Edit tour
Windows
Analysis Report
dlawt.exe
Overview
General Information
Detection
NanoCore, GuLoader
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected GuLoader
Snort IDS alert for network traffic
Hides threads from debuggers
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- dlawt.exe (PID: 1892 cmdline:
"C:\Users\ user\Deskt op\dlawt.e xe" MD5: CF313A27BCEBA36C7FA863BA1E935676) - CasPol.exe (PID: 368 cmdline:
"C:\Users\ user\Deskt op\dlawt.e xe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 7160 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - schtasks.exe (PID: 3936 cmdline:
schtasks.e xe" /creat e /f /tn " DSL Monito r" /xml "C :\Users\us er\AppData \Local\Tem p\tmp7A08. tmp MD5: 478BEAEC1C3A9417272BC8964ADD1CEE) - conhost.exe (PID: 2400 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - schtasks.exe (PID: 6288 cmdline:
schtasks.e xe" /creat e /f /tn " DSL Monito r Task" /x ml "C:\Use rs\user\Ap pData\Loca l\Temp\tmp 7C99.tmp MD5: 478BEAEC1C3A9417272BC8964ADD1CEE) - conhost.exe (PID: 7540 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- CasPol.exe (PID: 5328 cmdline:
C:\Windows \Microsoft .NET\Frame work\v2.0. 50727\casp ol.exe 0 MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 5072 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- dslmon.exe (PID: 4028 cmdline:
"C:\Progra m Files (x 86)\DSL Mo nitor\dslm on.exe" 0 MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 888 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- dslmon.exe (PID: 1384 cmdline:
"C:\Progra m Files (x 86)\DSL Mo nitor\dslm on.exe" MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 5764 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Persistence and Installation Behavior |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
Timestamp: | 192.168.11.20137.63.71.514986139592025019 09/28/22-07:34:32.671694 |
SID: | 2025019 |
Source Port: | 49861 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985139592025019 09/28/22-07:33:34.715524 |
SID: | 2025019 |
Source Port: | 49851 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987139592025019 09/28/22-07:35:36.391773 |
SID: | 2025019 |
Source Port: | 49871 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989439592025019 09/28/22-07:37:50.410067 |
SID: | 2025019 |
Source Port: | 49894 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989139592025019 09/28/22-07:37:31.709636 |
SID: | 2025019 |
Source Port: | 49891 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984439592025019 09/28/22-07:32:57.005302 |
SID: | 2025019 |
Source Port: | 49844 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988139592025019 09/28/22-07:36:29.566940 |
SID: | 2025019 |
Source Port: | 49881 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987739592025019 09/28/22-07:36:06.040630 |
SID: | 2025019 |
Source Port: | 49877 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986739592025019 09/28/22-07:35:11.648652 |
SID: | 2025019 |
Source Port: | 49867 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990439592816766 09/28/22-07:38:53.131391 |
SID: | 2816766 |
Source Port: | 49904 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984739592025019 09/28/22-07:33:09.422159 |
SID: | 2025019 |
Source Port: | 49847 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985739592025019 09/28/22-07:34:06.613935 |
SID: | 2025019 |
Source Port: | 49857 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987139592816766 09/28/22-07:35:37.694051 |
SID: | 2816766 |
Source Port: | 49871 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989139592816766 09/28/22-07:37:32.996576 |
SID: | 2816766 |
Source Port: | 49891 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991739592816766 09/28/22-07:40:07.142646 |
SID: | 2816766 |
Source Port: | 49917 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991039592025019 09/28/22-07:39:22.327186 |
SID: | 2025019 |
Source Port: | 49910 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988139592816766 09/28/22-07:36:31.401253 |
SID: | 2816766 |
Source Port: | 49881 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990039592025019 09/28/22-07:38:27.665932 |
SID: | 2025019 |
Source Port: | 49900 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984839592816766 09/28/22-07:33:17.548675 |
SID: | 2816766 |
Source Port: | 49848 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985139592816766 09/28/22-07:33:36.010486 |
SID: | 2816766 |
Source Port: | 49851 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991739592025019 09/28/22-07:40:05.847728 |
SID: | 2025019 |
Source Port: | 49917 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985839592816766 09/28/22-07:34:14.363258 |
SID: | 2816766 |
Source Port: | 49858 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986139592816766 09/28/22-07:34:34.515238 |
SID: | 2816766 |
Source Port: | 49861 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989739592816766 09/28/22-07:38:10.805467 |
SID: | 2816766 |
Source Port: | 49897 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986839592816766 09/28/22-07:35:19.667834 |
SID: | 2816766 |
Source Port: | 49868 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988839592816766 09/28/22-07:37:14.298369 |
SID: | 2816766 |
Source Port: | 49888 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987839592816766 09/28/22-07:36:13.495948 |
SID: | 2816766 |
Source Port: | 49878 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984739592816766 09/28/22-07:33:11.271649 |
SID: | 2816766 |
Source Port: | 49847 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990639592025019 09/28/22-07:39:03.782754 |
SID: | 2025019 |
Source Port: | 49906 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991639592025019 09/28/22-07:39:59.664794 |
SID: | 2025019 |
Source Port: | 49916 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985439592025019 09/28/22-07:33:53.711667 |
SID: | 2025019 |
Source Port: | 49854 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985739592816766 09/28/22-07:34:07.936591 |
SID: | 2816766 |
Source Port: | 49857 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986439592025019 09/28/22-07:34:52.006915 |
SID: | 2025019 |
Source Port: | 49864 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986739592816766 09/28/22-07:35:12.944112 |
SID: | 2816766 |
Source Port: | 49867 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988739592816766 09/28/22-07:37:08.613787 |
SID: | 2816766 |
Source Port: | 49887 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990139592816766 09/28/22-07:38:35.212387 |
SID: | 2816766 |
Source Port: | 49901 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988439592025019 09/28/22-07:36:48.157564 |
SID: | 2025019 |
Source Port: | 49884 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987439592025019 09/28/22-07:35:48.778599 |
SID: | 2025019 |
Source Port: | 49874 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987739592816766 09/28/22-07:36:07.329674 |
SID: | 2816766 |
Source Port: | 49877 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991139592816766 09/28/22-07:39:29.771240 |
SID: | 2816766 |
Source Port: | 49911 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984839592025019 09/28/22-07:33:15.704466 |
SID: | 2025019 |
Source Port: | 49848 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985839592025019 09/28/22-07:34:13.071342 |
SID: | 2025019 |
Source Port: | 49858 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989239592816766 09/28/22-07:37:39.179510 |
SID: | 2816766 |
Source Port: | 49892 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989839592025019 09/28/22-07:38:15.231288 |
SID: | 2025019 |
Source Port: | 49898 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514992139592025019 09/28/22-07:40:30.575447 |
SID: | 2025019 |
Source Port: | 49921 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986539592025019 09/28/22-07:34:58.624111 |
SID: | 2025019 |
Source Port: | 49865 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987239592816766 09/28/22-07:35:43.852562 |
SID: | 2816766 |
Source Port: | 49872 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990039592816766 09/28/22-07:38:29.506939 |
SID: | 2816766 |
Source Port: | 49900 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514992039592816766 09/28/22-07:40:25.651593 |
SID: | 2816766 |
Source Port: | 49920 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990139592025019 09/28/22-07:38:33.930170 |
SID: | 2025019 |
Source Port: | 49901 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991139592025019 09/28/22-07:39:28.485341 |
SID: | 2025019 |
Source Port: | 49911 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987539592025019 09/28/22-07:35:53.721836 |
SID: | 2025019 |
Source Port: | 49875 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988239592816766 09/28/22-07:36:37.102195 |
SID: | 2816766 |
Source Port: | 49882 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991039592816766 09/28/22-07:39:23.613883 |
SID: | 2816766 |
Source Port: | 49910 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986539592816766 09/28/22-07:35:00.467445 |
SID: | 2816766 |
Source Port: | 49865 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987539592816766 09/28/22-07:35:55.008489 |
SID: | 2816766 |
Source Port: | 49875 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988539592025019 09/28/22-07:36:54.405917 |
SID: | 2025019 |
Source Port: | 49885 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991439592025019 09/28/22-07:39:47.210945 |
SID: | 2025019 |
Source Port: | 49914 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985539592816766 09/28/22-07:34:01.960430 |
SID: | 2816766 |
Source Port: | 49855 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989539592816766 09/28/22-07:37:58.451493 |
SID: | 2816766 |
Source Port: | 49895 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986239592816766 09/28/22-07:34:40.894645 |
SID: | 2816766 |
Source Port: | 49862 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989539592025019 09/28/22-07:37:56.611347 |
SID: | 2025019 |
Source Port: | 49895 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985239592816766 09/28/22-07:33:42.236724 |
SID: | 2816766 |
Source Port: | 49852 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988539592816766 09/28/22-07:36:55.691366 |
SID: | 2816766 |
Source Port: | 49885 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984239592816766 09/28/22-07:32:45.752995 |
SID: | 2816766 |
Source Port: | 49842 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990439592025019 09/28/22-07:38:51.273911 |
SID: | 2025019 |
Source Port: | 49904 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987639592025019 09/28/22-07:35:59.918218 |
SID: | 2025019 |
Source Port: | 49876 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987439592816766 09/28/22-07:35:49.136546 |
SID: | 2816766 |
Source Port: | 49874 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988439592816766 09/28/22-07:36:50.000586 |
SID: | 2816766 |
Source Port: | 49884 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988639592025019 09/28/22-07:37:00.607474 |
SID: | 2025019 |
Source Port: | 49886 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989639592025019 09/28/22-07:38:02.828628 |
SID: | 2025019 |
Source Port: | 49896 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989939592025019 09/28/22-07:38:21.464409 |
SID: | 2025019 |
Source Port: | 49899 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514992039592025019 09/28/22-07:40:24.359987 |
SID: | 2025019 |
Source Port: | 49920 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985439592816766 09/28/22-07:33:55.016289 |
SID: | 2816766 |
Source Port: | 49854 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986439592816766 09/28/22-07:34:53.301647 |
SID: | 2816766 |
Source Port: | 49864 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989439592816766 09/28/22-07:37:51.693463 |
SID: | 2816766 |
Source Port: | 49894 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988939592025019 09/28/22-07:37:19.212158 |
SID: | 2025019 |
Source Port: | 49889 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987939592025019 09/28/22-07:36:18.414249 |
SID: | 2025019 |
Source Port: | 49879 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990339592025019 09/28/22-07:38:45.052370 |
SID: | 2025019 |
Source Port: | 49903 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991339592025019 09/28/22-07:39:40.964800 |
SID: | 2025019 |
Source Port: | 49913 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984539592816766 09/28/22-07:33:04.507101 |
SID: | 2816766 |
Source Port: | 49845 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986939592025019 09/28/22-07:35:24.082364 |
SID: | 2025019 |
Source Port: | 49869 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 137.63.71.51192.168.11.203959498792841753 09/28/22-07:36:18.769615 |
SID: | 2841753 |
Source Port: | 3959 |
Destination Port: | 49879 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989339592816766 09/28/22-07:37:46.017957 |
SID: | 2816766 |
Source Port: | 49893 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985939592025019 09/28/22-07:34:19.581790 |
SID: | 2025019 |
Source Port: | 49859 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988739592025019 09/28/22-07:37:06.777474 |
SID: | 2025019 |
Source Port: | 49887 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984939592025019 09/28/22-07:33:22.083297 |
SID: | 2025019 |
Source Port: | 49849 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986339592816766 09/28/22-07:34:47.371741 |
SID: | 2816766 |
Source Port: | 49863 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989739592025019 09/28/22-07:38:08.967541 |
SID: | 2025019 |
Source Port: | 49897 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991239592025019 09/28/22-07:39:34.701330 |
SID: | 2025019 |
Source Port: | 49912 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984439592816766 09/28/22-07:32:58.844712 |
SID: | 2816766 |
Source Port: | 49844 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988839592025019 09/28/22-07:37:13.012736 |
SID: | 2025019 |
Source Port: | 49888 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986839592025019 09/28/22-07:35:17.817489 |
SID: | 2025019 |
Source Port: | 49868 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987839592025019 09/28/22-07:36:12.211007 |
SID: | 2025019 |
Source Port: | 49878 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988339592816766 09/28/22-07:36:43.312967 |
SID: | 2816766 |
Source Port: | 49883 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990239592025019 09/28/22-07:38:40.135284 |
SID: | 2025019 |
Source Port: | 49902 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989939592816766 09/28/22-07:38:22.747803 |
SID: | 2816766 |
Source Port: | 49899 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991539592025019 09/28/22-07:39:53.398528 |
SID: | 2025019 |
Source Port: | 49915 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986639592816766 09/28/22-07:35:06.415996 |
SID: | 2816766 |
Source Port: | 49866 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988939592816766 09/28/22-07:37:21.056763 |
SID: | 2816766 |
Source Port: | 49889 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985339592816766 09/28/22-07:33:48.725985 |
SID: | 2816766 |
Source Port: | 49853 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989639592816766 09/28/22-07:38:04.102624 |
SID: | 2816766 |
Source Port: | 49896 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984939592816766 09/28/22-07:33:23.366082 |
SID: | 2816766 |
Source Port: | 49849 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988639592816766 09/28/22-07:37:01.883031 |
SID: | 2816766 |
Source Port: | 49886 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987639592816766 09/28/22-07:36:01.203666 |
SID: | 2816766 |
Source Port: | 49876 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984339592816766 09/28/22-07:32:51.953878 |
SID: | 2816766 |
Source Port: | 49843 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990539592025019 09/28/22-07:38:57.519593 |
SID: | 2025019 |
Source Port: | 49905 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985939592816766 09/28/22-07:34:21.408193 |
SID: | 2816766 |
Source Port: | 49859 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991839592025019 09/28/22-07:40:11.972333 |
SID: | 2025019 |
Source Port: | 49918 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986939592816766 09/28/22-07:35:25.372861 |
SID: | 2816766 |
Source Port: | 49869 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990839592025019 09/28/22-07:39:09.986118 |
SID: | 2025019 |
Source Port: | 49908 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987939592816766 09/28/22-07:36:18.769843 |
SID: | 2816766 |
Source Port: | 49879 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984339592025019 09/28/22-07:32:50.673409 |
SID: | 2025019 |
Source Port: | 49843 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986639592025019 09/28/22-07:35:05.133446 |
SID: | 2025019 |
Source Port: | 49866 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985339592025019 09/28/22-07:33:47.442006 |
SID: | 2025019 |
Source Port: | 49853 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991839592816766 09/28/22-07:40:13.260540 |
SID: | 2816766 |
Source Port: | 49918 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989039592816766 09/28/22-07:37:27.321935 |
SID: | 2816766 |
Source Port: | 49890 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986339592025019 09/28/22-07:34:45.527258 |
SID: | 2025019 |
Source Port: | 49863 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988339592025019 09/28/22-07:36:42.018012 |
SID: | 2025019 |
Source Port: | 49883 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990239592816766 09/28/22-07:38:40.500745 |
SID: | 2816766 |
Source Port: | 49902 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991239592816766 09/28/22-07:39:36.540359 |
SID: | 2816766 |
Source Port: | 49912 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988039592816766 09/28/22-07:36:25.166202 |
SID: | 2816766 |
Source Port: | 49880 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990839592816766 09/28/22-07:39:11.826405 |
SID: | 2816766 |
Source Port: | 49908 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985039592816766 09/28/22-07:33:30.319682 |
SID: | 2816766 |
Source Port: | 49850 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991939592816766 09/28/22-07:40:19.390442 |
SID: | 2816766 |
Source Port: | 49919 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987039592816766 09/28/22-07:35:31.556486 |
SID: | 2816766 |
Source Port: | 49870 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989339592025019 09/28/22-07:37:44.176254 |
SID: | 2025019 |
Source Port: | 49893 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 137.63.71.51192.168.11.203959499022841753 09/28/22-07:38:40.500365 |
SID: | 2841753 |
Source Port: | 3959 |
Destination Port: | 49902 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986039592816766 09/28/22-07:34:27.380495 |
SID: | 2816766 |
Source Port: | 49860 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985539592025019 09/28/22-07:34:00.119636 |
SID: | 2025019 |
Source Port: | 49855 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984539592025019 09/28/22-07:33:03.223566 |
SID: | 2025019 |
Source Port: | 49845 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990939592816766 09/28/22-07:39:17.489933 |
SID: | 2816766 |
Source Port: | 49909 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991339592816766 09/28/22-07:39:42.252029 |
SID: | 2816766 |
Source Port: | 49913 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 137.63.71.51192.168.11.203959498742841753 09/28/22-07:35:49.136137 |
SID: | 2841753 |
Source Port: | 3959 |
Destination Port: | 49874 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990939592025019 09/28/22-07:39:16.204642 |
SID: | 2025019 |
Source Port: | 49909 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991639592816766 09/28/22-07:40:00.949557 |
SID: | 2816766 |
Source Port: | 49916 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990639592816766 09/28/22-07:39:05.076607 |
SID: | 2816766 |
Source Port: | 49906 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514984239592025019 09/28/22-07:32:44.468596 |
SID: | 2025019 |
Source Port: | 49842 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985239592025019 09/28/22-07:33:40.954696 |
SID: | 2025019 |
Source Port: | 49852 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986239592025019 09/28/22-07:34:39.027168 |
SID: | 2025019 |
Source Port: | 49862 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989839592816766 09/28/22-07:38:17.064875 |
SID: | 2816766 |
Source Port: | 49898 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988239592025019 09/28/22-07:36:35.816027 |
SID: | 2025019 |
Source Port: | 49882 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989239592025019 09/28/22-07:37:37.900323 |
SID: | 2025019 |
Source Port: | 49892 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987239592025019 09/28/22-07:35:42.562185 |
SID: | 2025019 |
Source Port: | 49872 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990339592816766 09/28/22-07:38:46.330043 |
SID: | 2816766 |
Source Port: | 49903 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514987039592025019 09/28/22-07:35:30.267402 |
SID: | 2025019 |
Source Port: | 49870 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991439592816766 09/28/22-07:39:48.485475 |
SID: | 2816766 |
Source Port: | 49914 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514985039592025019 09/28/22-07:33:28.388001 |
SID: | 2025019 |
Source Port: | 49850 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514989039592025019 09/28/22-07:37:25.477917 |
SID: | 2025019 |
Source Port: | 49890 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514986039592025019 09/28/22-07:34:26.085032 |
SID: | 2025019 |
Source Port: | 49860 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991939592025019 09/28/22-07:40:18.098612 |
SID: | 2025019 |
Source Port: | 49919 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514991539592816766 09/28/22-07:39:55.244956 |
SID: | 2816766 |
Source Port: | 49915 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514988039592025019 09/28/22-07:36:23.322072 |
SID: | 2025019 |
Source Port: | 49880 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20137.63.71.514990539592816766 09/28/22-07:38:59.406668 |
SID: | 2816766 |
Source Port: | 49905 |
Destination Port: | 3959 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
Source: | Avira: |
Source: | Static PE information: |
Source: | File opened: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: |
Source: | Static PE information: |
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Code function: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: |
Source: | File read: | Jump to behavior |
Source: | Code function: |
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: | ||
Source: | Security API names: |
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: | ||
Source: | Section loaded: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: |
Source: | File opened: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Code function: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Boot Survival |
---|
Source: | Process created: |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | Window / User API: | ||
Source: | Window / User API: | ||
Source: | Window / User API: |
Source: | Process information queried: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: | ||
Source: | Thread delayed: |
Source: | System information queried: |
Source: | API call chain: | ||
Source: | API call chain: |
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: | ||
Source: | File opened: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Thread information set: | ||
Source: | Thread information set: |
Source: | Code function: |
Source: | Code function: |
Source: | Process token adjusted: |
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: | ||
Source: | Code function: |
Source: | Process queried: | ||
Source: | Process queried: |
Source: | Code function: |
Source: | Memory allocated: |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Key value queried: |
Source: | Code function: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Scheduled Task/Job | 1 Scheduled Task/Job | 1 Access Token Manipulation | 1 Obfuscated Files or Information | LSASS Memory | 5 System Information Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | 1 Registry Run Keys / Startup Folder | 112 Process Injection | 1 Software Packing | Security Account Manager | 321 Security Software Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Scheduled Task/Job | 1 DLL Side-Loading | NTDS | 2 Process Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | 1 Registry Run Keys / Startup Folder | 2 Masquerading | LSA Secrets | 231 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 13 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 231 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 112 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Hidden Files and Directories | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
0% | Metadefender | Browse | ||
2% | ReversingLabs | |||
1% | Virustotal | Browse | ||
4% | Metadefender | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | ADWARE/Adware.Gen7 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.186.174 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.97 | true | false | high | |
doc-0g-38-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
137.63.71.51 | unknown | Seychelles | 32489 | AMANAHA-NEWCA | true | |
142.250.186.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.97 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 711461 |
Start date and time: | 2022-09-28 07:30:12 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | dlawt.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal96.troj.evad.winEXE@16/36@2/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
- TCP Packets have been reduced to 100
- Excluded domains from analysis (whitelisted): ecs.office.com, wdcpalt.microsoft.com, login.live.com, ctldl.windowsupdate.com, wdcp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
07:32:40 | Autostart | |
07:32:42 | Task Scheduler | |
07:32:42 | API Interceptor | |
07:32:44 | Task Scheduler | |
07:32:48 | Autostart | |
07:32:56 | Autostart |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 4.9674574626610895 |
Encrypted: | false |
SSDEEP: | 1536:6Mnt+J23KumyB/VWHsJwcabSMH2Bcj9uzhZvsWgk:6EtE23K8TWHsJra+MH2ajszhZvxgk |
MD5: | 7BAE06CBE364BB42B8C34FCFB90E3EBD |
SHA1: | 79129AF7EFA46244DA0676607242F0A6B7E12E78 |
SHA-256: | 6CEAEBD55B4A542EF64BE1D6971FCFE802E67E2027366C52FAACC8A8D325EC7A |
SHA-512: | C599B72500A5C17CD5C4A81FCF220A95925AA0E5AD72AA92DD1A469FE6E3C23590C548A0BE7EC2C4DBD737511A0A79C1C46436867CF7F0C4DF21F8DCEA9686CF |
Malicious: | false |
Antivirus: | |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\DSL Monitor\dslmon.exe |
File Type: | |
Category: | modified |
Size (bytes): | 20 |
Entropy (8bit): | 3.6841837197791887 |
Encrypted: | false |
SSDEEP: | 3:QHXMKas:Q3Las |
MD5: | B3AC9D09E3A47D5FD00C37E075A70ECB |
SHA1: | AD14E6D0E07B00BD10D77A06D68841B20675680B |
SHA-256: | 7A23C6E7CCD8811ECDF038D3A89D5C7D68ED37324BAE2D4954125D9128FA9432 |
SHA-512: | 09B609EE1061205AA45B3C954EFC6C1A03C8FD6B3011FF88CF2C060E19B1D7FD51EE0CB9D02A39310125F3A66AA0146261BDEE3D804F472034DF711BC942E316 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 282224 |
Entropy (8bit): | 6.702918344042925 |
Encrypted: | false |
SSDEEP: | 6144:1RlWobsEnfENQ+8m9+ubxlL5Y9CwTfFQ9:PX8NQ+8m9+ubxmRW9 |
MD5: | 513B092458E18C72D1847E8BF7C04B0D |
SHA1: | 6FFD43936CD2DC867A514CB14C093300EBD19E75 |
SHA-256: | 3F5C7B3C606717456E2F340F5293D1FDAED2831A041FB4B748E68CA0174333CD |
SHA-512: | 31A912037749F1C094643B0C093A73A1D7526DE8E9C2B50A6D8E0A7B47023780CD9D49C31222BF15326CAED657D185D7C9D68E1AF5769B5F25FF644E30AB34C7 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.890541747176257 |
Encrypted: | false |
SSDEEP: | 192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV |
MD5: | 75ED96254FBF894E42058062B4B4F0D1 |
SHA1: | 996503F1383B49021EB3427BC28D13B5BBD11977 |
SHA-256: | A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7 |
SHA-512: | 58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4 |
Malicious: | false |
Antivirus: | |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1319 |
Entropy (8bit): | 5.131285242271578 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mnJxtn:cbk4oL600QydbQxIYODOLedq3ZJj |
MD5: | 497F298FC157762F192A7C42854C6FB6 |
SHA1: | 04BEC630F5CC64EA17C0E3E780B3CCF15A35C6E0 |
SHA-256: | 3462CBE62FBB64FC53A0FCF97E43BAAFE9DD9929204F586A86AFE4B89D8048A6 |
SHA-512: | C7C6FD3097F4D1CCD313160FEDF7CB031644E0836B8C3E25481095E5F4B003759BC84FC6EA9421E3A090E66DC2FF875FEC2F394A386691AB178CB164733411B2 |
Malicious: | true |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1308 |
Entropy (8bit): | 5.102127682411616 |
Encrypted: | false |
SSDEEP: | 24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Rhxtn:cbk4oL600QydbQxIYODOLedq3Shj |
MD5: | EEEEC12536233E9353F6F2AA14EAA5D8 |
SHA1: | 61FEFDC5646ED69DF8D1CC2E24F8D5409AE90DA9 |
SHA-256: | 922551F7DCDA34B377E984CCDCC0F97BC4524599CAF715A2ACE06DB37923B5F3 |
SHA-512: | 944143921D0FD1A6C1A0FDA8163D4B311BA38E7ED2726A605F147C08D40578C47E5EC147A17458823C7A61B820950A906E31A383F87AEAE67D603260914FE392 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 248 |
Entropy (8bit): | 7.094528505897445 |
Encrypted: | false |
SSDEEP: | 6:X4LDAnybgCFcpJSQwP4d7r3l3TmKEt5mT1DhFtMhXvvHOxHB3GDq:X4LEnybgCFCtvd7bl3ThE4T19FtMhXvs |
MD5: | 061E700FE27D852034A5A44BF5985CCF |
SHA1: | 15B072DE6D6FDD92AE36F074345FA41985833E8D |
SHA-256: | 4BBB88AF530693EB4A710B0591D4BAF585837242C5690F5A821BF2FC9CC587CD |
SHA-512: | CF6C5458AB50C859740490985D1E7E887D1116F3FA947FF2EC49AF9997A42F3402C63EF42B93498544195D9859FBB19CCC295966564B30F5ADB4A36D4E8886C6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:9q:9q |
MD5: | 3271BBBA361F0B702E89DA2E496BF8E7 |
SHA1: | 461E5EB80E226485FC4643BA20B294A56783A4E6 |
SHA-256: | 285AD017A0CE85E11BB59E433FE4C6FC8FA7796C6D147A9E62DD2F753C6E5847 |
SHA-512: | 9758B187EEAC42223AB330385BA7372235E560013133E936E691DE326A8ACF837DD5880C56D80A03D9FAC5DCC58FB9B5AC680FE579D07543A0DF995576F5EDB3 |
Malicious: | true |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 56 |
Entropy (8bit): | 4.745141646068962 |
Encrypted: | false |
SSDEEP: | 3:oMty8WbSmm:oMLWumm |
MD5: | F781103B538E4159A8F01E3BE09B1F8D |
SHA1: | 27992585DE22A095BABCFD75E8F96710DD921C37 |
SHA-256: | BEA91983791C26C19AA411B2870E89AFC250EAF9855B6E1CE7BEA02B74E7F368 |
SHA-512: | D50AE0A01E74FC263B704FADE17CDF4993B61E34FD498827D546F090CE2DA5E8F24D4D34FBF360AE7EE5C5E7E3F032F3DDA8AD0C2A2CF0E1DAFEED61258AB4CA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Algae62\plkkers\Reputation\network-cellular-4g-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 544 |
Entropy (8bit): | 4.840636545565347 |
Encrypted: | false |
SSDEEP: | 12:t4CDqsLWbjUzkTWem7+0qoLIGYJJufPm3ioprGDRl+i:t4CdLWbjUgSl8sfPAnrGDRlN |
MD5: | 6CD1ED8B1D8500C9A1480425DA4282D6 |
SHA1: | F1B935DD259BCD198784C1C2FA6516230624C43B |
SHA-256: | FAD0ECD186B6DEC11FBB094876E7381B2A097E1EF9D641527E3295132410EF44 |
SHA-512: | 6BC432608A3630136E2E8E44F69A81B9C5F9FE479DA5DD3E35A77168A66F3C41D72DC0E49FB623E74B9527CF031FBBBE447213CE4C0FDFDA4A9AB41043997701 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\CoverEdCtrl.manifest
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 983 |
Entropy (8bit): | 5.440797719362896 |
Encrypted: | false |
SSDEEP: | 24:Jdt4VIWcqHQe22Hs7uYwL1z7m91q7LY7o94Iqw1q769C77o94Iqn+:3SIJeRXm9vowwXC/own+ |
MD5: | E70ABF046645F771B84F377FE86C6150 |
SHA1: | D05C4926656D80C1E3E34441BB1AAD6531FF3949 |
SHA-256: | E0257221F542666CFBCF5E9B9F0BF43A86BFBF363682586FF18AB77C2A76D4C4 |
SHA-512: | 34501A7A7F14EF655817439CD5F8F1EB8A00A9057F5423B516D21205BFC6C5120208C19710A973FAEE4AE65454EAF0099870734F0F02AC1D54991DF5BFD0C005 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Arbejdskraftproblemer\Lakridset.bmp
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 86238 |
Entropy (8bit): | 6.474378163731263 |
Encrypted: | false |
SSDEEP: | 1536:HZsCm1/4YEWvb8KSlLJY9xgt0AES8FBgih+RgS2xdW:+Cm1/VEQ8JmxgOAEfEJ6JQ |
MD5: | E74DE44364D6E680988FCDC9330819C6 |
SHA1: | 83F2BE7EC78921A46367208266BE672E013699A6 |
SHA-256: | 59713500232DE1455422E70BD5D77EC4DAFF2985A76A374DD60865A35F4C29BD |
SHA-512: | 909BD87C6EB242BAD068D7885169F614FC6CA9EC96C4A4801D806CE480CA7EA1883B6EBDFE0A75C9807FADE0021B24BC5529B6607C17C53084BA9FBA931F9B96 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Bacin\Besjlings\network-wireless-connected-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1364 |
Entropy (8bit): | 4.826941536649534 |
Encrypted: | false |
SSDEEP: | 24:t4Cf9xjMJtMCl/HBa2XtRYXI5hHTIPKeTyH2ISNdIIqqVVYSNeISNkN4AeWlGMyf:lPY/b7D5JFSs1SFSON4Ae3MQRf |
MD5: | 896D9A7F865BFDDFA0442C0B44E73F23 |
SHA1: | 6CB83C54EAADE1209F9877065C767BF1DC90B8A1 |
SHA-256: | 85500E1D92C70F203CCA0945D774CD35848120DB46C553ECF3F3D3858DDC2494 |
SHA-512: | E921924AE3041757A240CCE91E2C4455F043D9AB330B8FA8EABA21E4494427D25BE25D7CE8A6313DEE711F743EBAA0AC678D317F7AD83E0F092901D304D5ECD2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\audio-x-generic-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 6.350068028436895 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll/0xEq2j5+j61kca4OSpTC7qtl2BeKlirjjBbEqY:6v/lhPysSEq2sca4OKocrSVp |
MD5: | 79B7B2040BFDFF36BEC2D20F727DFC7E |
SHA1: | C31B14267B8B5DADC7151D82E8378D2CC5CB653A |
SHA-256: | 6B0807769D18D56DCC9AB666FC8A6F7160E9707C3BC02545EABDF16C5D4029B8 |
SHA-512: | 6E042161CF966ABB32840AD937F257CB893D513EC0E2CE663BCAB9A02B9639F8B38F359FF3C8EEDA522D76DB7F60C1068303FC66FE17742660D7E6D9C892DF26 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Baggesen\changes-prevent-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 998 |
Entropy (8bit): | 5.1868425916607555 |
Encrypted: | false |
SSDEEP: | 12:t4CP5GD09xmuPHoJdRnZopTi3b1USS0LLcXNo3F3iCydrkeYRAerAFFLAmP502Kp:t4CBGD0KvRW+Li+3FLyKbRAecFxV0/YK |
MD5: | 790B7AEF699FC380D50CFB583F09EF44 |
SHA1: | E8F31F4CC603DF24FF456271E8BEFEE8FBC588D6 |
SHA-256: | CD34406714AA8018144064852CE932016BE8FE06F1F0CEA06060B95F8E8E6D8E |
SHA-512: | C5674F4F9AE8D78AE0E239E7AE0FD156B75D21CA9D2216D2B851D3BCA8239CFD62414C2165A3BFEC71F997D9AFD08EC821D8233A745BBD756E0F908F830566B8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\dialog-information-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1626 |
Entropy (8bit): | 5.0762260088454605 |
Encrypted: | false |
SSDEEP: | 24:t4Cpl+6kKDPeexH0BqyKbRAecFxMGMZLxdOUyKbRAecFxMGM+pMc:V7lH0BqNtAecFJM3fNtAecFJMu |
MD5: | 1A31C93C41C667E8802FCC6B0DB782D3 |
SHA1: | 8436084E01D6B5D996A54D00E8AE95196865B928 |
SHA-256: | BA163884E8DBD085280F6D4FEF52AAB07A10CDC540E657B5AD16D9773FD31BBD |
SHA-512: | 7BCC9B6D0D3EE6D79A2AF8CCFA8734DF4AF5BCA6079110FA3B65FF10024A4F75C2BBCEF106086E36E4B3D293648EE4FBB23C4C49EA8EEBDBC84854DFCB4FF5EB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\drive-harddisk-solidstate-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 6.3462536867112 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBll/V2a02b5Ra2J6NJIMlbAytVqoL7+5KWtCYnscao:6v/lhPysma089QBbpqW7+oKs5HoE6Xjp |
MD5: | 5B6732EE14014007E6B0CAEB9AB35BAA |
SHA1: | 7F610426DD3E8560E4BFDDE6ECF8631068056B0E |
SHA-256: | 2E2BB0B7FD175718A6ED195A1C6F0D3D63AE0A23C75648BC5E8D86E6A738B839 |
SHA-512: | 8AEC8F1F1FA122EC4829D65C0135D0A50A788C26C289655520353316D2A11781FC962A71A7237067EF7EF0B08DAFE9516B7EF39681B2FC3F733CA2010112E256 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-download.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 575 |
Entropy (8bit): | 6.830970971637153 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0Z7HBwN1+swFIzkNqwnN14aVOX24G2uXGtIEsltGeBm65Yc:C0BqEZqQQRuXG5saexR |
MD5: | 576892D2CBC2392CDED574CF9F87E9A3 |
SHA1: | B7126CA4554CBAD5D3C76D3A4E6F4E62DB669D92 |
SHA-256: | 987E50BDB1019E60084F4BBAFCD4F942FCC7451FE40C82A7CEEB1AF56134634B |
SHA-512: | FEB9F46BBC9CD25FB6639E7B8E30BC3F3460A41D098C5CE2350B7B9134F163E7D63694D9F535944043A9B4E82885F714B2B5FC815CE41781EA9D9C4E8098C219 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-drag-accept-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1077 |
Entropy (8bit): | 5.095013943036629 |
Encrypted: | false |
SSDEEP: | 24:t4tp46o5VC669yLUDgEyKbRAecFxMGMaM+uRM96Kcm:ea69yL0JNtAecFJMj86K/ |
MD5: | BDC8C62FEE436EFB83F7D75400F81F31 |
SHA1: | 43DD187F46AD9D03DBE511C86C1F23C92AC66BCD |
SHA-256: | 2C754284C11A36DCEC407452C15B7DA77D6FA815B6F6F082D2DFB990CE9EFD83 |
SHA-512: | D3AF73024B8B6657145F0B680A03ED41BE5766D70CE5FFCC0834DB71CA309B522C4C8FD61122A51E9BE3B805CCC4D8CA6A9CD74BA77C5A2464342CE5FBA81465 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\folder-visiting.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 479 |
Entropy (8bit): | 7.424417664350709 |
Encrypted: | false |
SSDEEP: | 12:6v/7MEs8+zTCS6Fm0QqVI8FoWmlsV+qmw8pXAGsaFBbHWe1:KPEb6FmpqVI8Kbqm1Hb2e1 |
MD5: | 74938AFFF1F75F97D08AEB730F2698B7 |
SHA1: | F370B7705F844460D39489E5D1F2B15FE2F2A441 |
SHA-256: | A8A2D4FCD192CE5924032EFF47738B7A730A0C4DEED8C7C7E8ECD75932E063D0 |
SHA-512: | 0EF7E50D617D98D03DEF5F405CEBA8E7BDA21683F02C08635F30C204531E3CAAC6D861CCBC214C835952536553FC2E73414AE6E400FF0201A2A5416B74A8E115 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-bold-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 183 |
Entropy (8bit): | 6.003110793136093 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllTh9zFa7Z52Dkh4FdXeqepOl/7tPAc08XIEh64Za:6v/lhPys9zFwHC1FdXeqe4/5dJYEup |
MD5: | F7DA2995933D894BDE84BCBFC78CC767 |
SHA1: | 6B5808CC30A2366D3258F79C6719EB1C5C6FFB37 |
SHA-256: | EB0C26BA06BBA9D9980D1DDEA031141E5491931B8CAC5221B69FF2593A21F398 |
SHA-512: | 58848192C7DBFFBEB6F3ACC56384089DDE9ADFAE31946AC5F66AA8593AF2A4BE411EEF06E225011B36CB9FA4EB8B3705E4D2404BCBB51C3885D8EB672E011C6B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\format-text-direction-symbolic-rtl.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1503 |
Entropy (8bit): | 5.15394138748218 |
Encrypted: | false |
SSDEEP: | 24:t4CBGMMAhONiWGzFk1wgaqV4AeW0WRjgnRcG1IoAeW0ayyKbRAecFxV0L:gMmklOV4AeIRjacYIoAeQyNtAecFu |
MD5: | 1C15A6D0FA6065F5004770EA2876B446 |
SHA1: | BFDB465A2FC2B8BA60FC9BEE5CB03D65156F1D20 |
SHA-256: | DC5A830CBB258F5B7EB5422C7059F6A0578821D9549A9603CA3C22E4749B6F80 |
SHA-512: | 02309FE57B9CA42D65FA9C4B93FCB6A003D698D0FC47EF03EEFCDA0163B7C715FC6438A3CED7164839EED3412EC40BA1CF35B88AF0A40D7774B93BE7F1879F6C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\go-previous-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 665 |
Entropy (8bit): | 4.455633152585391 |
Encrypted: | false |
SSDEEP: | 12:TMHdPnnl/nu3tlnpZo4iL+o0JWlzkmvtoWlz9vtoWlzKzmdwWlzFzmdwWlM:2dPnnxu3tlTtiL+rJPmvto0vtojzmdw6 |
MD5: | D3329B3FDCE276378BC23A2B04EFF6FA |
SHA1: | 1DF694D08D03F1C7C86AB6234507A9364EC5C4E8 |
SHA-256: | 0D26FB049E369AAD5E7ED901B3A255317A4A465008E89026FDE9F624124E2599 |
SHA-512: | 2C4624461FAC6CD5093B8B7818DA17B909A302A216364ABCDD467131EA2C49E2BDCA3E546F69030E4812439F86986F747688EA0F9732CAE053F697A8C3F08B0D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\idxcaption.xsl
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2055 |
Entropy (8bit): | 5.043971370492221 |
Encrypted: | false |
SSDEEP: | 48:iKmpXgIxs4ZL4Y8PsJmbW2KCkwR2+n+PfeWBvQFUijkv:irXvuqL4xJbWrCkwR2++HvBApa |
MD5: | 36DDA7FDA9AA693064A3E03F9619EABC |
SHA1: | 23385157B7C151A28582043097325BFE9A383A33 |
SHA-256: | DF70D7483EB94C2CB50FB27B838041732154D0EA74A3885199376083D103E9E1 |
SHA-512: | C89708B401E479A983471401E9118B80753E5CAF0B2B70C2D4B492BC0AD6F5BDFF83BD1B0B2592AF12553578535132C81CA944B5932397982EF6F2D8523B60F0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playback-stop-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 195 |
Entropy (8bit): | 4.922475588787923 |
Encrypted: | false |
SSDEEP: | 6:TMVBd/6o8GUYl/n7S3mc4slZRI/YF2tSKlNK+:TMHdPnnl/nu3i/YF2dlj |
MD5: | 51515176E0822E6A950F00D9D9D706C7 |
SHA1: | EAAE28C48278ACD0F21E151D7F0EEF081A0BF1C2 |
SHA-256: | 2E2C14E0596E4025CED6E6AD5E1F4234A5571133D13F21DDBA129EB0E9888D84 |
SHA-512: | 634737D9C8623D7C09A6AC5FD76CA8B2FBB2F1D808DB602F6F86A925F528BC0A0C2C075833881B870C85D34198AE2327A7DAF79256E329C243E9DAC7934C42EA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\media-playlist-repeat.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 393 |
Entropy (8bit): | 7.253224688299237 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPWjkm5nci9pR622u0WcKb36FQAYmzNPr+j3gh75lW4Y9LJkPSGzaujp:6v/7ykGP/R622uJQYmzNc3stULgSGz3 |
MD5: | 159F75D26486E9FEEDA93F57380803D0 |
SHA1: | 9CFCDF5399F93583658FABD4831BE1A77594B05D |
SHA-256: | 5E00C886D17CD45CF0B98961D9B3B8D74724F71FEB5B4B8B257903F991340289 |
SHA-512: | 477FC795A7C786EF4BF52636776A5DE983126F5E85907FB3B17E451E7E76CC3FBEF2F9A585012DDDAC74F43B0D3F0FB24A66D21E330E6725A440FB7DFE68BFA7 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Buyback\preguiltiness\Hydroxytryptamine\Forlben\mmapwarm.c
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3303 |
Entropy (8bit): | 5.0267368816625755 |
Encrypted: | false |
SSDEEP: | 96:mJC/HOLCKr1SGSU7RD5y/ArM1dE912magaMz8l4XL:mSOLCeSGS23y/ArwdE912AaMz8mXL |
MD5: | EEF073B3246F0DFEB5DFCA21FC26E751 |
SHA1: | 619609A2D26F70F5FD48B3AA8CFA70D5D3766C33 |
SHA-256: | 8F65C71523910F166045BF312572139EE37E205D004EC7DAD18F9927DDF93242 |
SHA-512: | B2D9531BFF572CC87858E95FEB6AC1BF975014E3100BB5C94D3DCD47F32F17BE4AB1ECF676F0D6B912B26EC71C4482D95805FE3B0D72367F6BA3B2C83DD5D63D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\Isdkkede\Charterrejsens\phone-apple-iphone-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 247 |
Entropy (8bit): | 4.812199066635378 |
Encrypted: | false |
SSDEEP: | 6:tI9mc4slzcWER4LtmRRRHczezSms2uP2/v2dz15OfF37G+Kb0/:t4CDqLE8iuaTH2S9A0/ |
MD5: | 012B484EB1808137F586C2FB7AA4BA8B |
SHA1: | 2C806A12C553CF553FBCFEE0A838EF471E0C3C71 |
SHA-256: | 8B7E4A5DFE6BE00896C2DFA8F4B0D8FA518AD6D14863FAED6F78F8A5F3CEE227 |
SHA-512: | 4D34C17973FAEF9765B26AB7029594FBC8841297369A6BEEFBB500D699C0FCA0697EC843351F63E83A6868380117805DC9523E45BB1318D446BD18941DF6BD6A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\preferences-desktop-theme.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 768 |
Entropy (8bit): | 7.659464891968236 |
Encrypted: | false |
SSDEEP: | 12:6v/7Eu8VOALuh4OxDgp/mAH70oNchloqoO2NwGqEtuDCwjhNSZnNDqffLmVkLCn2:W8VOALuhM/m2yhl1oOGFtuFjMNOEkLC2 |
MD5: | 22BCEE5BDAEA3CE17736D209364FA9EB |
SHA1: | E55FBBE241AED99FBBD4C400DCA8F2A4DBA60484 |
SHA-256: | 9ACE40195DF0349BCE92B4C66360AD490F2BD6DD8A20286F329894311E881E58 |
SHA-512: | 20968CEABB5094E350A232FFF9D017C07C1DA986A1371B4561E2CC4BAE5AC631A7FF7EDC53CAB0E9E7E55FF626FF4C4CD071334AECCB306B4B0ED31166A26FDD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\text-x-generic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 535 |
Entropy (8bit): | 6.729117073271159 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0ZKjCVdCyzM8OYSdMA4jT7MzhgkX9Ba0u9:C0oCHMU5AmT7i29 |
MD5: | FB3685DADAC64A7FF12E32A42A21C63A |
SHA1: | 81C46DFAB337E1AB02130316299A23C561472EE5 |
SHA-256: | 99E5ADC5223AF5CDBB7BC70DA279DC9361AF8D130999F25DF7619AE8AFE546FF |
SHA-512: | 5DD0698358DDDC16E24E5719E893BDB35E2B45AF7096709190B60DA0408AF708FD66D7E0BB7D710A327168281658E6B11E391B53A5C45644A482AE7CB1F2C659 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\user-offline.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 589 |
Entropy (8bit): | 7.569592468279548 |
Encrypted: | false |
SSDEEP: | 12:6v/773gFN49te3X6GMop9P9sbgLVeMCJtgrsjztvVnSPKa0q:auQU7p9P9F8MCXg8tdntq |
MD5: | B284550BD073CA666718742CFB1FEF48 |
SHA1: | D4DB8DB0D76A3CCB04343C6304EB171014180960 |
SHA-256: | 0C53C237C34B3AF57C8D4613A95C32E6E7932D99444FB2B573233C16151B70F6 |
SHA-512: | F26A3D6D80D6983D0E26101ABDC90691D9FE9C24874BB67A0748E9120F7AE6C651F62C2E025A038FB497DA8C1558BF1E2D803BA9FDFAF9B69D82DE5D2F25D657 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Begravedes\Viewer\Rammedes\view-wrapped-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\dlawt.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 208 |
Entropy (8bit): | 6.421066289233811 |
Encrypted: | false |
SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllUxz3kooRKoNUOGIFVHR70DsyLkdFJfQWulhSzW/:6v/lhPysMfZIvHt0DHkTJfylh+fHqp |
MD5: | 05163D4844014A964497BFC51FCF417E |
SHA1: | FFAF4C7AFE0299467846B874992D634FBD4FA437 |
SHA-256: | 3EDEACF6ED0DD60A70B4D7ED1C4505932785F2E008D2FB5F0B53FB71C122676C |
SHA-512: | 43C7E5CBE38B6CA36387A0C11BA07082AB950B086379538101F741A292A18A528E7BE089DAC70A1CE0C78B3D59F85774546D357F3A7B3FF11DFDE43CE4EC939D |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\DSL Monitor\dslmon.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 185 |
Entropy (8bit): | 5.034626781445821 |
Encrypted: | false |
SSDEEP: | 3:RGXKRjN3Mxm8d/AjhclROXDD9jmKXVM8/FOoDamdquKdFklY7KeMZ4MKLJFcLEWW:zx3M7ucLOdBXVNYmdPqFlKeM6MKnH5JB |
MD5: | 4725698412C19360ACD1EA81E7B40728 |
SHA1: | FCF42E7B909F01E44493D79FC586109F7397BEA6 |
SHA-256: | 43AD382BF0558F719D3F995F719ABC1E0134AA14304BC4D45ACCC87E767751B8 |
SHA-512: | 5175BF2F383F87204405A512635926D75D3ADD3641F731C9D8909C306C4EFA0F5C03470F4051B87B2BFFF77E0C7E50159B8350F2B954A22DE1FAE3F36F214948 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.702939705302498 |
TrID: |
|
File name: | dlawt.exe |
File size: | 282224 |
MD5: | cf313a27bceba36c7fa863ba1e935676 |
SHA1: | 4ff90062880efe58e6e26ded7f166c5786e201db |
SHA256: | d4fba0fc4c7c1335a5b6be72e575a2a9a400a5fd9b0aed69389d4bba8fac7527 |
SHA512: | 2f3608b90bbec011c4b5e659029166c3b8a2c7dccd30f7ca9da00897beef920060c9767e971010997b8edd2a0196e8d7acef8f048be0e1845d29dfc948c81f63 |
SSDEEP: | 6144:ORlWobsEnfENQ+8m9+ubxlL5Y9CwTfFQ9:+X8NQ+8m9+ubxmRW9 |
TLSH: | 6854D003FB8CC85BCD2509301272EA7996B5EEB41EB54B037E5D763EAC7B2428D1A315 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....oZ.................d...*..... |
Icon Hash: | f2e1e1e1e29ce439 |
Entrypoint: | 0x403359 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x5A6FED2E [Tue Jan 30 03:57:34 2018 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
Signature Valid: | false |
Signature Issuer: | OU="Flyvecertifikats Marantic ", E=Gennemgaar@Ethylamime96.Ch, O=ballelssere, L=Angers, S=Pays de la Loire, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2F2B34B547CC3D81835478C9667E4758 |
Thumbprint SHA-1: | C5566AA56BE27344FAE7A4A69F9E003360E7BF45 |
Thumbprint SHA-256: | E5781D4CFF5055733247474BECD116042294D0C169F0F5470CD1C7467C0C12F4 |
Serial: | 3772290E2FB31093 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080A8h] |
call dword ptr [004080A4h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042A20Ch], eax |
je 00007F545500F443h |
push ebx |
call 00007F54550126F5h |
cmp eax, ebx |
je 00007F545500F439h |
push 00000C00h |
call eax |
mov esi, 004082B0h |
push esi |
call 00007F545501266Fh |
push esi |
call dword ptr [00408150h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007F545500F41Ch |
push 0000000Ah |
call 00007F54550126C8h |
push 00000008h |
call 00007F54550126C1h |
push 00000006h |
mov dword ptr [0042A204h], eax |
call 00007F54550126B5h |
cmp eax, ebx |
je 00007F545500F441h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F545500F439h |
or byte ptr [0042A20Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [004082A0h] |
mov dword ptr [0042A2D8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 004216A8h |
call dword ptr [00408188h] |
push 0040A2C8h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x59000 | 0x284b8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x43028 | 0x1e48 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x62a5 | 0x6400 | False | 0.658984375 | data | 6.431390019180314 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x138e | 0x1400 | False | 0.4509765625 | data | 5.146454805063938 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20318 | 0x600 | False | 0.4928385416666667 | data | 3.90464114821524 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2b000 | 0x2e000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x59000 | 0x284b8 | 0x28600 | False | 0.46781274187306504 | data | 5.678738189394348 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x59388 | 0x10828 | dBase IV DBT, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x69bb0 | 0x94a8 | data | English | United States |
RT_ICON | 0x73058 | 0x5488 | data | English | United States |
RT_ICON | 0x784e0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 224, next used block 4279173120 | English | United States |
RT_ICON | 0x7c708 | 0x25a8 | data | English | United States |
RT_ICON | 0x7ecb0 | 0x10a8 | data | English | United States |
RT_ICON | 0x7fd58 | 0x988 | data | English | United States |
RT_ICON | 0x806e0 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x80b48 | 0xb8 | data | English | United States |
RT_DIALOG | 0x80c00 | 0x100 | data | English | United States |
RT_DIALOG | 0x80d00 | 0x11c | data | English | United States |
RT_DIALOG | 0x80e20 | 0xc4 | data | English | United States |
RT_DIALOG | 0x80ee8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x80f48 | 0x76 | data | English | United States |
RT_VERSION | 0x80fc0 | 0x1b4 | data | English | United States |
RT_MANIFEST | 0x81178 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.20137.63.71.514986139592025019 09/28/22-07:34:32.671694 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49861 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985139592025019 09/28/22-07:33:34.715524 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49851 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987139592025019 09/28/22-07:35:36.391773 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49871 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989439592025019 09/28/22-07:37:50.410067 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49894 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989139592025019 09/28/22-07:37:31.709636 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49891 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984439592025019 09/28/22-07:32:57.005302 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49844 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988139592025019 09/28/22-07:36:29.566940 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49881 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987739592025019 09/28/22-07:36:06.040630 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49877 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986739592025019 09/28/22-07:35:11.648652 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49867 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990439592816766 09/28/22-07:38:53.131391 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49904 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984739592025019 09/28/22-07:33:09.422159 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49847 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985739592025019 09/28/22-07:34:06.613935 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49857 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987139592816766 09/28/22-07:35:37.694051 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49871 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989139592816766 09/28/22-07:37:32.996576 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49891 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991739592816766 09/28/22-07:40:07.142646 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49917 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991039592025019 09/28/22-07:39:22.327186 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49910 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988139592816766 09/28/22-07:36:31.401253 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49881 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990039592025019 09/28/22-07:38:27.665932 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49900 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984839592816766 09/28/22-07:33:17.548675 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49848 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985139592816766 09/28/22-07:33:36.010486 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49851 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991739592025019 09/28/22-07:40:05.847728 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49917 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985839592816766 09/28/22-07:34:14.363258 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49858 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986139592816766 09/28/22-07:34:34.515238 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49861 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989739592816766 09/28/22-07:38:10.805467 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49897 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986839592816766 09/28/22-07:35:19.667834 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49868 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988839592816766 09/28/22-07:37:14.298369 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49888 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987839592816766 09/28/22-07:36:13.495948 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49878 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984739592816766 09/28/22-07:33:11.271649 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49847 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990639592025019 09/28/22-07:39:03.782754 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49906 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991639592025019 09/28/22-07:39:59.664794 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49916 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985439592025019 09/28/22-07:33:53.711667 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49854 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985739592816766 09/28/22-07:34:07.936591 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49857 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986439592025019 09/28/22-07:34:52.006915 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49864 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986739592816766 09/28/22-07:35:12.944112 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49867 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988739592816766 09/28/22-07:37:08.613787 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49887 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990139592816766 09/28/22-07:38:35.212387 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49901 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988439592025019 09/28/22-07:36:48.157564 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49884 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987439592025019 09/28/22-07:35:48.778599 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49874 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987739592816766 09/28/22-07:36:07.329674 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49877 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991139592816766 09/28/22-07:39:29.771240 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49911 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984839592025019 09/28/22-07:33:15.704466 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49848 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985839592025019 09/28/22-07:34:13.071342 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49858 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989239592816766 09/28/22-07:37:39.179510 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49892 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989839592025019 09/28/22-07:38:15.231288 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49898 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514992139592025019 09/28/22-07:40:30.575447 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49921 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986539592025019 09/28/22-07:34:58.624111 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49865 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987239592816766 09/28/22-07:35:43.852562 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49872 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990039592816766 09/28/22-07:38:29.506939 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49900 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514992039592816766 09/28/22-07:40:25.651593 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49920 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990139592025019 09/28/22-07:38:33.930170 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49901 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991139592025019 09/28/22-07:39:28.485341 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49911 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987539592025019 09/28/22-07:35:53.721836 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49875 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988239592816766 09/28/22-07:36:37.102195 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49882 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991039592816766 09/28/22-07:39:23.613883 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49910 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986539592816766 09/28/22-07:35:00.467445 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49865 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987539592816766 09/28/22-07:35:55.008489 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49875 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988539592025019 09/28/22-07:36:54.405917 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49885 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991439592025019 09/28/22-07:39:47.210945 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49914 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985539592816766 09/28/22-07:34:01.960430 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49855 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989539592816766 09/28/22-07:37:58.451493 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49895 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986239592816766 09/28/22-07:34:40.894645 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49862 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989539592025019 09/28/22-07:37:56.611347 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49895 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985239592816766 09/28/22-07:33:42.236724 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49852 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988539592816766 09/28/22-07:36:55.691366 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49885 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984239592816766 09/28/22-07:32:45.752995 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49842 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990439592025019 09/28/22-07:38:51.273911 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49904 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987639592025019 09/28/22-07:35:59.918218 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49876 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987439592816766 09/28/22-07:35:49.136546 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49874 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988439592816766 09/28/22-07:36:50.000586 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49884 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988639592025019 09/28/22-07:37:00.607474 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49886 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989639592025019 09/28/22-07:38:02.828628 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49896 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989939592025019 09/28/22-07:38:21.464409 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49899 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514992039592025019 09/28/22-07:40:24.359987 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49920 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985439592816766 09/28/22-07:33:55.016289 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49854 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986439592816766 09/28/22-07:34:53.301647 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49864 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989439592816766 09/28/22-07:37:51.693463 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49894 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988939592025019 09/28/22-07:37:19.212158 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49889 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987939592025019 09/28/22-07:36:18.414249 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49879 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990339592025019 09/28/22-07:38:45.052370 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49903 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991339592025019 09/28/22-07:39:40.964800 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49913 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984539592816766 09/28/22-07:33:04.507101 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49845 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986939592025019 09/28/22-07:35:24.082364 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49869 | 3959 | 192.168.11.20 | 137.63.71.51 |
137.63.71.51192.168.11.203959498792841753 09/28/22-07:36:18.769615 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 3959 | 49879 | 137.63.71.51 | 192.168.11.20 |
192.168.11.20137.63.71.514989339592816766 09/28/22-07:37:46.017957 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49893 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985939592025019 09/28/22-07:34:19.581790 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49859 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988739592025019 09/28/22-07:37:06.777474 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49887 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984939592025019 09/28/22-07:33:22.083297 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49849 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986339592816766 09/28/22-07:34:47.371741 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49863 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989739592025019 09/28/22-07:38:08.967541 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49897 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991239592025019 09/28/22-07:39:34.701330 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49912 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984439592816766 09/28/22-07:32:58.844712 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49844 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988839592025019 09/28/22-07:37:13.012736 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49888 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986839592025019 09/28/22-07:35:17.817489 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49868 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987839592025019 09/28/22-07:36:12.211007 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49878 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988339592816766 09/28/22-07:36:43.312967 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49883 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990239592025019 09/28/22-07:38:40.135284 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49902 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989939592816766 09/28/22-07:38:22.747803 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49899 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991539592025019 09/28/22-07:39:53.398528 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49915 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986639592816766 09/28/22-07:35:06.415996 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49866 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988939592816766 09/28/22-07:37:21.056763 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49889 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985339592816766 09/28/22-07:33:48.725985 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49853 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989639592816766 09/28/22-07:38:04.102624 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49896 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984939592816766 09/28/22-07:33:23.366082 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49849 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988639592816766 09/28/22-07:37:01.883031 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49886 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987639592816766 09/28/22-07:36:01.203666 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49876 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984339592816766 09/28/22-07:32:51.953878 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49843 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990539592025019 09/28/22-07:38:57.519593 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49905 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985939592816766 09/28/22-07:34:21.408193 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49859 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991839592025019 09/28/22-07:40:11.972333 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49918 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986939592816766 09/28/22-07:35:25.372861 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49869 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990839592025019 09/28/22-07:39:09.986118 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49908 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987939592816766 09/28/22-07:36:18.769843 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49879 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984339592025019 09/28/22-07:32:50.673409 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49843 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986639592025019 09/28/22-07:35:05.133446 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49866 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985339592025019 09/28/22-07:33:47.442006 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49853 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991839592816766 09/28/22-07:40:13.260540 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49918 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989039592816766 09/28/22-07:37:27.321935 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49890 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986339592025019 09/28/22-07:34:45.527258 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49863 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988339592025019 09/28/22-07:36:42.018012 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49883 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990239592816766 09/28/22-07:38:40.500745 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49902 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991239592816766 09/28/22-07:39:36.540359 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49912 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988039592816766 09/28/22-07:36:25.166202 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49880 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990839592816766 09/28/22-07:39:11.826405 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49908 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985039592816766 09/28/22-07:33:30.319682 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49850 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991939592816766 09/28/22-07:40:19.390442 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49919 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987039592816766 09/28/22-07:35:31.556486 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49870 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989339592025019 09/28/22-07:37:44.176254 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49893 | 3959 | 192.168.11.20 | 137.63.71.51 |
137.63.71.51192.168.11.203959499022841753 09/28/22-07:38:40.500365 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 3959 | 49902 | 137.63.71.51 | 192.168.11.20 |
192.168.11.20137.63.71.514986039592816766 09/28/22-07:34:27.380495 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49860 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985539592025019 09/28/22-07:34:00.119636 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49855 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984539592025019 09/28/22-07:33:03.223566 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49845 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990939592816766 09/28/22-07:39:17.489933 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49909 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991339592816766 09/28/22-07:39:42.252029 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49913 | 3959 | 192.168.11.20 | 137.63.71.51 |
137.63.71.51192.168.11.203959498742841753 09/28/22-07:35:49.136137 | TCP | 2841753 | ETPRO TROJAN NanoCore RAT Keep-Alive Beacon (Inbound) | 3959 | 49874 | 137.63.71.51 | 192.168.11.20 |
192.168.11.20137.63.71.514990939592025019 09/28/22-07:39:16.204642 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49909 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991639592816766 09/28/22-07:40:00.949557 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49916 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990639592816766 09/28/22-07:39:05.076607 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49906 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514984239592025019 09/28/22-07:32:44.468596 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49842 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985239592025019 09/28/22-07:33:40.954696 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49852 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986239592025019 09/28/22-07:34:39.027168 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49862 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989839592816766 09/28/22-07:38:17.064875 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49898 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988239592025019 09/28/22-07:36:35.816027 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49882 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989239592025019 09/28/22-07:37:37.900323 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49892 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987239592025019 09/28/22-07:35:42.562185 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49872 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990339592816766 09/28/22-07:38:46.330043 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49903 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514987039592025019 09/28/22-07:35:30.267402 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49870 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991439592816766 09/28/22-07:39:48.485475 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49914 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514985039592025019 09/28/22-07:33:28.388001 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49850 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514989039592025019 09/28/22-07:37:25.477917 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49890 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514986039592025019 09/28/22-07:34:26.085032 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49860 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991939592025019 09/28/22-07:40:18.098612 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49919 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514991539592816766 09/28/22-07:39:55.244956 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49915 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514988039592025019 09/28/22-07:36:23.322072 | TCP | 2025019 | ET TROJAN Possible NanoCore C2 60B | 49880 | 3959 | 192.168.11.20 | 137.63.71.51 |
192.168.11.20137.63.71.514990539592816766 09/28/22-07:38:59.406668 | TCP | 2816766 | ETPRO TROJAN NanoCore RAT CnC 7 | 49905 | 3959 | 192.168.11.20 | 137.63.71.51 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2022 07:32:39.655810118 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.655888081 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.656008959 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.676248074 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.676307917 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.728712082 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.728899002 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.730320930 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.730483055 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.835875034 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.835936069 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.836652040 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:39.836896896 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.840415955 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:39.882549047 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:40.737853050 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:40.738078117 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:40.738157988 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:40.738343000 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:40.738395929 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:40.738868952 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:40.738938093 CEST | 443 | 49840 | 142.250.186.174 | 192.168.11.20 |
Sep 28, 2022 07:32:40.739052057 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:40.739089966 CEST | 49840 | 443 | 192.168.11.20 | 142.250.186.174 |
Sep 28, 2022 07:32:40.852314949 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.852400064 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.852600098 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.852950096 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.853003025 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.898561954 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.898710012 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.898781061 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.900093079 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.900326967 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.903901100 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.903918028 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.904175043 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:40.904370070 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.904737949 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:40.946564913 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.287677050 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.287832975 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.287920952 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.287966967 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.287993908 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.288150072 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.288177967 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.288876057 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.289129972 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.289643049 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.289901972 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.289946079 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.290232897 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.292768955 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.292984009 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.296344042 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.296598911 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.296649933 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.296895027 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.297806978 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298110962 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298134089 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.298161983 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298410892 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298552036 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298607111 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.298640013 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.298650980 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.298800945 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.298918009 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.299118042 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.299304962 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.299345970 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.299674034 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.299715042 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.300033092 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.300074100 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.300271034 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.300306082 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.300548077 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.300601959 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.300894976 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.300939083 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.301136017 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.301163912 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.301188946 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.301460981 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.301909924 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.302118063 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.302165985 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.302413940 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.302448034 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.302644014 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.302695036 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.302895069 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.302932024 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.303277969 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.303325891 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Sep 28, 2022 07:32:41.303586006 CEST | 49841 | 443 | 192.168.11.20 | 142.250.186.97 |
Sep 28, 2022 07:32:41.303756952 CEST | 443 | 49841 | 142.250.186.97 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2022 07:32:39.634243011 CEST | 50977 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2022 07:32:39.643558025 CEST | 53 | 50977 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2022 07:32:40.811481953 CEST | 60749 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2022 07:32:40.850791931 CEST | 53 | 60749 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 28, 2022 07:32:39.634243011 CEST | 192.168.11.20 | 1.1.1.1 | 0xb55b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Sep 28, 2022 07:32:40.811481953 CEST | 192.168.11.20 | 1.1.1.1 | 0x5aab | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 28, 2022 07:32:39.643558025 CEST | 1.1.1.1 | 192.168.11.20 | 0xb55b | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | false | ||
Sep 28, 2022 07:32:40.850791931 CEST | 1.1.1.1 | 192.168.11.20 | 0x5aab | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Sep 28, 2022 07:32:40.850791931 CEST | 1.1.1.1 | 192.168.11.20 | 0x5aab | No error (0) | 142.250.186.97 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49840 | 142.250.186.174 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-28 05:32:39 UTC | 0 | OUT | |
2022-09-28 05:32:40 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49841 | 142.250.186.97 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-09-28 05:32:40 UTC | 1 | OUT | |
2022-09-28 05:32:41 UTC | 2 | IN |