860 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986052182816766 05/26/22-23:03:41.176317 |
| SID: | 2816766 |
| Source Port: | 49860 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978752182025019 05/26/22-22:57:17.891220 |
| SID: | 2025019 |
| Source Port: | 49787 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981652182025019 05/26/22-22:59:40.683320 |
| SID: | 2025019 |
| Source Port: | 49816 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983052182816766 05/26/22-23:01:02.224827 |
| SID: | 2816766 |
| Source Port: | 49830 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978452182025019 05/26/22-22:57:04.272476 |
| SID: | 2025019 |
| Source Port: | 49784 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981952182025019 05/26/22-22:59:53.028818 |
| SID: | 2025019 |
| Source Port: | 49819 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982952182025019 05/26/22-23:00:54.368958 |
| SID: | 2025019 |
| Source Port: | 49829 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983952182025019 05/26/22-23:01:55.905807 |
| SID: | 2025019 |
| Source Port: | 49839 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984052182816766 05/26/22-23:02:03.691808 |
| SID: | 2816766 |
| Source Port: | 49840 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983352182816766 05/26/22-23:01:20.521033 |
| SID: | 2816766 |
| Source Port: | 49833 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983552182816718 05/26/22-23:01:32.044894 |
| SID: | 2816718 |
| Source Port: | 49835 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981352182816766 05/26/22-22:59:23.359150 |
| SID: | 2816766 |
| Source Port: | 49813 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985352182816766 05/26/22-23:02:58.303798 |
| SID: | 2816766 |
| Source Port: | 49853 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980952182025019 05/26/22-22:58:57.214975 |
| SID: | 2025019 |
| Source Port: | 49809 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982352182816766 05/26/22-23:00:19.115887 |
| SID: | 2816766 |
| Source Port: | 49823 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986352182816766 05/26/22-23:03:59.744768 |
| SID: | 2816766 |
| Source Port: | 49863 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980452182816766 05/26/22-22:58:33.462147 |
| SID: | 2816766 |
| Source Port: | 49804 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498012841753 05/26/22-22:58:15.567728 |
| SID: | 2841753 |
| Source Port: | 5218 |
| Destination Port: | 49801 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984352182816766 05/26/22-23:02:16.034084 |
| SID: | 2816766 |
| Source Port: | 49843 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983952182816766 05/26/22-23:01:57.503381 |
| SID: | 2816766 |
| Source Port: | 49839 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985952182816766 05/26/22-23:03:34.975066 |
| SID: | 2816766 |
| Source Port: | 49859 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985652182025019 05/26/22-23:03:15.071719 |
| SID: | 2025019 |
| Source Port: | 49856 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979152182816766 05/26/22-22:57:38.723479 |
| SID: | 2816766 |
| Source Port: | 49791 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977152182816766 05/26/22-22:56:32.900519 |
| SID: | 2816766 |
| Source Port: | 49771 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980352182816766 05/26/22-22:58:28.062184 |
| SID: | 2816766 |
| Source Port: | 49803 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980052182025019 05/26/22-22:58:09.059966 |
| SID: | 2025019 |
| Source Port: | 49800 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980752182025019 05/26/22-22:58:44.885942 |
| SID: | 2025019 |
| Source Port: | 49807 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986152182816766 05/26/22-23:03:47.300693 |
| SID: | 2816766 |
| Source Port: | 49861 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979652182025019 05/26/22-22:57:49.469914 |
| SID: | 2025019 |
| Source Port: | 49796 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981752182025019 05/26/22-22:59:46.862759 |
| SID: | 2025019 |
| Source Port: | 49817 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978652182025019 05/26/22-22:57:10.680744 |
| SID: | 2025019 |
| Source Port: | 49786 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978852182816766 05/26/22-22:57:25.903337 |
| SID: | 2816766 |
| Source Port: | 49788 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983152182816766 05/26/22-23:01:08.320653 |
| SID: | 2816766 |
| Source Port: | 49831 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976852182816766 05/26/22-22:56:20.953682 |
| SID: | 2816766 |
| Source Port: | 49768 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976952182025019 05/26/22-22:56:26.199314 |
| SID: | 2025019 |
| Source Port: | 49769 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983452182025019 05/26/22-23:01:24.979877 |
| SID: | 2025019 |
| Source Port: | 49834 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980152182025019 05/26/22-22:58:15.250696 |
| SID: | 2025019 |
| Source Port: | 49801 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984452182025019 05/26/22-23:02:20.370858 |
| SID: | 2025019 |
| Source Port: | 49844 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981152182025019 05/26/22-22:59:09.758921 |
| SID: | 2025019 |
| Source Port: | 49811 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982152182025019 05/26/22-23:00:05.205755 |
| SID: | 2025019 |
| Source Port: | 49821 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986452182025019 05/26/22-23:04:04.336780 |
| SID: | 2025019 |
| Source Port: | 49864 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985452182025019 05/26/22-23:03:02.819470 |
| SID: | 2025019 |
| Source Port: | 49854 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982152182816766 05/26/22-23:00:06.968002 |
| SID: | 2816766 |
| Source Port: | 49821 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981152182816766 05/26/22-22:59:11.357229 |
| SID: | 2816766 |
| Source Port: | 49811 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983152182025019 05/26/22-23:01:06.610183 |
| SID: | 2025019 |
| Source Port: | 49831 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978352182816766 05/26/22-22:56:59.419988 |
| SID: | 2816766 |
| Source Port: | 49783 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980152182816766 05/26/22-22:58:15.568079 |
| SID: | 2816766 |
| Source Port: | 49801 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980252182025019 05/26/22-22:58:20.166592 |
| SID: | 2025019 |
| Source Port: | 49802 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983552182025019 05/26/22-23:01:31.090286 |
| SID: | 2025019 |
| Source Port: | 49835 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284976852182025019 05/26/22-22:56:19.837362 |
| SID: | 2025019 |
| Source Port: | 49768 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982552182025019 05/26/22-23:00:29.822547 |
| SID: | 2025019 |
| Source Port: | 49825 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978852182025019 05/26/22-22:57:24.224475 |
| SID: | 2025019 |
| Source Port: | 49788 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986152182025019 05/26/22-23:03:45.715402 |
| SID: | 2025019 |
| Source Port: | 49861 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284978652182816766 05/26/22-22:57:12.301059 |
| SID: | 2816766 |
| Source Port: | 49786 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979652182816766 05/26/22-22:57:51.224317 |
| SID: | 2816766 |
| Source Port: | 49796 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981252182025019 05/26/22-22:59:16.016167 |
| SID: | 2025019 |
| Source Port: | 49812 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982052182816766 05/26/22-23:00:00.809134 |
| SID: | 2816766 |
| Source Port: | 49820 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981552182025019 05/26/22-22:59:34.423976 |
| SID: | 2025019 |
| Source Port: | 49815 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982252182025019 05/26/22-23:00:11.334940 |
| SID: | 2025019 |
| Source Port: | 49822 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983252182025019 05/26/22-23:01:12.735332 |
| SID: | 2025019 |
| Source Port: | 49832 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981052182816766 05/26/22-22:59:05.241226 |
| SID: | 2816766 |
| Source Port: | 49810 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984252182025019 05/26/22-23:02:08.123445 |
| SID: | 2025019 |
| Source Port: | 49842 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980052182816766 05/26/22-22:58:10.847781 |
| SID: | 2816766 |
| Source Port: | 49800 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284986252182025019 05/26/22-23:03:51.787396 |
| SID: | 2025019 |
| Source Port: | 49862 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982452182025019 05/26/22-23:00:23.686878 |
| SID: | 2025019 |
| Source Port: | 49824 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284985252182025019 05/26/22-23:02:50.506570 |
| SID: | 2025019 |
| Source Port: | 49852 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284981452182025019 05/26/22-22:59:28.246171 |
| SID: | 2025019 |
| Source Port: | 49814 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284980452182025019 05/26/22-22:58:32.441375 |
| SID: | 2025019 |
| Source Port: | 49804 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284979952182025019 05/26/22-22:58:02.999718 |
| SID: | 2025019 |
| Source Port: | 49799 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284982352182025019 05/26/22-23:00:17.588964 |
| SID: | 2025019 |
| Source Port: | 49823 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 23.105.131.228192.168.11.205218498292810290 05/26/22-23:00:54.737638 |
| SID: | 2810290 |
| Source Port: | 5218 |
| Destination Port: | 49829 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284983352182025019 05/26/22-23:01:18.862946 |
| SID: | 2025019 |
| Source Port: | 49833 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284984352182025019 05/26/22-23:02:14.277580 |
| SID: | 2025019 |
| Source Port: | 49843 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 192.168.11.2023.105.131.2284977552182816766 05/26/22-22:56:40.578439 |
| SID: | 2816766 |
| Source Port: | 49775 |
| Destination Port: | 5218 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection | |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | File opened: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | URLs: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Static PE information: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Process created: | ||
| Source: | Key value queried: | ||
| Source: | Code function: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Code function: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Task registration methods: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Section loaded: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File written: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | ||
| Source: | Registry value created: | Jump to behavior | ||
| Source: | File opened: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
| Source: | Registry value created or modified: | Jump to behavior | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File opened: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
| Source: | Process information set: | ||
Malware Analysis System Evasion | |
|---|
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Thread sleep time: | ||
| Source: | Thread sleep time: | ||
| Source: | Last function: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Code function: | ||
| Source: | Thread delayed: | ||
| Source: | Window / User API: | ||
| Source: | Window / User API: | ||
| Source: | Window / User API: | ||
| Source: | File opened / queried: | ||
| Source: | Process information queried: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Thread delayed: | ||
| Source: | System information queried: | ||
| Source: | API call chain: | ||
| Source: | API call chain: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | File opened: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process token adjusted: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process queried: | ||
| Source: | Process queried: | ||
| Source: | Memory allocated: | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | ||
| Source: | Process created: | ||
| Source: | Key value queried: | ||
| Source: | Code function: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 4 File and Directory Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | 1 Scheduled Task/Job | 1 Windows Service | 1 Access Token Manipulation | 1 Obfuscated Files or Information | LSASS Memory | 5 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | 1 Scheduled Task/Job | 1 Windows Service | 1 DLL Side-Loading | Security Account Manager | 231 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | 1 Registry Run Keys / Startup Folder | 111 Process Injection | 1 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | 1 Scheduled Task/Job | 141 Virtualization/Sandbox Evasion | LSA Secrets | 141 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 111 Process Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Hidden Files and Directories | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 10% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 0% | Metadefender | Browse | ||
| 0% | ReversingLabs | |||
| 3% | Metadefender | Browse | ||
| 0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 1% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| timenamoney.ooguy.com | 23.105.131.228 | true | true | unknown | |
| cdn.discordapp.com | 162.159.129.233 | true | false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 23.105.131.228 | timenamoney.ooguy.com | United States | 396362 | LEASEWEB-USA-NYC-11US | true | |
| 162.159.129.233 | cdn.discordapp.com | United States | 13335 | CLOUDFLARENETUS | false |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 634855 |
| Start date and time: 26/05/202222:53:54 | 2022-05-26 22:53:54 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 13m 25s |
| Hypervisor based Inspection enabled: | false |
| Report type: | light |
| Sample file name: | SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
| Run name: | Suspected Instruction Hammering |
| Number of analysed new started processes analysed: | 16 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winEXE@4/19@78/2 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
- TCP Packets have been reduced to 100
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, wdcpalt.microsoft.com, client.wns.windows.com, ctldl.windowsupdate.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
| Time | Type | Description |
|---|---|---|
| 22:56:16 | Autostart | |
| 22:56:18 | API Interceptor | |
| 22:56:24 | Autostart |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 34118 |
| Entropy (8bit): | 3.9997408239816328 |
| Encrypted: | false |
| SSDEEP: | 768:hPeYGA4/4T44AIkxk5yz8zngB5jYofJIsFmOuI5jak:vdoQ1kj8zn4dJXmE1 |
| MD5: | E143614EC3566CC0867C1A4EAE6E985E |
| SHA1: | 0CA1B86A24D7014849351E6241C398CCC38A9650 |
| SHA-256: | 442D64BCDD603EF97BB1A122EEAB49940B3C2BC151F9661B60BEC5F2D16710A9 |
| SHA-512: | 11DD351449BAAEE27F78BA026034F75D7A6F58DFFE9B03D368661B42BA2AF79307884433239ED0C26C27195F643FF82975C9C8E41649DECE3078B71A727858C9 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 37 |
| Entropy (8bit): | 4.540402352056965 |
| Encrypted: | false |
| SSDEEP: | 3:5CeXAYpqyn:5CeWy |
| MD5: | D5E9EF9561789A05AFB528A1E6C7D9B7 |
| SHA1: | B2C92096EE4103A58B41A0754F2E1F1BB823392C |
| SHA-256: | 8D2AE334DCB01E0A5EE1F9CA0689E68743E851B96E48A75ED5E20515D03D7FF5 |
| SHA-512: | 09FC8CF87BA6D12D744D5560B14DC8CFBCE9F9DA4EAAF36C1F6176AA56C0F40129F0B231C373E7BE1206F0209137782615FB60FFCD4A184D5131FD073A658684 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 920 |
| Entropy (8bit): | 2.9814599276151545 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0gsXUCV/tz+7RafgKDKmY1LmWQ18/rNJkKAh4t2YCBTo8:8vraRMgK0pOS5HALJT |
| MD5: | AA6BC79B220719BD39A82A8A4E4153C6 |
| SHA1: | A2659B2897A78A5B32268DA79EBCAA71B04C23E7 |
| SHA-256: | 44FD1BEE4ED2EB625483C2706DAB8341CAE84D22E043B9B05283A57413221E0A |
| SHA-512: | A5EE3930C7477C51FCD3154AD1F6EFAA5EF10677C76AC6DEA1028627CF69A9AB730F7E248CDB078A78B5C448C76C0A376C8858502351AFACFAA441A0D11E7A58 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1245 |
| Entropy (8bit): | 5.462849750105637 |
| Encrypted: | false |
| SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
| MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
| SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
| SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
| SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 515816 |
| Entropy (8bit): | 6.444433831771789 |
| Encrypted: | false |
| SSDEEP: | 12288:hY/Hjc0/Lf7vjm4GjDL7ROBM1SMzRJTp4g4D:hY/Dc+LDLmVL7QMx9Np4g4D |
| MD5: | 232371076A23379753EB776CF06FBE5D |
| SHA1: | 6A5EA5D44E555AD392725E5AC3D80AF0137386E9 |
| SHA-256: | 5940F9D18B9439ECBFCD6EDC60563D6F56623D03F09EAFA786C436185EF156BB |
| SHA-512: | 590F67E8455DCFE57795F17C94E6082B54C1FEAEF81942B1E92EFC7905E3E6B6EC7A05EEF12A8F0483B5DC1928DC9E7645A74BAE31E77F7AC403C64344F09625 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 116720 |
| Entropy (8bit): | 5.889271571414613 |
| Encrypted: | false |
| SSDEEP: | 3072:g3nqpX2I6OhctR+lCTD01Lcy4J93TnCx86:L2W1oy4J93TCT |
| MD5: | DBF787BD6E5CE77FB34FF281A144EB96 |
| SHA1: | 50B7799ECCA566BE35429828245D44CB04AD8885 |
| SHA-256: | CCBACEEA04837229C95C08274C747ABE069279AFB990DDD89EC743C42ADC0AD9 |
| SHA-512: | 07949EC3882D9CB6E2341CE60C6E911F24463B01F484C037E65A2A8F3495543A096B632E01F8480D03FF388D1E811ECF760155F97F1D5329785C506603BB18A7 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1000520 |
| Entropy (8bit): | 7.703306245117382 |
| Encrypted: | false |
| SSDEEP: | 24576:Sbgt9IUnghMeF3HVojgCpaxMiicfJuAJH:4gNngXXujhpaCih |
| MD5: | 43DCF57A2E2B4594B5D63C9BD7146467 |
| SHA1: | 3443118429867E754BDA7CF77B44AC82DA85F18C |
| SHA-256: | 3AE3F26BF479F81C188789C06F9D2813CB9F76792C695DA9F90DCA9A600CD7BC |
| SHA-512: | DDC42A04EF127DC6E2DB77755ABE0AFEAD442BECE9242051F7C1790579C3F3BEEFB3A958B64D1BA328F74EC00A2575ECC07342020C262E230B0DE3F1D8FB5CCE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 132096 |
| Entropy (8bit): | 7.120290023334178 |
| Encrypted: | false |
| SSDEEP: | 3072:r8z0aOC7z/raqtHAGoJaw10xCMZvMfz+7zDxKlJgWbAh2+b:rY7z/GqtgF43Qi7XxKlJhevb |
| MD5: | 75D305F30919530A2C49AC362D2E2D34 |
| SHA1: | B9EE4ACF9AC299FCADC4A074AEA0C0FD7888AA1D |
| SHA-256: | CF5676ADA0FF425860EE60E3EE7AC4091C568D9FD9E3562D4BC7F06D5A78AD15 |
| SHA-512: | 6DB2CE736A5F735FCE1AE4D3573E4E03B3E2F605A39280FC30FF28879130B5F4F2BE45C541D30FC6C29718009FEFC40CEFB2E4F267CFAE3ECFBD8949F48CD37B |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 204192 |
| Entropy (8bit): | 6.237429214447198 |
| Encrypted: | false |
| SSDEEP: | 3072:HzS560/yk/J3HssPqqGLgl+zX3FKZzSzvG7mH28dZOjc/2r6MqRo9HYzsQb5878:HqJ3HssPqqGLgl+zXkZzt84a84 |
| MD5: | DA9015DF320DCC2EDDEE493E20F639BA |
| SHA1: | 5732E5722D2CB5A668ABC19AED6434852D0A4FC8 |
| SHA-256: | 2294EBB89E749E7145628164913251B563EA6641A6CD1AE03FBCE55DA43F9B17 |
| SHA-512: | AF2C0E28966537842817174146DEDEA93A00BDBACF97FFAAECE878E3191D3719BF9A2B1618AB645CB68D2039B4EB16524B309A2BF0D76DDCA6AE09708CD2CBFA |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 311390 |
| Entropy (8bit): | 6.361387975641255 |
| Encrypted: | false |
| SSDEEP: | 6144:U/Vk7bUkU6FA8p/eE7Zfjaehfp49MQJZMCJkp5kUKFhRY2:wV8qgZfhhfp49MQJZMCJC5YFZ |
| MD5: | 96CF937BBA21CB4D3203E15246837AE9 |
| SHA1: | 08B9BF57F8942CA98077B62BB0DBA0BD0AF2C952 |
| SHA-256: | 398185CE130D689D5D2B2C3F179F540715F030D91246C876675E84456F1BA488 |
| SHA-512: | C9E3B60B266ED39B85E87B083EED132441FB364D443AC60F5C4A1BC7B59595FE97387B00BA6817265DC7BF30F3FFAA4F3DF1385327F85C083B51F91CA169D282 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 725 |
| Entropy (8bit): | 7.612179564723704 |
| Encrypted: | false |
| SSDEEP: | 12:6v/7skki3PkFefEst0cNLbh4rbRiUq4reba3XECLR9ZFahsWujm9dcKjnpdwlkc:VkkMPkxc04Lbh4rViH4rEalLHnWVujuS |
| MD5: | 5CE69BDF1125A922B6ED1FE28DCAF92B |
| SHA1: | 10C925FAD32D7071A3D96608FD1A04ECDA1B4820 |
| SHA-256: | 0537CF9335394EA509ED23021DAA44F781D380FEAA3947B9DD31C290BE706E1A |
| SHA-512: | E4F76572FE9613BA184E7988533BC434B61FDD0544C148DFB53EB7691590232A2930515B70F61B9696980EE6FA01202C861BEB9A1AEE859C3ECCDD795BBA75E8 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 207 |
| Entropy (8bit): | 6.561784186830513 |
| Encrypted: | false |
| SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllJF5peNf2J+Ej+hdc45kjv/iW8DFWwd5sXGQ4Hh9:6v/lhPysPwXx5kjSW8DF3dyTKhAq7p |
| MD5: | EBBCB008023C6C1B4EFAB0774A4BB19E |
| SHA1: | 7C657C976D7D728E9D6D8F6A603F50B42D86C321 |
| SHA-256: | 5FD17A236AF8B520DB2E34E44E71C3634CB8221E0A27617E522ECB8D0FF8EFF8 |
| SHA-512: | DCEDCF09A83F2350D42001CFD009B395F8CA7B9B33F4B7CC3C1C787EDCE9749030EB54AC8D90645F92C141C8D882A4F0AB9A32F274320DE260CD3DF37CED71CE |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 255 |
| Entropy (8bit): | 6.804661221546568 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPEkME03pQi22U1mw7vgdLSPhZjp7YlHgX+nSbw/Vp:6v/7CE03p829ovCAYlNnScz |
| MD5: | 0D948AEE5693D469DA3F0DCC0FCC009D |
| SHA1: | 61A9DA78E129B3A98855E54F837025CA20DF8017 |
| SHA-256: | 85D3314527708E953C393ABE52AD6A7AD63BDA7A31353CE0380CC775AA781A6F |
| SHA-512: | C7E601DF3F09BCF1D144F35CF9402E00CCDE7C3CB705D5EC39787F526158DE4110CEE10965DDCBD64BC65B3DC97CD8E504BBFEF20ACF045D0851441C691CE605 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 274 |
| Entropy (8bit): | 6.700098934002617 |
| Encrypted: | false |
| SSDEEP: | 6:6v/lhPysPQcxtmxnHmYR3o5dEYBgQin+ErxwfHDYnIp:6v/7lxUhH/N9YB/inDwfHwi |
| MD5: | D8FFE7BA5669DE024607E64126DDFFEC |
| SHA1: | D1993BB12041E4C3F7CF45AFB2DBCFB74A544C0D |
| SHA-256: | 2A6FD48DE810DE4BD61BD26DDAECCB6C6C9204CB4D213EBE1ACB560054911CDD |
| SHA-512: | 47C6D898DE3DFC27E63563F7723F8F690156FBF0F45470FF0DD2FE4E75D4B7108D9700E34E14890DB95C9D20A9D77D7429B32044B2E58708984A4014D35760BD |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 12288 |
| Entropy (8bit): | 5.814115788739565 |
| Encrypted: | false |
| SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
| MD5: | CFF85C549D536F651D4FB8387F1976F2 |
| SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
| SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
| SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 107216 |
| Entropy (8bit): | 6.554876906345404 |
| Encrypted: | false |
| SSDEEP: | 1536:bd1dHfDjsv8AvQakQv7rJa3Y/Y7CDxTNHDfL59RmhworviqH:blrjQ8AvdkQTrk31SNLLjOvd |
| MD5: | ED3D19D00DB707AB5E556BE6E3F7E7ED |
| SHA1: | 89B973BF2F6961DD736FA420E6506BCB665103E0 |
| SHA-256: | F1DCEA81AFBB3752B920E586A7C19927BB6D3C9051D133B863D5B5801E4098CD |
| SHA-512: | 498728E4F42907F1677C5FB1A8CB6681941E32F4925BAEA1E3D054B61CCCEB1A435E93FC4E81D27C743AE4F443E63CA227434171012523300314E8A08A0E16B0 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2250 |
| Entropy (8bit): | 5.060293593237505 |
| Encrypted: | false |
| SSDEEP: | 48:uTHxDxX7Nrh4sRIjan3/CpUlOpUjWQ05+N2iNM0zjjf47GvSzRU:gxDl7Nl4sDvvOK0/mMu4C5 |
| MD5: | 4BCE488F7C4E00ED71170C7D0A593663 |
| SHA1: | F49F1FD072D650A8A5DD1F026E003CEE85420BC8 |
| SHA-256: | 17365C633230CD05375125AA6C710B76900E2B93D87D14E1F9F2338C3B3BEA1A |
| SHA-512: | E570D618B14A39F319DC12F0332BA62E8387C5A9F8104AEC7263F89B806CA7E501DD9762B8B117B34E5F8E401564C015FF269BC432776327C7768C3B67087F7E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 232 |
| Entropy (8bit): | 7.024371743172393 |
| Encrypted: | false |
| SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7ZrqJgTFwoaw+9XU4:X4LEnybgCFCtvd7ZrCgpwoaw+Z9 |
| MD5: | 32D0AAE13696FF7F8AF33B2D22451028 |
| SHA1: | EF80C4E0DB2AE8EF288027C9D3518E6950B583A4 |
| SHA-256: | 5347661365E7AD2C1ACC27AB0D150FFA097D9246BB3626FCA06989E976E8DD29 |
| SHA-512: | 1D77FC13512C0DBC4EFD7A66ACB502481E4EFA0FB73D0C7D0942448A72B9B05BA1EA78DDF0BE966363C2E3122E0B631DB7630D044D08C1E1D32B9FB025C356A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8 |
| Entropy (8bit): | 3.0 |
| Encrypted: | false |
| SSDEEP: | 3:fNq6/t:lLt |
| MD5: | 3B89B23126F55AC55335BA2592A839F3 |
| SHA1: | 1AC9F178A64BE3EC15C92311F4C848FE443BE9D9 |
| SHA-256: | F029142EE59B634D80AEC8B1B646A1BCB027BA3C16933DBE6B6F199BB621B76F |
| SHA-512: | C876C041350B281FDD63583AF458D9E56116D7D5C43E4477E9231254B44429760EFC2FBBE828B1A26DC618673719285C313803BA9FABCED0F15F30E2A1166134 |
| Malicious: | true |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.7033108137307496 |
| TrID: |
|
| File name: | SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| File size: | 1000520 |
| MD5: | be43b751bd103fe5a64b4e0aa7a30060 |
| SHA1: | ab293504fe7636c3cfc74718973bbd1cbca05fb4 |
| SHA256: | 87eefb05fd8c133f8a0059e1bc695f652a2f7b0c297386d7a08fb37bdb76009b |
| SHA512: | 825db1705fec16ef84402001ebbfbb47a8cdd70e694a65d195e2ea40c5622619fcb51132e7865de8118b81b3c1dee0aafc1cc560fd5a964bde2b8adf7ce430ff |
| SSDEEP: | 24576:Vbgt9IUnghMeF3HVojgCpaxMiicfJuAJH:9gNngXXujhpaCih |
| TLSH: | 192522053F5CDD22C0A40CBAA9F3C64D6AB9EE00465D5A433751393EFEFE662690E11B |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
 | |
| Icon Hash: | 34d2c6c3c7c6bc58 |
| Entrypoint: | 0x40352d |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
| Signature Valid: | false |
| Signature Issuer: | CN="rinkendes Experiments ", O=Barskest, L=Mather, S=Wisconsin, C=US |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | A7557C0E83650866B28AB2077645E0DE |
| Thumbprint SHA-1: | 3BEA5C0A3865D2AB708E44BE6A0BDC5DB60306B3 |
| Thumbprint SHA-256: | 76B82D02656D7F6C305B3EAF4E61B6F551A23414E029C0801619EBE13A7B452C |
| Serial: | 04D1E786DF1E3E77 |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| sub esp, 000003F4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [ebp-14h], ebx |
| mov dword ptr [ebp-04h], 0040A2E0h |
| mov dword ptr [ebp-10h], ebx |
| call dword ptr [004080CCh] |
| mov esi, dword ptr [004080D0h] |
| lea eax, dword ptr [ebp-00000140h] |
| push eax |
| mov dword ptr [ebp-0000012Ch], ebx |
| mov dword ptr [ebp-2Ch], ebx |
| mov dword ptr [ebp-28h], ebx |
| mov dword ptr [ebp-00000140h], 0000011Ch |
| call esi |
| test eax, eax |
| jne 00007F69F0A369DAh |
| lea eax, dword ptr [ebp-00000140h] |
| mov dword ptr [ebp-00000140h], 00000114h |
| push eax |
| call esi |
| mov ax, word ptr [ebp-0000012Ch] |
| mov ecx, dword ptr [ebp-00000112h] |
| sub ax, 00000053h |
| add ecx, FFFFFFD0h |
| neg ax |
| sbb eax, eax |
| mov byte ptr [ebp-26h], 00000004h |
| not eax |
| and eax, ecx |
| mov word ptr [ebp-2Ch], ax |
| cmp dword ptr [ebp-0000013Ch], 0Ah |
| jnc 00007F69F0A369AAh |
| and word ptr [ebp-00000132h], 0000h |
| mov eax, dword ptr [ebp-00000134h] |
| movzx ecx, byte ptr [ebp-00000138h] |
| mov dword ptr [00434FB8h], eax |
| xor eax, eax |
| mov ah, byte ptr [ebp-0000013Ch] |
| movzx eax, ax |
| or eax, ecx |
| xor ecx, ecx |
| mov ch, byte ptr [ebp-2Ch] |
| movzx ecx, cx |
| shl eax, 10h |
| or eax, ecx |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x60000 | 0x3a278 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0xf2c50 | 0x17f8 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .ndata | 0x36000 | 0x2a000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .rsrc | 0x60000 | 0x3a278 | 0x3a400 | False | 0.578342945279 | data | 6.13676898317 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x60388 | 0x11db7 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x72140 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_ICON | 0x82968 | 0x94a8 | data | English | United States |
| RT_ICON | 0x8be10 | 0x5488 | data | English | United States |
| RT_ICON | 0x91298 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 234938623, next used block 4294909696 | English | United States |
| RT_ICON | 0x954c0 | 0x25a8 | data | English | United States |
| RT_ICON | 0x97a68 | 0x10a8 | data | English | United States |
| RT_ICON | 0x98b10 | 0x988 | data | English | United States |
| RT_ICON | 0x99498 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_DIALOG | 0x99900 | 0x100 | data | English | United States |
| RT_DIALOG | 0x99a00 | 0x11c | data | English | United States |
| RT_DIALOG | 0x99b20 | 0xc4 | data | English | United States |
| RT_DIALOG | 0x99be8 | 0x60 | data | English | United States |
| RT_GROUP_ICON | 0x99c48 | 0x84 | data | English | United States |
| RT_VERSION | 0x99cd0 | 0x264 | data | English | United States |
| RT_MANIFEST | 0x99f38 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
| DLL | Import |
|---|---|
| ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
| SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
| ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
| COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
| USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
| GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
| KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
| Description | Data |
|---|---|
| LegalCopyright | unawarelymed |
| FileVersion | 8.3.15 |
| CompanyName | uvanligereomk |
| LegalTrademarks | INSTRUKTIONS |
| Comments | NONSTIC |
| ProductName | Anti60 |
| FileDescription | Meousgavebo |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 192.168.11.2023.105.131.2284981552182816766 05/26/22-22:59:36.110765 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984852182816766 05/26/22-23:02:46.099381 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982552182816766 05/26/22-23:00:31.508103 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49825 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984352182816718 05/26/22-23:02:15.749636 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985852182816766 05/26/22-23:03:28.855065 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49858 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984552182816766 05/26/22-23:02:28.261536 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985552182816766 05/26/22-23:03:10.672551 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49855 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980852182816766 05/26/22-22:58:52.132477 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981252182816766 05/26/22-22:59:17.847332 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983552182816766 05/26/22-23:01:32.797260 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49835 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980252182816766 05/26/22-22:58:21.911604 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498532810290 05/26/22-23:02:57.070574 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49853 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284982852182816766 05/26/22-23:00:49.935151 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49828 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983852182816766 05/26/22-23:01:51.496168 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985952182816718 05/26/22-23:03:34.321491 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49859 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979952182816766 05/26/22-22:58:04.753817 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984552182025019 05/26/22-23:02:26.487154 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49845 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984852182025019 05/26/22-23:02:44.373603 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985852182025019 05/26/22-23:03:27.284937 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49858 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979252182816766 05/26/22-22:57:44.769854 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985552182025019 05/26/22-23:03:08.914161 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49855 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978252182816766 05/26/22-22:56:53.274979 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982852182025019 05/26/22-23:00:48.235087 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49828 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983852182025019 05/26/22-23:01:49.783134 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49838 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977552182025019 05/26/22-22:56:38.901418 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986552182025019 05/26/22-23:04:10.629863 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49865 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983252182816766 05/26/22-23:01:14.490168 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985252182816766 05/26/22-23:02:52.215713 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49852 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979052182816766 05/26/22-22:57:32.337282 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980852182025019 05/26/22-22:58:50.992423 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49808 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985752182025019 05/26/22-23:03:21.170637 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49857 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982252182816766 05/26/22-23:00:13.070615 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986252182816766 05/26/22-23:03:53.418371 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49862 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984752182025019 05/26/22-23:02:38.235595 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982752182025019 05/26/22-23:00:42.060298 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49827 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983752182025019 05/26/22-23:01:43.592376 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976952182816766 05/26/22-22:56:27.805928 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49769 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984252182816766 05/26/22-23:02:09.830094 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978352182816718 05/26/22-22:56:58.156949 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986452182816766 05/26/22-23:04:05.819303 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49864 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978352182025019 05/26/22-22:56:57.850644 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978052182816766 05/26/22-22:56:46.808015 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982452182816766 05/26/22-23:00:25.238881 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49824 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981452182816766 05/26/22-22:59:29.900867 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982952182816766 05/26/22-23:00:56.084760 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49829 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983452182816766 05/26/22-23:01:26.679844 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978052182025019 05/26/22-22:56:45.202082 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49780 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981952182816766 05/26/22-22:59:54.510819 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985752182816766 05/26/22-23:03:22.706542 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49857 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979052182025019 05/26/22-22:57:30.455323 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49790 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980952182816766 05/26/22-22:58:58.970372 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985452182816766 05/26/22-23:03:04.405194 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49854 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984452182816766 05/26/22-23:02:22.023762 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980252182816718 05/26/22-22:58:21.911604 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218497882810290 05/26/22-22:57:25.234060 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49788 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284979152182025019 05/26/22-22:57:36.817105 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985652182816766 05/26/22-23:03:16.808039 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49856 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981752182816766 05/26/22-22:59:48.482502 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982752182816766 05/26/22-23:00:43.669560 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49827 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984752182816766 05/26/22-23:02:39.985491 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49847 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983752182816766 05/26/22-23:01:45.080902 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49837 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977152182025019 05/26/22-22:56:32.568998 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49771 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980652182816766 05/26/22-22:58:40.386913 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978252182025019 05/26/22-22:56:51.581864 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49782 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981652182816766 05/26/22-22:59:42.426003 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986552182816766 05/26/22-23:04:10.953670 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49865 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979252182025019 05/26/22-22:57:43.061898 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49792 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983652182816766 05/26/22-23:01:38.486462 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982652182816766 05/26/22-23:00:37.718065 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984652182816766 05/26/22-23:02:33.763111 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980752182816766 05/26/22-22:58:46.392335 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985352182025019 05/26/22-23:02:56.695701 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49853 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978452182816766 05/26/22-22:57:05.959460 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986352182025019 05/26/22-23:03:58.052969 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49863 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981052182025019 05/26/22-22:59:03.494428 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982052182025019 05/26/22-22:59:59.112186 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979752182816766 05/26/22-22:57:58.434919 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981352182025019 05/26/22-22:59:22.171911 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984652182025019 05/26/22-23:02:32.786547 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49846 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983052182025019 05/26/22-23:01:00.431074 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980352182025019 05/26/22-22:58:26.260383 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984052182025019 05/26/22-23:02:02.026018 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983652182025019 05/26/22-23:01:37.235701 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49836 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985952182025019 05/26/22-23:03:33.430761 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49859 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979752182025019 05/26/22-22:57:56.674729 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49797 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980652182025019 05/26/22-22:58:38.629823 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49806 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982652182025019 05/26/22-23:00:35.948670 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49826 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978752182816766 05/26/22-22:57:19.771138 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986052182025019 05/26/22-23:03:39.544308 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49860 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986052182816766 05/26/22-23:03:41.176317 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49860 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978752182025019 05/26/22-22:57:17.891220 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49787 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981652182025019 05/26/22-22:59:40.683320 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49816 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983052182816766 05/26/22-23:01:02.224827 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49830 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978452182025019 05/26/22-22:57:04.272476 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49784 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981952182025019 05/26/22-22:59:53.028818 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49819 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982952182025019 05/26/22-23:00:54.368958 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49829 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983952182025019 05/26/22-23:01:55.905807 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984052182816766 05/26/22-23:02:03.691808 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49840 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983352182816766 05/26/22-23:01:20.521033 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983552182816718 05/26/22-23:01:32.044894 | TCP | 2816718 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon | 49835 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981352182816766 05/26/22-22:59:23.359150 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49813 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985352182816766 05/26/22-23:02:58.303798 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49853 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980952182025019 05/26/22-22:58:57.214975 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49809 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982352182816766 05/26/22-23:00:19.115887 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49823 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986352182816766 05/26/22-23:03:59.744768 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49863 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980452182816766 05/26/22-22:58:33.462147 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498012841753 05/26/22-22:58:15.567728 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 5218 | 49801 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284984352182816766 05/26/22-23:02:16.034084 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983952182816766 05/26/22-23:01:57.503381 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49839 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985952182816766 05/26/22-23:03:34.975066 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49859 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985652182025019 05/26/22-23:03:15.071719 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49856 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979152182816766 05/26/22-22:57:38.723479 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49791 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977152182816766 05/26/22-22:56:32.900519 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49771 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980352182816766 05/26/22-22:58:28.062184 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49803 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980052182025019 05/26/22-22:58:09.059966 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980752182025019 05/26/22-22:58:44.885942 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49807 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986152182816766 05/26/22-23:03:47.300693 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49861 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979652182025019 05/26/22-22:57:49.469914 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981752182025019 05/26/22-22:59:46.862759 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49817 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978652182025019 05/26/22-22:57:10.680744 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978852182816766 05/26/22-22:57:25.903337 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983152182816766 05/26/22-23:01:08.320653 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976852182816766 05/26/22-22:56:20.953682 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49768 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976952182025019 05/26/22-22:56:26.199314 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49769 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983452182025019 05/26/22-23:01:24.979877 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49834 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980152182025019 05/26/22-22:58:15.250696 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984452182025019 05/26/22-23:02:20.370858 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49844 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981152182025019 05/26/22-22:59:09.758921 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982152182025019 05/26/22-23:00:05.205755 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986452182025019 05/26/22-23:04:04.336780 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49864 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985452182025019 05/26/22-23:03:02.819470 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49854 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982152182816766 05/26/22-23:00:06.968002 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49821 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981152182816766 05/26/22-22:59:11.357229 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49811 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983152182025019 05/26/22-23:01:06.610183 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49831 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978352182816766 05/26/22-22:56:59.419988 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49783 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980152182816766 05/26/22-22:58:15.568079 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49801 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980252182025019 05/26/22-22:58:20.166592 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49802 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983552182025019 05/26/22-23:01:31.090286 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49835 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284976852182025019 05/26/22-22:56:19.837362 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49768 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982552182025019 05/26/22-23:00:29.822547 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49825 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978852182025019 05/26/22-22:57:24.224475 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49788 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986152182025019 05/26/22-23:03:45.715402 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49861 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284978652182816766 05/26/22-22:57:12.301059 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49786 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979652182816766 05/26/22-22:57:51.224317 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49796 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981252182025019 05/26/22-22:59:16.016167 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49812 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982052182816766 05/26/22-23:00:00.809134 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49820 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981552182025019 05/26/22-22:59:34.423976 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49815 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982252182025019 05/26/22-23:00:11.334940 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49822 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284983252182025019 05/26/22-23:01:12.735332 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49832 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981052182816766 05/26/22-22:59:05.241226 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49810 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984252182025019 05/26/22-23:02:08.123445 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49842 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980052182816766 05/26/22-22:58:10.847781 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49800 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284986252182025019 05/26/22-23:03:51.787396 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49862 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982452182025019 05/26/22-23:00:23.686878 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49824 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284985252182025019 05/26/22-23:02:50.506570 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49852 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284981452182025019 05/26/22-22:59:28.246171 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49814 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284980452182025019 05/26/22-22:58:32.441375 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49804 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284979952182025019 05/26/22-22:58:02.999718 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49799 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284982352182025019 05/26/22-23:00:17.588964 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49823 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 23.105.131.228192.168.11.205218498292810290 05/26/22-23:00:54.737638 | TCP | 2810290 | ETPRO TROJAN NanoCore RAT Keepalive Response 1 | 5218 | 49829 | 23.105.131.228 | 192.168.11.20 |
| 192.168.11.2023.105.131.2284983352182025019 05/26/22-23:01:18.862946 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49833 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284984352182025019 05/26/22-23:02:14.277580 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49843 | 5218 | 192.168.11.20 | 23.105.131.228 |
| 192.168.11.2023.105.131.2284977552182816766 05/26/22-22:56:40.578439 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49775 | 5218 | 192.168.11.20 | 23.105.131.228 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 26, 2022 22:56:17.960925102 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:17.961008072 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:17.961203098 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:17.987721920 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:17.987776995 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.031034946 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.031286001 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.031356096 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.145823002 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.145880938 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.146599054 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.146783113 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.155292034 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.195065022 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.195223093 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.195267916 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.195489883 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.195522070 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.195671082 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.195700884 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.195925951 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.195975065 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.196182013 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.196237087 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.196264982 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.196414948 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.196546078 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.196599960 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.196624994 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.196793079 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.196814060 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.196832895 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197026968 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.197052002 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197208881 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.197238922 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197256088 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197490931 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197578907 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.197609901 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197753906 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.197812080 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.197830915 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.197848082 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198005915 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198038101 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198149920 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198195934 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198220968 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198373079 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198395014 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198436975 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198555946 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198587894 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198731899 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198748112 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198764086 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198777914 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.198940992 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.198972940 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199137926 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199223042 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199296951 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.199323893 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199331999 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.199489117 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.199522018 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199650049 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.199681997 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199842930 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.199873924 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.199995041 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200035095 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200057983 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200063944 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200202942 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200285912 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200388908 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200418949 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200579882 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200664997 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200769901 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200794935 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200810909 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.200953007 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.200974941 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.201064110 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.201132059 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.201159000 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.201231003 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.201417923 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.201457977 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.201483011 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.201611996 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.201800108 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.205446959 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.205634117 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.205665112 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| May 26, 2022 22:56:18.205876112 CEST | 443 | 49767 | 162.159.129.233 | 192.168.11.20 |
| May 26, 2022 22:56:18.206020117 CEST | 49767 | 443 | 192.168.11.20 | 162.159.129.233 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 26, 2022 22:56:17.944097042 CEST | 59088 | 53 | 192.168.11.20 | 1.1.1.1 |
| May 26, 2022 22:56:17.952687979 CEST | 53 | 59088 | 1.1.1.1 | 192.168.11.20 |
| May 26, 2022 22:56:19.370522022 CEST | 49476 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:19.502645016 CEST | 53 | 49476 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:25.761801004 CEST | 56094 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:25.915883064 CEST | 53 | 56094 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:32.109195948 CEST | 51424 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:32.275470972 CEST | 53 | 51424 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:38.469002008 CEST | 54402 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:38.598752975 CEST | 53 | 54402 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:44.759712934 CEST | 52948 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:44.889226913 CEST | 53 | 52948 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:51.119111061 CEST | 60245 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:51.286528111 CEST | 53 | 60245 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:56:57.556022882 CEST | 49467 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:56:57.564409018 CEST | 53 | 49467 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:03.795886993 CEST | 63092 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:03.948545933 CEST | 53 | 63092 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:10.235336065 CEST | 62270 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:10.365535975 CEST | 53 | 62270 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:16.583590031 CEST | 49920 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:16.592194080 CEST | 53 | 49920 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:23.941036940 CEST | 52713 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:23.951476097 CEST | 53 | 52713 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:30.142916918 CEST | 51295 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:30.153330088 CEST | 53 | 51295 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:36.447880030 CEST | 64535 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:36.458362103 CEST | 53 | 64535 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:42.765239000 CEST | 53972 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:42.775795937 CEST | 53 | 53972 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:49.071717024 CEST | 62125 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:49.079962015 CEST | 53 | 62125 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:57:55.387375116 CEST | 57703 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:57:55.396287918 CEST | 53 | 57703 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:02.714227915 CEST | 55631 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:02.722851038 CEST | 53 | 55631 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:08.790844917 CEST | 56620 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:08.801352024 CEST | 53 | 56620 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:14.961462975 CEST | 65449 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:14.970187902 CEST | 53 | 65449 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:19.725739002 CEST | 52026 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:19.884291887 CEST | 53 | 52026 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:25.958996058 CEST | 61795 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:25.967468023 CEST | 53 | 61795 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:32.132129908 CEST | 60990 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:32.140337944 CEST | 53 | 60990 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:38.362163067 CEST | 57977 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:38.373121977 CEST | 53 | 57977 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:44.439168930 CEST | 63754 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:44.594331026 CEST | 53 | 63754 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:50.673515081 CEST | 55854 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:50.684278965 CEST | 53 | 55854 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:58:56.796745062 CEST | 58203 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:58:56.924204111 CEST | 53 | 58203 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:03.044397116 CEST | 52977 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:03.204742908 CEST | 53 | 52977 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:09.314876080 CEST | 58148 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:09.475416899 CEST | 53 | 58148 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:15.620628119 CEST | 50720 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:15.750709057 CEST | 53 | 50720 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:21.887063980 CEST | 54238 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:21.897727013 CEST | 53 | 54238 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:27.961395025 CEST | 64712 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:27.969963074 CEST | 53 | 64712 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:34.132642031 CEST | 56727 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:34.143362999 CEST | 53 | 56727 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:40.239417076 CEST | 58851 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:40.408190966 CEST | 53 | 58851 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:46.565993071 CEST | 63210 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:46.574675083 CEST | 53 | 63210 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:52.736718893 CEST | 55172 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:52.747231960 CEST | 53 | 55172 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 22:59:58.798115015 CEST | 57061 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 22:59:58.808669090 CEST | 53 | 57061 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:04.921264887 CEST | 58867 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:04.931792974 CEST | 53 | 58867 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:11.045850039 CEST | 55593 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:11.056566954 CEST | 53 | 55593 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:17.185695887 CEST | 50201 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:17.313097954 CEST | 53 | 50201 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:23.418376923 CEST | 58263 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:23.427269936 CEST | 53 | 58263 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:29.525124073 CEST | 58184 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:29.534392118 CEST | 53 | 58184 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:35.655673981 CEST | 62556 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:35.663703918 CEST | 53 | 62556 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:41.772674084 CEST | 56888 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:41.783401966 CEST | 53 | 56888 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:47.911969900 CEST | 50100 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:47.920675039 CEST | 53 | 50100 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:00:54.066659927 CEST | 52333 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:00:54.076555014 CEST | 53 | 52333 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:00.143632889 CEST | 61703 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:00.154145002 CEST | 53 | 61703 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:06.314536095 CEST | 54934 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:06.323120117 CEST | 53 | 54934 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:12.437952995 CEST | 51813 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:12.448194981 CEST | 53 | 51813 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:18.568036079 CEST | 62086 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:18.576674938 CEST | 53 | 62086 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:24.687258959 CEST | 57140 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:24.695985079 CEST | 53 | 57140 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:30.761780977 CEST | 59950 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:30.772237062 CEST | 53 | 59950 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:36.932429075 CEST | 61604 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:36.942620993 CEST | 53 | 61604 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:43.025840044 CEST | 55927 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:43.156709909 CEST | 53 | 55927 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:49.461431026 CEST | 59565 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:49.470392942 CEST | 53 | 59565 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:01:55.631266117 CEST | 49963 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:01:55.640096903 CEST | 53 | 49963 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:01.723764896 CEST | 56068 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:01.734304905 CEST | 53 | 56068 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:07.836009026 CEST | 50768 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:07.846244097 CEST | 53 | 50768 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:13.970880032 CEST | 58530 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:13.979751110 CEST | 53 | 58530 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:20.081634998 CEST | 54481 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:20.092257977 CEST | 53 | 54481 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:26.207834005 CEST | 63400 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:26.218049049 CEST | 53 | 63400 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:32.328444004 CEST | 62581 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:32.498123884 CEST | 53 | 62581 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:37.926033974 CEST | 57188 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:37.934736967 CEST | 53 | 57188 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:44.027009964 CEST | 53047 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:44.036978960 CEST | 53 | 53047 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:50.213300943 CEST | 58396 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:50.223522902 CEST | 53 | 58396 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:02:56.289926052 CEST | 58656 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:02:56.419696093 CEST | 53 | 58656 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:02.508759975 CEST | 50301 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:02.518985033 CEST | 53 | 50301 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:08.634332895 CEST | 51125 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:08.643898010 CEST | 53 | 51125 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:14.755961895 CEST | 54759 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:14.766194105 CEST | 53 | 54759 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:20.878443956 CEST | 49657 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:20.888705969 CEST | 53 | 49657 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:27.003328085 CEST | 55910 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:27.013995886 CEST | 53 | 55910 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:33.125438929 CEST | 58062 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:33.133816957 CEST | 53 | 58062 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:39.257931948 CEST | 58538 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:39.268352032 CEST | 53 | 58538 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:45.420042992 CEST | 58317 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:45.429908037 CEST | 53 | 58317 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:51.497894049 CEST | 60169 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:51.506457090 CEST | 53 | 60169 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:03:57.619930983 CEST | 50145 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:03:57.787252903 CEST | 53 | 50145 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:04:03.870403051 CEST | 59961 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:04:04.032357931 CEST | 53 | 59961 | 8.8.8.8 | 192.168.11.20 |
| May 26, 2022 23:04:10.195959091 CEST | 52282 | 53 | 192.168.11.20 | 8.8.8.8 |
| May 26, 2022 23:04:10.354782104 CEST | 53 | 52282 | 8.8.8.8 | 192.168.11.20 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| May 26, 2022 22:56:17.944097042 CEST | 192.168.11.20 | 1.1.1.1 | 0xa78b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:19.370522022 CEST | 192.168.11.20 | 8.8.8.8 | 0x25d0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:25.761801004 CEST | 192.168.11.20 | 8.8.8.8 | 0x58c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:32.109195948 CEST | 192.168.11.20 | 8.8.8.8 | 0xc137 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:38.469002008 CEST | 192.168.11.20 | 8.8.8.8 | 0x9572 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:44.759712934 CEST | 192.168.11.20 | 8.8.8.8 | 0xfe65 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:51.119111061 CEST | 192.168.11.20 | 8.8.8.8 | 0x3583 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:56:57.556022882 CEST | 192.168.11.20 | 8.8.8.8 | 0xcb10 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:03.795886993 CEST | 192.168.11.20 | 8.8.8.8 | 0xa00e | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:10.235336065 CEST | 192.168.11.20 | 8.8.8.8 | 0x410b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:16.583590031 CEST | 192.168.11.20 | 8.8.8.8 | 0xccfe | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:23.941036940 CEST | 192.168.11.20 | 8.8.8.8 | 0xcf99 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:30.142916918 CEST | 192.168.11.20 | 8.8.8.8 | 0x48dc | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:36.447880030 CEST | 192.168.11.20 | 8.8.8.8 | 0x2682 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:42.765239000 CEST | 192.168.11.20 | 8.8.8.8 | 0x2648 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:49.071717024 CEST | 192.168.11.20 | 8.8.8.8 | 0xb6b7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:57:55.387375116 CEST | 192.168.11.20 | 8.8.8.8 | 0x66db | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:02.714227915 CEST | 192.168.11.20 | 8.8.8.8 | 0xe7f0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:08.790844917 CEST | 192.168.11.20 | 8.8.8.8 | 0x7b6e | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:14.961462975 CEST | 192.168.11.20 | 8.8.8.8 | 0xa9e | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:19.725739002 CEST | 192.168.11.20 | 8.8.8.8 | 0xa8b4 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:25.958996058 CEST | 192.168.11.20 | 8.8.8.8 | 0x1405 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:32.132129908 CEST | 192.168.11.20 | 8.8.8.8 | 0x5361 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:38.362163067 CEST | 192.168.11.20 | 8.8.8.8 | 0xd343 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:44.439168930 CEST | 192.168.11.20 | 8.8.8.8 | 0x9599 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:50.673515081 CEST | 192.168.11.20 | 8.8.8.8 | 0x3fd0 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:58:56.796745062 CEST | 192.168.11.20 | 8.8.8.8 | 0x8584 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:03.044397116 CEST | 192.168.11.20 | 8.8.8.8 | 0xdef1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:09.314876080 CEST | 192.168.11.20 | 8.8.8.8 | 0xaffb | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:15.620628119 CEST | 192.168.11.20 | 8.8.8.8 | 0xc2d3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:21.887063980 CEST | 192.168.11.20 | 8.8.8.8 | 0x1515 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:27.961395025 CEST | 192.168.11.20 | 8.8.8.8 | 0xc95f | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:34.132642031 CEST | 192.168.11.20 | 8.8.8.8 | 0x9acd | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:40.239417076 CEST | 192.168.11.20 | 8.8.8.8 | 0x559 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:46.565993071 CEST | 192.168.11.20 | 8.8.8.8 | 0xc4c1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:52.736718893 CEST | 192.168.11.20 | 8.8.8.8 | 0xc6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 22:59:58.798115015 CEST | 192.168.11.20 | 8.8.8.8 | 0x4d8a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:04.921264887 CEST | 192.168.11.20 | 8.8.8.8 | 0x3d98 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:11.045850039 CEST | 192.168.11.20 | 8.8.8.8 | 0xbdda | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:17.185695887 CEST | 192.168.11.20 | 8.8.8.8 | 0x3874 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:23.418376923 CEST | 192.168.11.20 | 8.8.8.8 | 0x67f3 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:29.525124073 CEST | 192.168.11.20 | 8.8.8.8 | 0x51a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:35.655673981 CEST | 192.168.11.20 | 8.8.8.8 | 0xde6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:41.772674084 CEST | 192.168.11.20 | 8.8.8.8 | 0x4c97 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:47.911969900 CEST | 192.168.11.20 | 8.8.8.8 | 0x58f7 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:00:54.066659927 CEST | 192.168.11.20 | 8.8.8.8 | 0x2c4b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:00.143632889 CEST | 192.168.11.20 | 8.8.8.8 | 0x2640 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:06.314536095 CEST | 192.168.11.20 | 8.8.8.8 | 0x95ce | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:12.437952995 CEST | 192.168.11.20 | 8.8.8.8 | 0x423b | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:18.568036079 CEST | 192.168.11.20 | 8.8.8.8 | 0x9c89 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:24.687258959 CEST | 192.168.11.20 | 8.8.8.8 | 0x5b67 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:30.761780977 CEST | 192.168.11.20 | 8.8.8.8 | 0xc00f | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:36.932429075 CEST | 192.168.11.20 | 8.8.8.8 | 0x8eac | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:43.025840044 CEST | 192.168.11.20 | 8.8.8.8 | 0x1f0a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:49.461431026 CEST | 192.168.11.20 | 8.8.8.8 | 0xc6d6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:01:55.631266117 CEST | 192.168.11.20 | 8.8.8.8 | 0x5440 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:01.723764896 CEST | 192.168.11.20 | 8.8.8.8 | 0x1356 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:07.836009026 CEST | 192.168.11.20 | 8.8.8.8 | 0x6fea | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:13.970880032 CEST | 192.168.11.20 | 8.8.8.8 | 0x7db1 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:20.081634998 CEST | 192.168.11.20 | 8.8.8.8 | 0xd8f5 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:26.207834005 CEST | 192.168.11.20 | 8.8.8.8 | 0x2555 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:32.328444004 CEST | 192.168.11.20 | 8.8.8.8 | 0x6097 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:37.926033974 CEST | 192.168.11.20 | 8.8.8.8 | 0xfa72 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:44.027009964 CEST | 192.168.11.20 | 8.8.8.8 | 0xeea2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:50.213300943 CEST | 192.168.11.20 | 8.8.8.8 | 0xf5b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:02:56.289926052 CEST | 192.168.11.20 | 8.8.8.8 | 0x478f | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:02.508759975 CEST | 192.168.11.20 | 8.8.8.8 | 0xb6c2 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:08.634332895 CEST | 192.168.11.20 | 8.8.8.8 | 0x1c31 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:14.755961895 CEST | 192.168.11.20 | 8.8.8.8 | 0xca7d | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:20.878443956 CEST | 192.168.11.20 | 8.8.8.8 | 0x321a | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:27.003328085 CEST | 192.168.11.20 | 8.8.8.8 | 0x8b77 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:33.125438929 CEST | 192.168.11.20 | 8.8.8.8 | 0xcd8d | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:39.257931948 CEST | 192.168.11.20 | 8.8.8.8 | 0xb340 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:45.420042992 CEST | 192.168.11.20 | 8.8.8.8 | 0x33bf | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:51.497894049 CEST | 192.168.11.20 | 8.8.8.8 | 0xcb80 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:03:57.619930983 CEST | 192.168.11.20 | 8.8.8.8 | 0x1b80 | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:04:03.870403051 CEST | 192.168.11.20 | 8.8.8.8 | 0x924d | Standard query (0) | A (IP address) | IN (0x0001) | |
| May 26, 2022 23:04:10.195959091 CEST | 192.168.11.20 | 8.8.8.8 | 0x9bd4 | Standard query (0) | A (IP address) | IN (0x0001) |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| May 26, 2022 22:56:17.952687979 CEST | 1.1.1.1 | 192.168.11.20 | 0xa78b | No error (0) | 162.159.129.233 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:17.952687979 CEST | 1.1.1.1 | 192.168.11.20 | 0xa78b | No error (0) | 162.159.130.233 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:17.952687979 CEST | 1.1.1.1 | 192.168.11.20 | 0xa78b | No error (0) | 162.159.133.233 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:17.952687979 CEST | 1.1.1.1 | 192.168.11.20 | 0xa78b | No error (0) | 162.159.134.233 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:17.952687979 CEST | 1.1.1.1 | 192.168.11.20 | 0xa78b | No error (0) | 162.159.135.233 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:19.502645016 CEST | 8.8.8.8 | 192.168.11.20 | 0x25d0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:25.915883064 CEST | 8.8.8.8 | 192.168.11.20 | 0x58c5 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:32.275470972 CEST | 8.8.8.8 | 192.168.11.20 | 0xc137 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:38.598752975 CEST | 8.8.8.8 | 192.168.11.20 | 0x9572 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:44.889226913 CEST | 8.8.8.8 | 192.168.11.20 | 0xfe65 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:51.286528111 CEST | 8.8.8.8 | 192.168.11.20 | 0x3583 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:56:57.564409018 CEST | 8.8.8.8 | 192.168.11.20 | 0xcb10 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:03.948545933 CEST | 8.8.8.8 | 192.168.11.20 | 0xa00e | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:10.365535975 CEST | 8.8.8.8 | 192.168.11.20 | 0x410b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:16.592194080 CEST | 8.8.8.8 | 192.168.11.20 | 0xccfe | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:23.951476097 CEST | 8.8.8.8 | 192.168.11.20 | 0xcf99 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:30.153330088 CEST | 8.8.8.8 | 192.168.11.20 | 0x48dc | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:36.458362103 CEST | 8.8.8.8 | 192.168.11.20 | 0x2682 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:42.775795937 CEST | 8.8.8.8 | 192.168.11.20 | 0x2648 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:49.079962015 CEST | 8.8.8.8 | 192.168.11.20 | 0xb6b7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:57:55.396287918 CEST | 8.8.8.8 | 192.168.11.20 | 0x66db | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:02.722851038 CEST | 8.8.8.8 | 192.168.11.20 | 0xe7f0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:08.801352024 CEST | 8.8.8.8 | 192.168.11.20 | 0x7b6e | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:14.970187902 CEST | 8.8.8.8 | 192.168.11.20 | 0xa9e | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:19.884291887 CEST | 8.8.8.8 | 192.168.11.20 | 0xa8b4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:25.967468023 CEST | 8.8.8.8 | 192.168.11.20 | 0x1405 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:32.140337944 CEST | 8.8.8.8 | 192.168.11.20 | 0x5361 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:38.373121977 CEST | 8.8.8.8 | 192.168.11.20 | 0xd343 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:44.594331026 CEST | 8.8.8.8 | 192.168.11.20 | 0x9599 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:50.684278965 CEST | 8.8.8.8 | 192.168.11.20 | 0x3fd0 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:58:56.924204111 CEST | 8.8.8.8 | 192.168.11.20 | 0x8584 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:03.204742908 CEST | 8.8.8.8 | 192.168.11.20 | 0xdef1 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:09.475416899 CEST | 8.8.8.8 | 192.168.11.20 | 0xaffb | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:15.750709057 CEST | 8.8.8.8 | 192.168.11.20 | 0xc2d3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:21.897727013 CEST | 8.8.8.8 | 192.168.11.20 | 0x1515 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:27.969963074 CEST | 8.8.8.8 | 192.168.11.20 | 0xc95f | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:34.143362999 CEST | 8.8.8.8 | 192.168.11.20 | 0x9acd | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:40.408190966 CEST | 8.8.8.8 | 192.168.11.20 | 0x559 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:46.574675083 CEST | 8.8.8.8 | 192.168.11.20 | 0xc4c1 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:52.747231960 CEST | 8.8.8.8 | 192.168.11.20 | 0xc6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 22:59:58.808669090 CEST | 8.8.8.8 | 192.168.11.20 | 0x4d8a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:04.931792974 CEST | 8.8.8.8 | 192.168.11.20 | 0x3d98 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:11.056566954 CEST | 8.8.8.8 | 192.168.11.20 | 0xbdda | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:17.313097954 CEST | 8.8.8.8 | 192.168.11.20 | 0x3874 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:23.427269936 CEST | 8.8.8.8 | 192.168.11.20 | 0x67f3 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:29.534392118 CEST | 8.8.8.8 | 192.168.11.20 | 0x51a7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:35.663703918 CEST | 8.8.8.8 | 192.168.11.20 | 0xde6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:41.783401966 CEST | 8.8.8.8 | 192.168.11.20 | 0x4c97 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:47.920675039 CEST | 8.8.8.8 | 192.168.11.20 | 0x58f7 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:00:54.076555014 CEST | 8.8.8.8 | 192.168.11.20 | 0x2c4b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:00.154145002 CEST | 8.8.8.8 | 192.168.11.20 | 0x2640 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:06.323120117 CEST | 8.8.8.8 | 192.168.11.20 | 0x95ce | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:12.448194981 CEST | 8.8.8.8 | 192.168.11.20 | 0x423b | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:18.576674938 CEST | 8.8.8.8 | 192.168.11.20 | 0x9c89 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:24.695985079 CEST | 8.8.8.8 | 192.168.11.20 | 0x5b67 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:30.772237062 CEST | 8.8.8.8 | 192.168.11.20 | 0xc00f | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:36.942620993 CEST | 8.8.8.8 | 192.168.11.20 | 0x8eac | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:43.156709909 CEST | 8.8.8.8 | 192.168.11.20 | 0x1f0a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:49.470392942 CEST | 8.8.8.8 | 192.168.11.20 | 0xc6d6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:01:55.640096903 CEST | 8.8.8.8 | 192.168.11.20 | 0x5440 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:01.734304905 CEST | 8.8.8.8 | 192.168.11.20 | 0x1356 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:07.846244097 CEST | 8.8.8.8 | 192.168.11.20 | 0x6fea | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:13.979751110 CEST | 8.8.8.8 | 192.168.11.20 | 0x7db1 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:20.092257977 CEST | 8.8.8.8 | 192.168.11.20 | 0xd8f5 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:26.218049049 CEST | 8.8.8.8 | 192.168.11.20 | 0x2555 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:32.498123884 CEST | 8.8.8.8 | 192.168.11.20 | 0x6097 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:37.934736967 CEST | 8.8.8.8 | 192.168.11.20 | 0xfa72 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:44.036978960 CEST | 8.8.8.8 | 192.168.11.20 | 0xeea2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:50.223522902 CEST | 8.8.8.8 | 192.168.11.20 | 0xf5b6 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:02:56.419696093 CEST | 8.8.8.8 | 192.168.11.20 | 0x478f | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:02.518985033 CEST | 8.8.8.8 | 192.168.11.20 | 0xb6c2 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:08.643898010 CEST | 8.8.8.8 | 192.168.11.20 | 0x1c31 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:14.766194105 CEST | 8.8.8.8 | 192.168.11.20 | 0xca7d | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:20.888705969 CEST | 8.8.8.8 | 192.168.11.20 | 0x321a | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:27.013995886 CEST | 8.8.8.8 | 192.168.11.20 | 0x8b77 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:33.133816957 CEST | 8.8.8.8 | 192.168.11.20 | 0xcd8d | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:39.268352032 CEST | 8.8.8.8 | 192.168.11.20 | 0xb340 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:45.429908037 CEST | 8.8.8.8 | 192.168.11.20 | 0x33bf | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:51.506457090 CEST | 8.8.8.8 | 192.168.11.20 | 0xcb80 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:03:57.787252903 CEST | 8.8.8.8 | 192.168.11.20 | 0x1b80 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:04:04.032357931 CEST | 8.8.8.8 | 192.168.11.20 | 0x924d | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) | ||
| May 26, 2022 23:04:10.354782104 CEST | 8.8.8.8 | 192.168.11.20 | 0x9bd4 | No error (0) | 23.105.131.228 | A (IP address) | IN (0x0001) |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.11.20 | 49767 | 162.159.129.233 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2022-05-26 20:56:18 UTC | 0 | OUT | |
| 2022-05-26 20:56:18 UTC | 0 | IN | |
| 2022-05-26 20:56:18 UTC | 1 | IN | |
| 2022-05-26 20:56:18 UTC | 1 | IN | |
| 2022-05-26 20:56:18 UTC | 2 | IN | |
| 2022-05-26 20:56:18 UTC | 4 | IN | |
| 2022-05-26 20:56:18 UTC | 5 | IN | |
| 2022-05-26 20:56:18 UTC | 6 | IN | |
| 2022-05-26 20:56:18 UTC | 8 | IN | |
| 2022-05-26 20:56:18 UTC | 9 | IN | |
| 2022-05-26 20:56:18 UTC | 10 | IN | |
| 2022-05-26 20:56:18 UTC | 12 | IN | |
| 2022-05-26 20:56:18 UTC | 13 | IN | |
| 2022-05-26 20:56:18 UTC | 14 | IN | |
| 2022-05-26 20:56:18 UTC | 16 | IN | |
| 2022-05-26 20:56:18 UTC | 17 | IN | |
| 2022-05-26 20:56:18 UTC | 18 | IN | |
| 2022-05-26 20:56:18 UTC | 20 | IN | |
| 2022-05-26 20:56:18 UTC | 21 | IN | |
| 2022-05-26 20:56:18 UTC | 22 | IN | |
| 2022-05-26 20:56:18 UTC | 24 | IN | |
| 2022-05-26 20:56:18 UTC | 25 | IN | |
| 2022-05-26 20:56:18 UTC | 26 | IN | |
| 2022-05-26 20:56:18 UTC | 28 | IN | |
| 2022-05-26 20:56:18 UTC | 29 | IN | |
| 2022-05-26 20:56:18 UTC | 30 | IN | |
| 2022-05-26 20:56:18 UTC | 32 | IN | |
| 2022-05-26 20:56:18 UTC | 33 | IN | |
| 2022-05-26 20:56:18 UTC | 34 | IN | |
| 2022-05-26 20:56:18 UTC | 36 | IN | |
| 2022-05-26 20:56:18 UTC | 37 | IN | |
| 2022-05-26 20:56:18 UTC | 38 | IN | |
| 2022-05-26 20:56:18 UTC | 40 | IN | |
| 2022-05-26 20:56:18 UTC | 41 | IN | |
| 2022-05-26 20:56:18 UTC | 42 | IN | |
| 2022-05-26 20:56:18 UTC | 44 | IN | |
| 2022-05-26 20:56:18 UTC | 45 | IN | |
| 2022-05-26 20:56:18 UTC | 46 | IN | |
| 2022-05-26 20:56:18 UTC | 48 | IN | |
| 2022-05-26 20:56:18 UTC | 49 | IN | |
| 2022-05-26 20:56:18 UTC | 50 | IN | |
| 2022-05-26 20:56:18 UTC | 52 | IN | |
| 2022-05-26 20:56:18 UTC | 53 | IN | |
| 2022-05-26 20:56:18 UTC | 54 | IN | |
| 2022-05-26 20:56:18 UTC | 58 | IN | |
| 2022-05-26 20:56:18 UTC | 63 | IN | |
| 2022-05-26 20:56:18 UTC | 64 | IN | |
| 2022-05-26 20:56:18 UTC | 68 | IN | |
| 2022-05-26 20:56:18 UTC | 72 | IN | |
| 2022-05-26 20:56:18 UTC | 76 | IN | |
| 2022-05-26 20:56:18 UTC | 80 | IN | |
| 2022-05-26 20:56:18 UTC | 84 | IN | |
| 2022-05-26 20:56:18 UTC | 88 | IN | |
| 2022-05-26 20:56:18 UTC | 92 | IN | |
| 2022-05-26 20:56:18 UTC | 96 | IN | |
| 2022-05-26 20:56:18 UTC | 100 | IN | |
| 2022-05-26 20:56:18 UTC | 104 | IN | |
| 2022-05-26 20:56:18 UTC | 108 | IN | |
| 2022-05-26 20:56:18 UTC | 112 | IN | |
| 2022-05-26 20:56:18 UTC | 116 | IN | |
| 2022-05-26 20:56:18 UTC | 120 | IN | |
| 2022-05-26 20:56:18 UTC | 124 | IN | |
| 2022-05-26 20:56:18 UTC | 128 | IN | |
| 2022-05-26 20:56:18 UTC | 132 | IN | |
| 2022-05-26 20:56:18 UTC | 136 | IN | |
| 2022-05-26 20:56:18 UTC | 140 | IN | |
| 2022-05-26 20:56:18 UTC | 144 | IN | |
| 2022-05-26 20:56:18 UTC | 148 | IN | |
| 2022-05-26 20:56:18 UTC | 152 | IN | |
| 2022-05-26 20:56:18 UTC | 156 | IN | |
| 2022-05-26 20:56:18 UTC | 160 | IN | |
| 2022-05-26 20:56:18 UTC | 164 | IN | |
| 2022-05-26 20:56:18 UTC | 168 | IN | |
| 2022-05-26 20:56:18 UTC | 172 | IN | |
| 2022-05-26 20:56:18 UTC | 176 | IN | |
| 2022-05-26 20:56:18 UTC | 180 | IN | |
| 2022-05-26 20:56:18 UTC | 184 | IN | |
| 2022-05-26 20:56:18 UTC | 188 | IN | |
| 2022-05-26 20:56:18 UTC | 192 | IN | |
| 2022-05-26 20:56:18 UTC | 196 | IN | |
| 2022-05-26 20:56:18 UTC | 200 | IN |
Click to jump to process
| Target ID: | 2 |
| Start time: | 22:55:45 |
| Start date: | 26/05/2022 |
| Path: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.23037.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x400000 |
| File size: | 1000520 bytes |
| MD5 hash: | BE43B751BD103FE5A64B4E0AA7A30060 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Yara matches: |
|
| Reputation: | low |
| Target ID: | 4 |
| Start time: | 22:56:01 |
| Start date: | 26/05/2022 |
| Path: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Wow64 process (32bit): | true |
| Commandline: | |
| Imagebase: | 0x10000 |
| File size: | 106496 bytes |
| MD5 hash: | 7BAE06CBE364BB42B8C34FCFB90E3EBD |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | .Net C# or VB.NET |
| Yara matches: |
|
| Reputation: | moderate |
| Target ID: | 5 |
| Start time: | 22:56:01 |
| Start date: | 26/05/2022 |
| Path: | C:\Windows\System32\conhost.exe |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x7ff651080000 |
| File size: | 875008 bytes |
| MD5 hash: | 81CA40085FC75BABD2C91D18AA9FFA68 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | moderate |
⊘No disassembly