Windows
Analysis Report
auz.jar
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Uses cmd line tools excessively to alter registry or file data
Exploit detected, runtime environment starts unknown processes
Uses schtasks.exe or at.exe to add and modify task schedules
Queries the volume information (name, serial number etc) of a device
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Creates a process in suspended mode (likely to inject code)
IP address seen in connection with other malware
Launches a Java Jar file from a suspicious file location
Enables debug privileges
Classification
- System is w10x64
cmd.exe (PID: 1240 cmdline:
C:\Windows \system32\ cmd.exe /c ""C:\Prog ram Files (x86)\Java \jre1.8.0_ 211\bin\ja va.exe" -j avaagent:" C:\Users\u ser\AppDat a\Local\Te mp\jartrac er.jar" -j ar "C:\Use rs\user\De sktop\auz. jar"" >> C :\cmdlines tart.log 2 >&1 MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 6424 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) java.exe (PID: 6732 cmdline:
"C:\Progra m Files (x 86)\Java\j re1.8.0_21 1\bin\java .exe" -jav aagent:"C: \Users\use r\AppData\ Local\Temp \jartracer .jar" -jar "C:\Users \user\Desk top\auz.ja r" MD5: 28733BA8C383E865338638DF5196E6FE) icacls.exe (PID: 4540 cmdline:
C:\Windows \system32\ icacls.exe C:\Progra mData\Orac le\Java\.o racle_jre_ usage /gra nt "everyo ne":(OI)(C I)M MD5: FF0D1D4317A44C951240FAE75075D501) conhost.exe (PID: 1792 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) tasklist.exe (PID: 3216 cmdline:
tasklist MD5: 6B7D2FC3FB98B10A5F77B23DEF745F6F) conhost.exe (PID: 2088 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 6916 cmdline:
cmd /c sch tasks /cre ate /tn "J avaConnect " /tr "\"C :\Program Files (x86 )\Java\jre 1.8.0_211\ bin\javaw. exe\" -jar \"C:\User s\user\App Data\Roami ng\bcfca1\ bcfca15a1f e879c681f1 459b1b147c 6e.log\"" /sc minute /mo 60 MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 4624 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) schtasks.exe (PID: 7056 cmdline:
schtasks / create /tn "JavaConn ect" /tr " \"C:\Progr am Files ( x86)\Java\ jre1.8.0_2 11\bin\jav aw.exe\" - jar \"C:\U sers\user\ AppData\Ro aming\bcfc a1\bcfca15 a1fe879c68 1f1459b1b1 47c6e.log\ "" /sc min ute /mo 60 MD5: 15FF7D8324231381BAD48A052F85DF04) reg.exe (PID: 376 cmdline:
reg query "HKU\S-1-5 -19" MD5: CEE2A7E57DF2A159A065A34913A055C2) conhost.exe (PID: 5088 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
javaw.exe (PID: 3524 cmdline:
C:\Program Files (x8 6)\Java\jr e1.8.0_211 \bin\javaw .exe" -jar "C:\Users \user\AppD ata\Roamin g\bcfca1\b cfca15a1fe 879c681f14 59b1b147c6 e.log MD5: 4BFEB2F64685DA09DEBB95FB981D4F65) tasklist.exe (PID: 1604 cmdline:
tasklist MD5: 6B7D2FC3FB98B10A5F77B23DEF745F6F) conhost.exe (PID: 5084 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) cmd.exe (PID: 5196 cmdline:
cmd /c sch tasks /cre ate /tn "J avaConnect " /tr "\"C :\Program Files (x86 )\Java\jre 1.8.0_211\ bin\javaw. exe\" -jar \"C:\User s\user\App Data\Roami ng\bcfca1\ bcfca15a1f e879c681f1 459b1b147c 6e.log\"" /sc minute /mo 60 MD5: F3BDBE3BB6F734E357235F4D5898582D) conhost.exe (PID: 6944 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) schtasks.exe (PID: 6948 cmdline:
schtasks / create /tn "JavaConn ect" /tr " \"C:\Progr am Files ( x86)\Java\ jre1.8.0_2 11\bin\jav aw.exe\" - jar \"C:\U sers\user\ AppData\Ro aming\bcfc a1\bcfca15 a1fe879c68 1f1459b1b1 47c6e.log\ "" /sc min ute /mo 60 MD5: 15FF7D8324231381BAD48A052F85DF04) reg.exe (PID: 7060 cmdline:
reg query "HKU\S-1-5 -19" MD5: CEE2A7E57DF2A159A065A34913A055C2) conhost.exe (PID: 6940 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
- • AV Detection
- • Compliance
- • Software Vulnerabilities
- • Networking
- • System Summary
- • Data Obfuscation
- • Persistence and Installation Behavior
- • Boot Survival
- • Hooking and other Techniques for Hiding and Protection
- • Malware Analysis System Evasion
- • Anti Debugging
- • HIPS / PFW / Operating System Protection Evasion
- • Language, Device and Operating System Detection
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Software Vulnerabilities |
---|
Source: | Process created: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Process created: |
Source: | Virustotal: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Process created: |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Classification label: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Binary or memory string: |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 2_3_1560EC72 | |
Source: | Code function: | 2_3_1560DE4E | |
Source: | Code function: | 2_3_1560C459 | |
Source: | Code function: | 2_3_15609DBE |
Source: | Executes: |
Persistence and Installation Behavior |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Boot Survival |
---|
Source: | Process created: |
Source: | Process created: |
Source: | Last function: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory protected: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | 1 Scheduled Task/Job | 11 Process Injection | 1 Masquerading | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 12 Command and Scripting Interpreter | 1 Services File Permissions Weakness | 1 Scheduled Task/Job | 1 Modify Registry | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Scheduled Task/Job | Logon Script (Windows) | 1 Services File Permissions Weakness | 1 Disable or Modify Tools | Security Account Manager | 1 Remote System Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | 1 Exploitation for Client Execution | Logon Script (Mac) | Logon Script (Mac) | 11 Process Injection | NTDS | 13 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 3 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Services File Permissions Weakness | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | ByteCode-JAVA.Trojan.Generic | ||
16% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
geoplugin.net | 178.237.33.50 | true | false |
| unknown |
paradisodomenico.it | 46.16.95.61 | true | false | unknown | |
adrenalinecyber.com | unknown | unknown | false |
| unknown |
www.geoplugin.net | unknown | unknown | false |
| unknown |
www.paradisodomenico.it | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
46.16.95.61 | paradisodomenico.it | Italy | 52030 | SERVERPLAN-ASIT | false | |
178.237.33.50 | geoplugin.net | Netherlands | 8455 | ATOM86-ASATOM86NL | false |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 841597 |
Start date and time: | 2023-04-05 11:37:46 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 9m 35s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsfilecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | auz.jar |
Detection: | MAL |
Classification: | mal60.expl.winJAR@30/3@10/2 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis
(whitelisted): MpCmdRun.exe, a udiodg.exe, WMIADAP.exe, conho st.exe, backgroundTaskHost.exe - Execution Graph export aborted
for target java.exe, PID 6732 because there are no executed function - Not all processes where analyz
ed, report is missing behavior information - Report size getting too big, t
oo many NtDeviceIoControlFile calls found. - Report size getting too big, t
oo many NtQueryValueKey calls found. - Report size getting too big, t
oo many NtSetInformationFile c alls found.
Time | Type | Description |
---|---|---|
11:38:44 | Task Scheduler |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
46.16.95.61 | Get hash | malicious | Unknown | Browse | ||
178.237.33.50 | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, Parallax RAT, TinyNuke | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
geoplugin.net | Get hash | malicious | Remcos, GuLoader | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, Parallax RAT, TinyNuke | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ATOM86-ASATOM86NL | Get hash | malicious | Remcos, GuLoader | Browse |
| |
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, Parallax RAT, TinyNuke | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
SERVERPLAN-ASIT | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Gafgyt, Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
d2935c58fe676744fecc8614ee5356c7 | Get hash | malicious | STRRAT | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
| ||
Get hash | malicious | STRRAT | Browse |
|
⊘No context
Process: | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 57 |
Entropy (8bit): | 4.817551365376543 |
Encrypted: | false |
SSDEEP: | 3:oFj4I5vpN6yUROadm:oJ5X6yGOaA |
MD5: | 90BF563F80E4D1569BFDC20814CCAC64 |
SHA1: | 9A5FFDB06C9744B9AA67156DE1CEB40148441601 |
SHA-256: | 52B750854D295B393ADE2EF54406BA6E7AB29E53B52E6743F0B2708E239BEDC6 |
SHA-512: | 72A5725206E90D7EBC78BE783E2E29F7AF5247A914213EA5B433EDEBE1AEC6D64828EBE2234069FDF4D089AD9B3E1080CA099A2D6F743859074EDFFBA2A7FA2C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45 |
Entropy (8bit): | 0.9111711733157262 |
Encrypted: | false |
SSDEEP: | 3:/lwlt7n:WNn |
MD5: | C8366AE350E7019AEFC9D1E6E6A498C6 |
SHA1: | 5731D8A3E6568A5F2DFBBC87E3DB9637DF280B61 |
SHA-256: | 11E6ACA8E682C046C83B721EEB5C72C5EF03CB5936C60DF6F4993511DDC61238 |
SHA-512: | 33C980D5A638BFC791DE291EBF4B6D263B384247AB27F261A54025108F2F85374B579A026E545F81395736DD40FA4696F2163CA17640DD47F1C42BC9971B18CD |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 189466 |
Entropy (8bit): | 7.968224085935667 |
Encrypted: | false |
SSDEEP: | 3072:/aZCV6DcW4xLOMB6DrxnuahzqBc7EPTe+1sVCwWL3OGE1ZynOtQwSelrRVZBAMrQ:Wc6yxLzQ/xuCzeLeAwWL3WJpRV3AME |
MD5: | 2792F3AA4B0F15C488C32BCD1E03AFD8 |
SHA1: | B49223709C7A83125912A2474E79B446C622B232 |
SHA-256: | 5487A1B50399574FF09D2F8BB6FA87D0B194C840E8AEDA26196B612A6A3FCB3A |
SHA-512: | FB6B5E982D85BFBEFD45FEED848873D79214859D34651FA209476C65A70A09E898061E95CF23D4C8984BDC910E0F945CA2DCE21DF2BC8714FBCE1F39EE184BCE |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.968224085935667 |
TrID: |
|
File name: | auz.jar |
File size: | 189466 |
MD5: | 2792f3aa4b0f15c488c32bcd1e03afd8 |
SHA1: | b49223709c7a83125912a2474e79b446c622b232 |
SHA256: | 5487a1b50399574ff09d2f8bb6fa87d0b194c840e8aeda26196b612a6a3fcb3a |
SHA512: | fb6b5e982d85bfbefd45feed848873d79214859d34651fa209476c65a70a09e898061e95cf23d4c8984bdc910e0f945ca2dce21df2bc8714fbce1f39ee184bce |
SSDEEP: | 3072:/aZCV6DcW4xLOMB6DrxnuahzqBc7EPTe+1sVCwWL3OGE1ZynOtQwSelrRVZBAMrQ:Wc6yxLzQ/xuCzeLeAwWL3WJpRV3AME |
TLSH: | 0B040204FE90C69CEA43C0BEE15E859DEF2C4A8E450DC76F36F095A05A95CD2CB039DA |
File Content Preview: | PK........W..V............B...objecttification/postschool/overfancifulness/paralinguistics.class.T[w.D.....Q..v.BCSZ.....$..C/.......$N.)..V.H>..........x.C....px...?......CS...;.;..7.......0.]..g{..B.u..........h:..w.q....Yo[6..|Kwu...m....)`.......t.._. |
Icon Hash: | d28c8e8ea2868ad6 |
Download Network PCAP: filtered – full
- Total Packets: 46
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 5, 2023 11:38:48.411292076 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:48.437109947 CEST | 80 | 49696 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:48.437208891 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:48.449275970 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:48.479932070 CEST | 80 | 49696 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:48.498128891 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:48.529597998 CEST | 80 | 49696 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:48.631252050 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:49.529994965 CEST | 80 | 49696 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:49.530143976 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:51.015083075 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:51.041652918 CEST | 80 | 49697 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:51.042725086 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:51.046195030 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:51.084790945 CEST | 80 | 49697 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:51.098398924 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:51.128781080 CEST | 80 | 49697 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:51.240856886 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:52.128710032 CEST | 80 | 49697 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:38:52.128880978 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:58.524214029 CEST | 49696 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:38:58.550086021 CEST | 80 | 49696 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:39:01.133686066 CEST | 49697 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 5, 2023 11:39:01.159468889 CEST | 80 | 49697 | 178.237.33.50 | 192.168.2.4 |
Apr 5, 2023 11:39:19.002933979 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.003022909 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.003118038 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.060039997 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.060117006 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.164464951 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.164583921 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.189460039 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.189518929 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.207153082 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.207180023 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.236090899 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.236123085 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.236562967 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.248668909 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.248722076 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.443244934 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.443437099 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.443530083 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.447084904 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.447134972 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:19.447168112 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.447168112 CEST | 49698 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:19.447187901 CEST | 443 | 49698 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.618132114 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.618206024 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.618336916 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.657855034 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.657924891 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.752778053 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.752924919 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.774317980 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.774358988 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.798698902 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.798722982 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.824012995 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.824038029 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.824354887 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:21.828176975 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:21.828201056 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:22.028104067 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:22.028202057 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Apr 5, 2023 11:39:22.028276920 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:22.029706001 CEST | 49699 | 443 | 192.168.2.4 | 46.16.95.61 |
Apr 5, 2023 11:39:22.029725075 CEST | 443 | 49699 | 46.16.95.61 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 5, 2023 11:38:45.880076885 CEST | 50911 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:38:45.908870935 CEST | 53 | 50911 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:38:48.380346060 CEST | 59683 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:38:48.404733896 CEST | 53 | 59683 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:38:50.733702898 CEST | 64167 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:38:50.763087988 CEST | 53 | 64167 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:38:50.987679958 CEST | 58565 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:38:51.009295940 CEST | 53 | 58565 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:38:58.811969042 CEST | 52239 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:38:58.848505974 CEST | 53 | 52239 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:39:01.432755947 CEST | 56807 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:39:01.456254005 CEST | 53 | 56807 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:39:08.900214911 CEST | 61007 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:39:08.921135902 CEST | 53 | 61007 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:39:11.503990889 CEST | 60686 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:39:11.525038004 CEST | 53 | 60686 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:39:18.942569017 CEST | 61124 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:39:18.999263048 CEST | 53 | 61124 | 8.8.8.8 | 192.168.2.4 |
Apr 5, 2023 11:39:21.544714928 CEST | 59444 | 53 | 192.168.2.4 | 8.8.8.8 |
Apr 5, 2023 11:39:21.615022898 CEST | 53 | 59444 | 8.8.8.8 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 5, 2023 11:38:45.880076885 CEST | 192.168.2.4 | 8.8.8.8 | 0x4e6b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:48.380346060 CEST | 192.168.2.4 | 8.8.8.8 | 0x6496 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:50.733702898 CEST | 192.168.2.4 | 8.8.8.8 | 0xdffe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:50.987679958 CEST | 192.168.2.4 | 8.8.8.8 | 0x6e64 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:58.811969042 CEST | 192.168.2.4 | 8.8.8.8 | 0x402 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:01.432755947 CEST | 192.168.2.4 | 8.8.8.8 | 0x176e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:08.900214911 CEST | 192.168.2.4 | 8.8.8.8 | 0x8bd1 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:11.503990889 CEST | 192.168.2.4 | 8.8.8.8 | 0x30a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:18.942569017 CEST | 192.168.2.4 | 8.8.8.8 | 0x38c7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:21.544714928 CEST | 192.168.2.4 | 8.8.8.8 | 0x71ad | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 5, 2023 11:38:45.908870935 CEST | 8.8.8.8 | 192.168.2.4 | 0x4e6b | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:48.404733896 CEST | 8.8.8.8 | 192.168.2.4 | 0x6496 | No error (0) | geoplugin.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 5, 2023 11:38:48.404733896 CEST | 8.8.8.8 | 192.168.2.4 | 0x6496 | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false | ||
Apr 5, 2023 11:38:50.763087988 CEST | 8.8.8.8 | 192.168.2.4 | 0xdffe | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:38:51.009295940 CEST | 8.8.8.8 | 192.168.2.4 | 0x6e64 | No error (0) | geoplugin.net | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 5, 2023 11:38:51.009295940 CEST | 8.8.8.8 | 192.168.2.4 | 0x6e64 | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false | ||
Apr 5, 2023 11:38:58.848505974 CEST | 8.8.8.8 | 192.168.2.4 | 0x402 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:01.456254005 CEST | 8.8.8.8 | 192.168.2.4 | 0x176e | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:08.921135902 CEST | 8.8.8.8 | 192.168.2.4 | 0x8bd1 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:11.525038004 CEST | 8.8.8.8 | 192.168.2.4 | 0x30a5 | Name error (3) | none | none | A (IP address) | IN (0x0001) | false | |
Apr 5, 2023 11:39:18.999263048 CEST | 8.8.8.8 | 192.168.2.4 | 0x38c7 | No error (0) | paradisodomenico.it | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 5, 2023 11:39:18.999263048 CEST | 8.8.8.8 | 192.168.2.4 | 0x38c7 | No error (0) | 46.16.95.61 | A (IP address) | IN (0x0001) | false | ||
Apr 5, 2023 11:39:21.615022898 CEST | 8.8.8.8 | 192.168.2.4 | 0x71ad | No error (0) | paradisodomenico.it | CNAME (Canonical name) | IN (0x0001) | false | ||
Apr 5, 2023 11:39:21.615022898 CEST | 8.8.8.8 | 192.168.2.4 | 0x71ad | No error (0) | 46.16.95.61 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49698 | 46.16.95.61 | 443 | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49699 | 46.16.95.61 | 443 | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.4 | 49696 | 178.237.33.50 | 80 | C:\Program Files (x86)\Java\jre1.8.0_211\bin\java.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 5, 2023 11:38:48.449275970 CEST | 135 | OUT | |
Apr 5, 2023 11:38:48.479932070 CEST | 137 | IN |