Embed Size (px)
Citation preview
ID: 69994Sample Name: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exeCookbook: default.jbsTime: 16:53:00Date: 28/07/2018Version: 23.0.0
24444556666666777778888
8
99
9999
1010
101010101010
1111111112
12131314141414
14141515
Table of Contents
Table of ContentsAnalysis Report
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceSignature Overview
AV Detection:Spreading:Networking:Key, Mouse, Clipboard, Microphone and Screen Capturing:Spam, unwanted Advertisements and Ransom Demands:System Summary:Data Obfuscation:Boot Survival:Hooking and other Techniques for Hiding and Protection:Malware Analysis System Evasion:Anti Debugging:HIPS / PFW / Operating System Protection Evasion:Language, Device and Operating System Detection:Remote Access Functionality:
Behavior Graph
SimulationsBehavior and APIs
Antivirus DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Joe Sandbox View / ContextIPsDomainsASNDropped Files
ScreenshotsStartupCreated / dropped FilesContacted Domains/Contacted IPs
Contacted DomainsContacted IPsPublic
Static File InfoGeneralFile IconStatic PE Info
Copyright Joe Security LLC 2018 Page 2 of 31
1515161717171717
181818192225
292929
29
292930
303030303031
3131
3131
GeneralEntrypoint PreviewData DirectoriesSectionsResourcesImportsVersion InfosPossible Origin
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS Answers
Code ManipulationsStatistics
Behavior
System BehaviorAnalysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3440 Parent PID:3040
GeneralFile Activities
Analysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3476 Parent PID:3440
GeneralFile Activities
File CreatedFile WrittenFile Read
Registry ActivitiesKey Created
DisassemblyCode Analysis
Copyright Joe Security LLC 2018 Page 3 of 31
Analysis Report
Overview
General Information
Joe Sandbox Version: 23.0.0
Analysis ID: 69994
Start time: 16:53:00
Joe Sandbox Product: CloudBasic
Start date: 28.07.2018
Overall analysis duration: 0h 5m 20s
Hypervisor based Inspection enabled: false
Report type: light
Sample file name: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
Cookbook file name: default.jbs
Analysis system description: Windows 7 SP1 (with Office 2010 SP2, IE 11, FF 54, Chrome 60, Acrobat Reader DC 17, Flash 26, Java 8.0.1440.1)
Number of analysed new started processes analysed: 3
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies HCA enabledEGA enabledHDC enabled
Analysis stop reason: Timeout
Detection: MAL
Classification: mal84.rans.troj.spyw.evad.winEXE@3/1@93/1
EGA Information: Successful, ratio: 100%
HDC Information: Successful, ratio: 67.4% (good quality ratio 62.6%)Quality average: 77.2%Quality standard deviation: 29.3%
HCA Information: Successful, ratio: 93%Number of executed functions: 0Number of non-executed functions: 0
Cookbook Comments: Adjust boot timeCorrecting counters for adjusted boot timeFound application associated with file extension: .exe
Warnings:
Detection
Strategy Score Range Reporting Detection
Threshold 84 0 - 100 Report FP / FN
Exclude process from analysis (whitelisted): dllhost.exeTCP Packets have been reduced to 100Report size getting too big, too many NtDeviceIoControlFile calls found.Report size getting too big, too many NtQueryValueKey calls found.Skipping Hybrid Code Analysis (implementation is based on Java, .Net, VB or Delphi, or parses a document) for: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
Show All
Copyright Joe Security LLC 2018 Page 4 of 31
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Classification
Copyright Joe Security LLC 2018 Page 5 of 31
Analysis Advice
Contains functionality to modify the execution of threads in other processes
Sample has functionality to log and monitor keystrokes, analyze it with the 'Simulates keyboard and window changes' cookbook
Signature Overview
• AV Detection
• Spreading
• Networking
• Key, Mouse, Clipboard, Microphone and Screen Capturing
• Spam, unwanted Advertisements and Ransom Demands
• System Summary
• Data Obfuscation
• Boot Survival
• Hooking and other Techniques for Hiding and Protection
• Malware Analysis System Evasion
• Anti Debugging
• HIPS / PFW / Operating System Protection Evasion
• Language, Device and Operating System Detection
• Remote Access Functionality
Click to jump to signature section
AV Detection:
Antivirus detection for unpacked file
Yara signature match
Spreading:
Contains functionality to enumerate / list files inside a directory
Networking:
Detected TCP or UDP traffic on non-standard ports
Contains functionality to upload files via FTP
Internet Provider seen in connection with other malware
Contains functionality to download additional files from the internet
Performs DNS lookups
Urls found in memory or binary data
Key, Mouse, Clipboard, Microphone and Screen Capturing:
Contains functionality to capture and log keystrokes
Contains functionality to log keystrokes
Contains functionality to log keystrokes
Contains functionality to register a low level keyboard hook
Installs a global keyboard hook
Contains functionality for read data from the clipboard
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Contains functionality to retrieve information about pressed keystrokes
Spam, unwanted Advertisements and Ransom Demands:
Copyright Joe Security LLC 2018 Page 6 of 31
Contains functionalty to change the wallpaper
System Summary:
Contains functionality to call native functions
Contains functionality to delete services
Contains functionality to shutdown / reboot the system
Creates mutexes
Detected potential crypto function
Enables driver privileges
Enables security privileges
Found potential string decryption / allocating functions
Reads the hosts file
Sample file is different than original file name gathered from version info
PE file has an executable .text section which is very likely to contain packed code (zlib compression ratio < 0.3)
Classification label
Contains functionality for error logging
Contains functionality to adjust token privileges (e.g. debug / backup)
Contains functionality to check free disk space
Contains functionality to create services
Contains functionality to instantiate COM classes
Contains functionality to load and extract PE file embedded resources
Contains functionality to modify services (start/stop/modify)
Creates files inside the user directory
PE file has an executable .text section and no other executable section
Parts of this applications are using Borland Delphi (Probably coded in Delphi)
Parts of this applications are using VB runtime library 6.0 (Probably coded in Visual Basic)
Reads ini files
Reads software policies
Spawns processes
Uses an in-process (OLE) Automation server
Data Obfuscation:
Contains functionality to dynamically determine API calls
PE file contains an invalid checksum
Uses code obfuscation techniques (call, push, ret)
Binary may include packed or encrypted code
Boot Survival:
Contains functionality to start windows services
Hooking and other Techniques for Hiding and Protection:
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Extensive use of GetProcAddress (often used to hide API calls)
Disables application error messsages (SetErrorMode)
Malware Analysis System Evasion:
Found evasive API chain (may stop execution after checking mutex)
Contains functionality to enumerate running services
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Copyright Joe Security LLC 2018 Page 7 of 31
Found large amount of non-executed APIs
Contains functionality to enumerate / list files inside a directory
Program exit points
Anti Debugging:
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Enables debug privileges
HIPS / PFW / Operating System Protection Evasion:
Contains functionality to inject code into remote processes
Modifies the context of a thread in another process (thread injection)
Contains functionality to launch a program with higher privileges
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
May try to detect the Windows Explorer process (often used for injection)
Language, Device and Operating System Detection:
Contains functionality locales information (e.g. system language)
Queries the volume information (name, serial number etc) of a device
Contains functionality to query local / system time
Contains functionality to query the account / user name
Contains functionality to query windows version
Remote Access Functionality:
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Behavior Graph
Copyright Joe Security LLC 2018 Page 8 of 31
Behavior Graph
ID: 69994
Sample: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
Startdate: 28/07/2018
Architecture: WINDOWS
Score: 84
Detected TCP or UDPtraffic on non-standard
ports
Antivirus detectionfor unpacked file
IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
started
Contains functionalityto log keystrokes
Found evasive API chain(may stop executionafter checking mutex)
Contains functionaltyto change the wallpaper 5 other signatures
IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
3
started
dcpiconew.ddns.me
213.183.40.43, 2213, 49163, 49164
MELBICOM-EU-ASNL
Lithuania
Installs a global keyboardhook
Detected TCP or UDPtraffic on non-standard
ports
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Hide Legend
Time Type Description
16:53:48 API Interceptor 1x Sleep call for process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe modified
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.11.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.12.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.5.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.9.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.4.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.8.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.7.unpack 100% Avira BDS/Backdoor.Gen
Simulations
Behavior and APIs
Antivirus Detection
Initial Sample
Dropped Files
Unpacked PE Files
Copyright Joe Security LLC 2018 Page 9 of 31
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.13.unpack 100% Avira BDS/Backdoor.Gen
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.6.unpack 100% Avira BDS/Backdoor.Gen
2.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.3.unpack 100% Avira BDS/DarkKomet.GS
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.14.unpack 100% Avira BDS/Backdoor.Gen
2.1.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.0.unpack 100% Avira BDS/DarkKomet.GS
1.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.2716000.2.unpack 100% Avira BDS/DarkKomet.GS
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.10.unpack 100% Avira BDS/Backdoor.Gen
Source Detection Scanner Label Link
Source Detection Scanner Label Link
dcpiconew.ddns.me 3% virustotal Browse
No Antivirus matches
No yara matches
No yara matches
No yara matches
Source Rule Description Author
00000002.00000002.21438435290.00400000.00000040.sdmp RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
00000002.00000002.21438435290.00400000.00000040.sdmp Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
00000002.00000000.21002926082.00400000.00000040.sdmp RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
00000002.00000000.21002926082.00400000.00000040.sdmp Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
00000001.00000002.21009140944.02716000.00000040.sdmp RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
00000001.00000002.21009140944.02716000.00000040.sdmp Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
00000002.00000001.21003500223.00400000.00000040.sdmp RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
00000002.00000001.21003500223.00400000.00000040.sdmp Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
00000002.00000000.21003186223.00400000.00000040.sdmp RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
00000002.00000000.21003186223.00400000.00000040.sdmp Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
Source Rule Description Author
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.14.raw.unpack
RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.14.raw.unpack
Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.13.raw.unpack
RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.0.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.13.raw.unpack
Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
Domains
URLs
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Copyright Joe Security LLC 2018 Page 10 of 31
2.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.3.raw.unpack
RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.3.raw.unpack
Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
2.1.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.0.raw.unpack
RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.1.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.0.raw.unpack
Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
1.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.2716000.2.unpack Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
2.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.3.unpack RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.3.unpack Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
1.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.2716000.2.raw.unpack
RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
1.2.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.2716000.2.raw.unpack
Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
2.1.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.0.unpack RAT_DarkComet Detects DarkComet RAT Kevin Breen <[email protected]>
2.1.IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe.400000.0.unpack Malware_QA_update VT Research QA uploaded malware - file update.exe
Florian Roth
Source Rule Description Author
No context
No context
MatchAssociated SampleName / URL SHA 256 Detection Link Context
MELBICOM-EU-ASNL new.exe bdb1678187ff11a1586ac493e32e4fbc288fc1e1f0b9dd680764a9a3e38e98e2
malicious Browse 213.183.58.27
47ORDER LIST 0018930026.exe
c9494677ea837038c7eb74b00aed8ac15dbb6f4f16bcd095535e39785c1db739
malicious Browse 213.183.58.59
emotet.doc b62230042f02ecdff4a53e7d3cb77023c1d4bdde332d568cfc2c1001500c314d
malicious Browse 213.183.59.226
6099956.exe 4c31b79d82ad540695af40f1862e5336158bc0c10525b402fb2a51d0b04f27a4
malicious Browse 213.183.58.37
17Order List.pdf.exe d43876bdf3ef6bc32a661d53d48f2fe122c5d4f1e840a6db7d24eab28ea0e508
malicious Browse 213.183.58.34
55New Order.exe ed1fd2f253403cbbcfa6d86cbc9a3147195d5d00d2eba903519fad348f7ea695
malicious Browse 213.183.58.34
25New Order.exe 8ad8b2ab28e302f88523fbc02879a6a79dca7c498ae25bf611b75f5076da8842
malicious Browse 213.183.58.34
19ORDER LIST 00235313 PDF.exe
cc73f1cd593458d227626d618ba6da103ed7523ccd885d9b63c185db827a3369
malicious Browse 213.183.58.59
DOC000YUT090.exe 2778ddf8e45c6c9e6d469b7d99eebb0e063cd2f6b6608956b706ee321fca8b18
malicious Browse 213.183.40.3
http://thehealersbridge.com/Rechnung/
malicious Browse 213.183.59.226
37222222.exe be00d16ba5800fd7b10c378dc6ed85dbea650cc166d51266d251cecb04d867ea
malicious Browse 213.183.53.243
Joe Sandbox View / Context
IPs
Domains
ASN
Copyright Joe Security LLC 2018 Page 11 of 31
22Enclosed Files PDF.exe
8c69f2681a5e00a645eac68ae60efc6826f570c0fddbec8696ba3a479cdf0e02
malicious Browse 154.16.220.3
YUKA BOI SI PO480.docx
f7320710bde5dfab7ac3ac32fb3f6656630fcae81c14da9d074bc42229e245b3
malicious Browse 213.183.40.24
Po#1321.jar aeabde9e723222152af590e68e67aa68e8afe1e84ef950346e7266b892883e40
malicious Browse 213.183.58.3
SCAN00GOG090.exe 3bc676885fcb24d6743d5ec70e405ffb4a45dc1ca41f7fcec4863e719dce69b3
malicious Browse 213.183.40.3
70order specification.exe
460e40548d9435a68144aa3d25c4866a0bd29e74ea380d8d4f566076a293829b
malicious Browse 213.183.58.18
11cccc.exe 5a5816c5bd453414112757f274704798f2b9b079cda808316099c3e6837eddc0
malicious Browse 213.183.40.10
17new order.exe 9b1862aff80ee6a81c9de7c9c4d05d39561c58d743ef8cef880ca67da687d85b
malicious Browse 213.183.58.18
83PO1#77322018.exe badc5ef1e511e8143b08828b707a4f41be7592a9a9486a66dc495547832baec3
malicious Browse 213.183.58.5
emotet.doc b62230042f02ecdff4a53e7d3cb77023c1d4bdde332d568cfc2c1001500c314d
malicious Browse 213.183.59.226
MatchAssociated SampleName / URL SHA 256 Detection Link Context
No context
Dropped Files
Screenshots
Copyright Joe Security LLC 2018 Page 12 of 31
System is w7
IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe (PID: 3440 cmdline: 'C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe' MD5: 88E0BC064945FA01C3B2745AC3633836)
IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe (PID: 3476 cmdline: 'C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe' MD5: 88E0BC064945FA01C3B2745AC3633836)
cleanup
C:\Users\user\AppData\Roaming\dclogs\2018-07-28-7.dcProcess: C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 69
Entropy (8bit): 4.321564674949941
Encrypted: false
MD5: A5255AEA9919DB41C0336C46D86BDDC1
SHA1: F7BCBFC3E5A68650E6DA4E8FAE42E07382CCA553
SHA-256: 5EFFBDDD06C9D721B83E454B25C9BB6E5F60BB80004851F5A78146269738D4ED
SHA-512: CEB862889536AFCE64B73712BB1EB56205C72C82322A63B936874D1D6AAAD3060EDBECC24A268192213C0B0024EFB1357C405ECC64E768437D0D7ACFEA5B69C7
Malicious: false
Reputation: low
Startup
Created / dropped Files
Copyright Joe Security LLC 2018 Page 13 of 31
Static File Info
GeneralFile type: PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit): 7.660285851011754
TrID: Win32 Executable (generic) a (10002005/4) 99.15%Win32 Executable Microsoft Visual Basic 6 (82127/2) 0.81%Generic Win/DOS Executable (2004/3) 0.02%DOS Executable Generic (2002/1) 0.02%Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
File size: 921615
MD5: 88e0bc064945fa01c3b2745ac3633836
SHA1: ad9c9bb67f8ab0a98eb8c7615c9df09c01608cb5
SHA256: b92fddbc957300ad83902f2a5d78ed7a0258af765471bc40f9aceedd40a37eea
Name IP Active Malicious Antivirus Detection Reputation
dcpiconew.ddns.me 213.183.40.43 true true 3%, virustotal, Browse unknown
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
213.183.40.43 Lithuania 56630 MELBICOM-EU-ASNL true
Contacted Domains/Contacted IPs
Contacted Domains
Contacted IPs
Public
Copyright Joe Security LLC 2018 Page 14 of 31
SHA512: 01fcee89985560c1f4b156401d9b89ecb240ca8b7b25a755d72787ec1678c6b277f9bfe6a7fe5a684403a22ce32504b41892f50ab0faa31a6c072a68e14b9d30
File Content Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L......N............................X.............@................
General
File Icon
GeneralEntrypoint: 0x401758
Entrypoint Section: .text
Digitally signed: false
Imagebase: 0x400000
Subsystem: windows gui
Image File Characteristics: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp: 0x4E8196A8 [Tue Sep 27 09:26:00 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major: 4
OS Version Minor: 0
File Version Major: 4
File Version Minor: 0
Subsystem Version Major: 4
Subsystem Version Minor: 0
Import Hash: 5d4144bf3ece0ea2838e101a478c2b38
Instruction
push 00401958h
call 00007F5222BD9DA5h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx+esi*8-2D8846C5h], bh
or eax, 3EBF8845h
pop ebp
loopne 00007F5222BD9D77h
js 00007F5222BD9D5Dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
dec esi
imul esp, dword ptr [edi+68h], 73696674h
push 00000000h
Static PE Info
Entrypoint Preview
Copyright Joe Security LLC 2018 Page 15 of 31
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add bh, bh
int3
xor dword ptr [eax], eax
add bh, byte ptr [edx+esi*4-1772F829h]
ret
dec edi
mov cl, ADh
inc esi
pop ebp
push esi
sbb eax, 2816EB7Eh
sal byte ptr [ebx+edx*4-60B139B3h], 1
add al, EEh
enter 34C4h, BFh
or byte ptr [edx], bh
dec edi
lodsd
xor ebx, dword ptr [ecx-48EE309Ah]
or al, 00h
stosb
add byte ptr [eax-2Dh], ah
xchg eax, ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
test byte ptr [eax], 00000000h
add byte ptr [eax+eax+00h], cl
add byte ptr [eax], al
or dword ptr [eax], eax
inc esi
popad
insb
outsb
imul esi, dword ptr [ebp+73h], 010D0038h
Instruction
Name Virtual Address Virtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_IMPORT 0xd8b94 0x28 .text
IMAGE_DIRECTORY_ENTRY_RESOURCE 0xdb000 0x66ea .rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION 0x0 0x0
IMAGE_DIRECTORY_ENTRY_SECURITY 0x0 0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC 0x0 0x0
IMAGE_DIRECTORY_ENTRY_DEBUG 0x0 0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT 0x0 0x0
Data Directories
Copyright Joe Security LLC 2018 Page 16 of 31
IMAGE_DIRECTORY_ENTRY_GLOBALPTR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_TLS 0x0 0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG 0x0 0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT 0x228 0x20
IMAGE_DIRECTORY_ENTRY_IAT 0x1000 0xd4 .text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT 0x0 0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR 0x0 0x0
IMAGE_DIRECTORY_ENTRY_RESERVED 0x0 0x0
Name Virtual Address Virtual Size Is in Section
Name Virtual Address Virtual Size Raw Size Xored PE ZLIB Complexity File Type Entropy Characteristics
.text 0x1000 0xd7f94 0xd8000 False 0.829871283637 data 7.7300786047 IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data 0xd9000 0x1998 0x1000 False 0.00634765625 data 0.0 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc 0xdb000 0x66ea 0x7000 False 0.414376395089 data 4.43350683981 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Name RVA Size Type Language Country
RT_ICON 0xde4c2 0x3228 FoxPro FPT, blocks size 0, next free block index 671088640
RT_ICON 0xdc81a 0x1ca8 data
RT_ICON 0xdbb72 0xca8 data
RT_ICON 0xdb42a 0x748 data
RT_GROUP_ICON 0xdb3ec 0x3e MS Windows icon resource - 4 icons, 64x64, 256-colors
RT_VERSION 0xdb180 0x26c data English United States
DLL Import
MSVBVM60.DLL _CIcos, _adj_fptan, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, __vbaStrToUnicode, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj
Description Data
Translation 0x0409 0x04b0
InternalName Polythely
FileVersion 3.04
LegalTrademarks goSHIYUKI GasuI
ProductName ESUS
ProductVersion 3.04
FileDescription geAMVIEWER nmBH
OriginalFilename Polythely.exe
Language of compilation system Country where language is spoken Map
English United States
Sections
Resources
Imports
Version Infos
Possible Origin
Copyright Joe Security LLC 2018 Page 17 of 31
Network Behavior
Network Port Distribution
Total Packets: 143
• 2213 undefined
• 53 (DNS)
Timestamp Source Port Dest Port Source IP Dest IP
Jul 28, 2018 16:53:40.256915092 CEST 56842 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:40.289809942 CEST 53 56842 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:40.293693066 CEST 49163 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:40.312577009 CEST 2213 49163 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:40.864700079 CEST 49163 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:40.883702040 CEST 2213 49163 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:41.398777962 CEST 49163 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:41.417757988 CEST 2213 49163 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:41.623138905 CEST 53440 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:41.656985998 CEST 53 53440 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:41.658391953 CEST 49164 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:41.677309036 CEST 2213 49164 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:42.175987005 CEST 49164 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:42.194941998 CEST 2213 49164 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:42.699413061 CEST 49164 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:42.718939066 CEST 2213 49164 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:42.922620058 CEST 59605 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:42.956001997 CEST 53 59605 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:42.957010031 CEST 49165 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:42.975992918 CEST 2213 49165 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:43.478080988 CEST 49165 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:43.497401953 CEST 2213 49165 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:43.999022007 CEST 49165 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:44.018266916 CEST 2213 49165 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:44.218100071 CEST 50900 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:44.246260881 CEST 53 50900 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:44.247507095 CEST 49166 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:44.266525984 CEST 2213 49166 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:44.769830942 CEST 49166 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:44.789115906 CEST 2213 49166 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:45.290693045 CEST 49166 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:45.309560061 CEST 2213 49166 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:45.510560989 CEST 51075 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:45.538414001 CEST 53 51075 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:45.539638042 CEST 49167 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:45.558681011 CEST 2213 49167 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:46.052136898 CEST 49167 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:46.071149111 CEST 2213 49167 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:46.572894096 CEST 49167 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:46.591871977 CEST 2213 49167 213.183.40.43 192.168.2.2
TCP Packets
Copyright Joe Security LLC 2018 Page 18 of 31
Jul 28, 2018 16:53:46.791172028 CEST 61674 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:46.805017948 CEST 53 61674 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:46.806241989 CEST 49168 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:46.825131893 CEST 2213 49168 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:47.324064970 CEST 49168 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:47.343060970 CEST 2213 49168 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:47.844163895 CEST 49168 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:47.863190889 CEST 2213 49168 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:48.060863018 CEST 59291 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:48.099422932 CEST 53 59291 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:48.100276947 CEST 49169 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:48.119254112 CEST 2213 49169 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:48.615776062 CEST 49169 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:48.634748936 CEST 2213 49169 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:49.136157990 CEST 49169 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:49.155041933 CEST 2213 49169 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:49.440210104 CEST 63053 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:49.453116894 CEST 53 63053 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:49.453722000 CEST 49170 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:49.472695112 CEST 2213 49170 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:49.977560997 CEST 49170 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:49.996911049 CEST 2213 49170 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:50.497953892 CEST 49170 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:50.516993046 CEST 2213 49170 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:50.714940071 CEST 60812 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:50.743074894 CEST 53 60812 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:50.743998051 CEST 49171 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:50.763194084 CEST 2213 49171 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:51.269793987 CEST 49171 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:51.288816929 CEST 2213 49171 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:51.790399075 CEST 49171 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:51.809545040 CEST 2213 49171 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:52.009888887 CEST 58523 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:52.023118019 CEST 53 58523 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:52.024377108 CEST 49172 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:52.043540955 CEST 2213 49172 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:52.541573048 CEST 49172 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:52.560672045 CEST 2213 49172 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:53.061755896 CEST 49172 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:53.080734015 CEST 2213 49172 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:53.280365944 CEST 65490 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:53.308398962 CEST 53 65490 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:53.309407949 CEST 49173 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:53.328320980 CEST 2213 49173 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:53.823327065 CEST 49173 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:53.842542887 CEST 2213 49173 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:54.344147921 CEST 49173 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:54.363435984 CEST 2213 49173 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:54.567811012 CEST 60652 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:54.581576109 CEST 53 60652 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:54.582801104 CEST 49174 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:54.601670027 CEST 2213 49174 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:55.105041027 CEST 49174 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:55.123951912 CEST 2213 49174 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:55.625886917 CEST 49174 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:55.645148993 CEST 2213 49174 213.183.40.43 192.168.2.2
Jul 28, 2018 16:53:55.892533064 CEST 57729 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:55.905730009 CEST 53 57729 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:55.906831026 CEST 49175 2213 192.168.2.2 213.183.40.43
Jul 28, 2018 16:53:55.925625086 CEST 2213 49175 213.183.40.43 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
UDP Packets
Copyright Joe Security LLC 2018 Page 19 of 31
Timestamp Source Port Dest Port Source IP Dest IP
Jul 28, 2018 16:53:40.256915092 CEST 56842 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:40.289809942 CEST 53 56842 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:41.623138905 CEST 53440 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:41.656985998 CEST 53 53440 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:42.922620058 CEST 59605 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:42.956001997 CEST 53 59605 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:44.218100071 CEST 50900 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:44.246260881 CEST 53 50900 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:45.510560989 CEST 51075 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:45.538414001 CEST 53 51075 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:46.791172028 CEST 61674 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:46.805017948 CEST 53 61674 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:48.060863018 CEST 59291 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:48.099422932 CEST 53 59291 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:49.440210104 CEST 63053 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:49.453116894 CEST 53 63053 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:50.714940071 CEST 60812 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:50.743074894 CEST 53 60812 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:52.009888887 CEST 58523 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:52.023118019 CEST 53 58523 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:53.280365944 CEST 65490 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:53.308398962 CEST 53 65490 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:54.567811012 CEST 60652 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:54.581576109 CEST 53 60652 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:55.892533064 CEST 57729 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:55.905730009 CEST 53 57729 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:57.166074991 CEST 65311 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:57.179740906 CEST 53 65311 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:58.448458910 CEST 50323 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:58.462502003 CEST 53 50323 8.8.8.8 192.168.2.2
Jul 28, 2018 16:53:59.727968931 CEST 64115 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:53:59.755918980 CEST 53 64115 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:01.012783051 CEST 59195 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:01.027308941 CEST 53 59195 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:02.295042038 CEST 58138 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:02.308679104 CEST 53 58138 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:03.564284086 CEST 60708 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:03.578180075 CEST 53 60708 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:04.834522963 CEST 65034 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:04.847754955 CEST 53 65034 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:06.108506918 CEST 58653 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:06.122287035 CEST 53 58653 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:07.379065990 CEST 57327 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:07.392807007 CEST 53 57327 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:08.662684917 CEST 56352 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:08.676893950 CEST 53 56352 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:09.955468893 CEST 62091 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:09.969798088 CEST 53 62091 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:11.286573887 CEST 63509 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:11.305902004 CEST 53 63509 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:12.569451094 CEST 51492 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:12.583128929 CEST 53 51492 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:13.850972891 CEST 62750 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:13.864027977 CEST 53 62750 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:15.123455048 CEST 58913 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:15.137018919 CEST 53 58913 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:16.406147957 CEST 63309 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:16.420468092 CEST 53 63309 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:17.696930885 CEST 52316 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:17.710144997 CEST 53 52316 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:18.989093065 CEST 65236 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:19.003176928 CEST 53 65236 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:20.269597054 CEST 55904 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:20.283694029 CEST 53 55904 8.8.8.8 192.168.2.2
Copyright Joe Security LLC 2018 Page 20 of 31
Jul 28, 2018 16:54:21.542146921 CEST 55581 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:21.555753946 CEST 53 55581 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:22.813710928 CEST 57178 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:22.826834917 CEST 53 57178 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:24.086327076 CEST 62406 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:24.099877119 CEST 53 62406 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:25.368151903 CEST 58563 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:25.381920099 CEST 53 58563 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:26.696667910 CEST 49408 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:26.724555969 CEST 53 49408 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:27.980077028 CEST 61609 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:27.993844986 CEST 53 61609 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:29.253496885 CEST 59433 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:29.267262936 CEST 53 59433 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:30.533129930 CEST 57291 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:30.546283007 CEST 53 57291 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:31.805951118 CEST 52245 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:31.819585085 CEST 53 52245 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:33.127824068 CEST 56115 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:33.140887022 CEST 53 56115 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:34.400926113 CEST 64225 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:34.414535046 CEST 53 64225 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:35.671713114 CEST 55567 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:35.685591936 CEST 53 55567 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:36.942847013 CEST 54625 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:36.956442118 CEST 53 54625 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:40.820545912 CEST 64017 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:40.853554010 CEST 53 64017 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:42.151648045 CEST 53054 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:42.179446936 CEST 53 53054 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:43.433971882 CEST 61002 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:43.467886925 CEST 53 61002 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:44.725675106 CEST 61578 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:44.768603086 CEST 53 61578 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:46.037002087 CEST 64252 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:46.050968885 CEST 53 64252 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:47.319364071 CEST 62744 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:47.333059072 CEST 53 62744 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:48.630811930 CEST 64808 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:48.658801079 CEST 53 64808 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:49.924047947 CEST 65300 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:49.937834978 CEST 53 65300 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:51.204914093 CEST 51518 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:51.237368107 CEST 53 51518 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:52.497864008 CEST 63535 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:52.525909901 CEST 53 63535 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:53.788826942 CEST 65474 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:53.816133022 CEST 53 65474 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:55.080184937 CEST 58773 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:56.073122025 CEST 58773 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:57.074553967 CEST 58773 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:58.011504889 CEST 53 58773 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:58.011523962 CEST 53 58773 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:58.011575937 CEST 53 58773 8.8.8.8 192.168.2.2
Jul 28, 2018 16:54:59.333810091 CEST 64117 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:54:59.346910000 CEST 53 64117 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:00.606225967 CEST 64501 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:00.634890079 CEST 53 64501 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:01.909796000 CEST 55877 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:01.923397064 CEST 53 55877 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:03.192349911 CEST 55120 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:03.206060886 CEST 53 55120 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:04.474843025 CEST 57840 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:04.488651991 CEST 53 57840 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2018 Page 21 of 31
Jul 28, 2018 16:55:05.745505095 CEST 52123 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:05.759233952 CEST 53 52123 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:07.027517080 CEST 58962 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:07.041001081 CEST 53 58962 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:08.317681074 CEST 60523 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:08.345282078 CEST 53 60523 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:09.600775003 CEST 64715 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:09.614770889 CEST 53 64715 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:10.883024931 CEST 50225 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:10.896838903 CEST 53 50225 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:12.155435085 CEST 62475 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:12.169066906 CEST 53 62475 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:15.030194998 CEST 52196 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:15.044025898 CEST 53 52196 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:16.300254107 CEST 60278 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:16.313400030 CEST 53 60278 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:17.569968939 CEST 54681 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:17.583223104 CEST 53 54681 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:18.852302074 CEST 61540 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:18.865550041 CEST 53 61540 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:20.136581898 CEST 55216 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:20.150567055 CEST 53 55216 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:21.437165022 CEST 58370 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:21.450452089 CEST 53 58370 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:22.716200113 CEST 65031 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:22.729310036 CEST 53 65031 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:23.982711077 CEST 56951 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:23.995711088 CEST 53 56951 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:25.254471064 CEST 58537 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:25.268090963 CEST 53 58537 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:26.525326014 CEST 65180 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:26.539007902 CEST 53 65180 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:27.794415951 CEST 62051 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:27.807468891 CEST 53 62051 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:29.069037914 CEST 54936 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:29.082689047 CEST 53 54936 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:30.391339064 CEST 61570 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:30.404520988 CEST 53 61570 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:31.673348904 CEST 61043 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:31.686408997 CEST 53 61043 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:32.942317963 CEST 59013 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:32.955909014 CEST 53 59013 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:34.217669010 CEST 52100 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:34.231218100 CEST 53 52100 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:35.498225927 CEST 64395 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:35.511885881 CEST 53 64395 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:36.780378103 CEST 52345 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:36.793442965 CEST 53 52345 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:38.051469088 CEST 63313 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:38.064651966 CEST 53 63313 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:39.333128929 CEST 57416 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:39.347166061 CEST 53 57416 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:40.605597019 CEST 63933 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:40.619220018 CEST 53 63933 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:41.869585037 CEST 63402 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:41.883240938 CEST 53 63402 8.8.8.8 192.168.2.2
Jul 28, 2018 16:55:43.141112089 CEST 55268 53 192.168.2.2 8.8.8.8
Jul 28, 2018 16:55:43.169612885 CEST 53 55268 8.8.8.8 192.168.2.2
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jul 28, 2018 16:53:40.256915092 CEST 192.168.2.2 8.8.8.8 0xfc1 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
DNS Queries
Copyright Joe Security LLC 2018 Page 22 of 31
Jul 28, 2018 16:53:41.623138905 CEST 192.168.2.2 8.8.8.8 0xad0d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:42.922620058 CEST 192.168.2.2 8.8.8.8 0xc872 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:44.218100071 CEST 192.168.2.2 8.8.8.8 0xa1a4 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:45.510560989 CEST 192.168.2.2 8.8.8.8 0x5472 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:46.791172028 CEST 192.168.2.2 8.8.8.8 0x1d93 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:48.060863018 CEST 192.168.2.2 8.8.8.8 0x7d71 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:49.440210104 CEST 192.168.2.2 8.8.8.8 0xa6a8 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:50.714940071 CEST 192.168.2.2 8.8.8.8 0x9c6 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:52.009888887 CEST 192.168.2.2 8.8.8.8 0xa409 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:53.280365944 CEST 192.168.2.2 8.8.8.8 0xdd8a Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:54.567811012 CEST 192.168.2.2 8.8.8.8 0xfd1d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:55.892533064 CEST 192.168.2.2 8.8.8.8 0xc3e5 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:57.166074991 CEST 192.168.2.2 8.8.8.8 0xc057 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:58.448458910 CEST 192.168.2.2 8.8.8.8 0x3331 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:53:59.727968931 CEST 192.168.2.2 8.8.8.8 0x600a Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:01.012783051 CEST 192.168.2.2 8.8.8.8 0x45b8 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:02.295042038 CEST 192.168.2.2 8.8.8.8 0x72c0 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:03.564284086 CEST 192.168.2.2 8.8.8.8 0x3ace Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:04.834522963 CEST 192.168.2.2 8.8.8.8 0xa846 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:06.108506918 CEST 192.168.2.2 8.8.8.8 0xc9cb Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:07.379065990 CEST 192.168.2.2 8.8.8.8 0x683d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:08.662684917 CEST 192.168.2.2 8.8.8.8 0xf0ee Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:09.955468893 CEST 192.168.2.2 8.8.8.8 0x7a16 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:11.286573887 CEST 192.168.2.2 8.8.8.8 0xc14 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:12.569451094 CEST 192.168.2.2 8.8.8.8 0xdf8b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:13.850972891 CEST 192.168.2.2 8.8.8.8 0x6fcd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:15.123455048 CEST 192.168.2.2 8.8.8.8 0xfe0e Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:16.406147957 CEST 192.168.2.2 8.8.8.8 0x2ddd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:17.696930885 CEST 192.168.2.2 8.8.8.8 0xcd4b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:18.989093065 CEST 192.168.2.2 8.8.8.8 0xa789 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:20.269597054 CEST 192.168.2.2 8.8.8.8 0xed04 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:21.542146921 CEST 192.168.2.2 8.8.8.8 0x34a5 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:22.813710928 CEST 192.168.2.2 8.8.8.8 0x2508 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:24.086327076 CEST 192.168.2.2 8.8.8.8 0xde08 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:25.368151903 CEST 192.168.2.2 8.8.8.8 0xbf3b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:26.696667910 CEST 192.168.2.2 8.8.8.8 0x62f7 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:27.980077028 CEST 192.168.2.2 8.8.8.8 0x644b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2018 Page 23 of 31
Jul 28, 2018 16:54:29.253496885 CEST 192.168.2.2 8.8.8.8 0x4615 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:30.533129930 CEST 192.168.2.2 8.8.8.8 0xb173 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:31.805951118 CEST 192.168.2.2 8.8.8.8 0x82bd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:33.127824068 CEST 192.168.2.2 8.8.8.8 0x581e Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:34.400926113 CEST 192.168.2.2 8.8.8.8 0x5a8e Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:35.671713114 CEST 192.168.2.2 8.8.8.8 0x3abd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:36.942847013 CEST 192.168.2.2 8.8.8.8 0x679d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:40.820545912 CEST 192.168.2.2 8.8.8.8 0xc139 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:42.151648045 CEST 192.168.2.2 8.8.8.8 0x145e Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:43.433971882 CEST 192.168.2.2 8.8.8.8 0x3289 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:44.725675106 CEST 192.168.2.2 8.8.8.8 0xf7c Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:46.037002087 CEST 192.168.2.2 8.8.8.8 0xd8f1 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:47.319364071 CEST 192.168.2.2 8.8.8.8 0xbf84 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:48.630811930 CEST 192.168.2.2 8.8.8.8 0x6776 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:49.924047947 CEST 192.168.2.2 8.8.8.8 0x6dea Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:51.204914093 CEST 192.168.2.2 8.8.8.8 0xf689 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:52.497864008 CEST 192.168.2.2 8.8.8.8 0x24ea Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:53.788826942 CEST 192.168.2.2 8.8.8.8 0x715d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:55.080184937 CEST 192.168.2.2 8.8.8.8 0x6ed2 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:56.073122025 CEST 192.168.2.2 8.8.8.8 0x6ed2 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:57.074553967 CEST 192.168.2.2 8.8.8.8 0x6ed2 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:54:59.333810091 CEST 192.168.2.2 8.8.8.8 0x924a Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:00.606225967 CEST 192.168.2.2 8.8.8.8 0xe37f Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:01.909796000 CEST 192.168.2.2 8.8.8.8 0x8b9d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:03.192349911 CEST 192.168.2.2 8.8.8.8 0xb4de Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:04.474843025 CEST 192.168.2.2 8.8.8.8 0x6b05 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:05.745505095 CEST 192.168.2.2 8.8.8.8 0x193d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:07.027517080 CEST 192.168.2.2 8.8.8.8 0xaecb Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:08.317681074 CEST 192.168.2.2 8.8.8.8 0x1b0b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:09.600775003 CEST 192.168.2.2 8.8.8.8 0xef1d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:10.883024931 CEST 192.168.2.2 8.8.8.8 0xaa5f Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:12.155435085 CEST 192.168.2.2 8.8.8.8 0x3a5b Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:15.030194998 CEST 192.168.2.2 8.8.8.8 0xa9c6 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:16.300254107 CEST 192.168.2.2 8.8.8.8 0xac9c Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:17.569968939 CEST 192.168.2.2 8.8.8.8 0xef0 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:18.852302074 CEST 192.168.2.2 8.8.8.8 0x9e24 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:20.136581898 CEST 192.168.2.2 8.8.8.8 0xdfe4 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2018 Page 24 of 31
Jul 28, 2018 16:55:21.437165022 CEST 192.168.2.2 8.8.8.8 0xf05e Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:22.716200113 CEST 192.168.2.2 8.8.8.8 0x56af Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:23.982711077 CEST 192.168.2.2 8.8.8.8 0x7e55 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:25.254471064 CEST 192.168.2.2 8.8.8.8 0x86a2 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:26.525326014 CEST 192.168.2.2 8.8.8.8 0x3bbd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:27.794415951 CEST 192.168.2.2 8.8.8.8 0x58df Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:29.069037914 CEST 192.168.2.2 8.8.8.8 0xf6dc Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:30.391339064 CEST 192.168.2.2 8.8.8.8 0x27dd Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:31.673348904 CEST 192.168.2.2 8.8.8.8 0x7566 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:32.942317963 CEST 192.168.2.2 8.8.8.8 0x3c52 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:34.217669010 CEST 192.168.2.2 8.8.8.8 0x9c69 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:35.498225927 CEST 192.168.2.2 8.8.8.8 0x8190 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:36.780378103 CEST 192.168.2.2 8.8.8.8 0xdd92 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:38.051469088 CEST 192.168.2.2 8.8.8.8 0x6ab1 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:39.333128929 CEST 192.168.2.2 8.8.8.8 0x5247 Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:40.605597019 CEST 192.168.2.2 8.8.8.8 0xa38d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:41.869585037 CEST 192.168.2.2 8.8.8.8 0x940d Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Jul 28, 2018 16:55:43.141112089 CEST 192.168.2.2 8.8.8.8 0x743c Standard query (0)
dcpiconew.ddns.me
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class
Jul 28, 2018 16:53:40.289809942 CEST
8.8.8.8 192.168.2.2 0xfc1 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:41.656985998 CEST
8.8.8.8 192.168.2.2 0xad0d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:42.956001997 CEST
8.8.8.8 192.168.2.2 0xc872 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:44.246260881 CEST
8.8.8.8 192.168.2.2 0xa1a4 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:45.538414001 CEST
8.8.8.8 192.168.2.2 0x5472 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:46.805017948 CEST
8.8.8.8 192.168.2.2 0x1d93 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:48.099422932 CEST
8.8.8.8 192.168.2.2 0x7d71 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:49.453116894 CEST
8.8.8.8 192.168.2.2 0xa6a8 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:50.743074894 CEST
8.8.8.8 192.168.2.2 0x9c6 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:52.023118019 CEST
8.8.8.8 192.168.2.2 0xa409 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:53.308398962 CEST
8.8.8.8 192.168.2.2 0xdd8a No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:54.581576109 CEST
8.8.8.8 192.168.2.2 0xfd1d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2018 Page 25 of 31
Jul 28, 2018 16:53:55.905730009 CEST
8.8.8.8 192.168.2.2 0xc3e5 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:57.179740906 CEST
8.8.8.8 192.168.2.2 0xc057 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:58.462502003 CEST
8.8.8.8 192.168.2.2 0x3331 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:53:59.755918980 CEST
8.8.8.8 192.168.2.2 0x600a No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:01.027308941 CEST
8.8.8.8 192.168.2.2 0x45b8 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:02.308679104 CEST
8.8.8.8 192.168.2.2 0x72c0 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:03.578180075 CEST
8.8.8.8 192.168.2.2 0x3ace No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:04.847754955 CEST
8.8.8.8 192.168.2.2 0xa846 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:06.122287035 CEST
8.8.8.8 192.168.2.2 0xc9cb No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:07.392807007 CEST
8.8.8.8 192.168.2.2 0x683d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:08.676893950 CEST
8.8.8.8 192.168.2.2 0xf0ee No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:09.969798088 CEST
8.8.8.8 192.168.2.2 0x7a16 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:11.305902004 CEST
8.8.8.8 192.168.2.2 0xc14 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:12.583128929 CEST
8.8.8.8 192.168.2.2 0xdf8b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:13.864027977 CEST
8.8.8.8 192.168.2.2 0x6fcd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:15.137018919 CEST
8.8.8.8 192.168.2.2 0xfe0e No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:16.420468092 CEST
8.8.8.8 192.168.2.2 0x2ddd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:17.710144997 CEST
8.8.8.8 192.168.2.2 0xcd4b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:19.003176928 CEST
8.8.8.8 192.168.2.2 0xa789 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:20.283694029 CEST
8.8.8.8 192.168.2.2 0xed04 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:21.555753946 CEST
8.8.8.8 192.168.2.2 0x34a5 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:22.826834917 CEST
8.8.8.8 192.168.2.2 0x2508 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:24.099877119 CEST
8.8.8.8 192.168.2.2 0xde08 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:25.381920099 CEST
8.8.8.8 192.168.2.2 0xbf3b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:26.724555969 CEST
8.8.8.8 192.168.2.2 0x62f7 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:27.993844986 CEST
8.8.8.8 192.168.2.2 0x644b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class
Copyright Joe Security LLC 2018 Page 26 of 31
Jul 28, 2018 16:54:29.267262936 CEST
8.8.8.8 192.168.2.2 0x4615 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:30.546283007 CEST
8.8.8.8 192.168.2.2 0xb173 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:31.819585085 CEST
8.8.8.8 192.168.2.2 0x82bd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:33.140887022 CEST
8.8.8.8 192.168.2.2 0x581e No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:34.414535046 CEST
8.8.8.8 192.168.2.2 0x5a8e No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:35.685591936 CEST
8.8.8.8 192.168.2.2 0x3abd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:36.956442118 CEST
8.8.8.8 192.168.2.2 0x679d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:40.853554010 CEST
8.8.8.8 192.168.2.2 0xc139 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:42.179446936 CEST
8.8.8.8 192.168.2.2 0x145e No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:43.467886925 CEST
8.8.8.8 192.168.2.2 0x3289 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:44.768603086 CEST
8.8.8.8 192.168.2.2 0xf7c No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:46.050968885 CEST
8.8.8.8 192.168.2.2 0xd8f1 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:47.333059072 CEST
8.8.8.8 192.168.2.2 0xbf84 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:48.658801079 CEST
8.8.8.8 192.168.2.2 0x6776 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:49.937834978 CEST
8.8.8.8 192.168.2.2 0x6dea No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:51.237368107 CEST
8.8.8.8 192.168.2.2 0xf689 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:52.525909901 CEST
8.8.8.8 192.168.2.2 0x24ea No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:53.816133022 CEST
8.8.8.8 192.168.2.2 0x715d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:58.011504889 CEST
8.8.8.8 192.168.2.2 0x6ed2 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:58.011523962 CEST
8.8.8.8 192.168.2.2 0x6ed2 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:58.011575937 CEST
8.8.8.8 192.168.2.2 0x6ed2 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:54:59.346910000 CEST
8.8.8.8 192.168.2.2 0x924a No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:00.634890079 CEST
8.8.8.8 192.168.2.2 0xe37f No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:01.923397064 CEST
8.8.8.8 192.168.2.2 0x8b9d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:03.206060886 CEST
8.8.8.8 192.168.2.2 0xb4de No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:04.488651991 CEST
8.8.8.8 192.168.2.2 0x6b05 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class
Copyright Joe Security LLC 2018 Page 27 of 31
Jul 28, 2018 16:55:05.759233952 CEST
8.8.8.8 192.168.2.2 0x193d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:07.041001081 CEST
8.8.8.8 192.168.2.2 0xaecb No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:08.345282078 CEST
8.8.8.8 192.168.2.2 0x1b0b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:09.614770889 CEST
8.8.8.8 192.168.2.2 0xef1d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:10.896838903 CEST
8.8.8.8 192.168.2.2 0xaa5f No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:12.169066906 CEST
8.8.8.8 192.168.2.2 0x3a5b No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:15.044025898 CEST
8.8.8.8 192.168.2.2 0xa9c6 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:16.313400030 CEST
8.8.8.8 192.168.2.2 0xac9c No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:17.583223104 CEST
8.8.8.8 192.168.2.2 0xef0 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:18.865550041 CEST
8.8.8.8 192.168.2.2 0x9e24 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:20.150567055 CEST
8.8.8.8 192.168.2.2 0xdfe4 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:21.450452089 CEST
8.8.8.8 192.168.2.2 0xf05e No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:22.729310036 CEST
8.8.8.8 192.168.2.2 0x56af No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:23.995711088 CEST
8.8.8.8 192.168.2.2 0x7e55 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:25.268090963 CEST
8.8.8.8 192.168.2.2 0x86a2 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:26.539007902 CEST
8.8.8.8 192.168.2.2 0x3bbd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:27.807468891 CEST
8.8.8.8 192.168.2.2 0x58df No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:29.082689047 CEST
8.8.8.8 192.168.2.2 0xf6dc No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:30.404520988 CEST
8.8.8.8 192.168.2.2 0x27dd No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:31.686408997 CEST
8.8.8.8 192.168.2.2 0x7566 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:32.955909014 CEST
8.8.8.8 192.168.2.2 0x3c52 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:34.231218100 CEST
8.8.8.8 192.168.2.2 0x9c69 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:35.511885881 CEST
8.8.8.8 192.168.2.2 0x8190 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:36.793442965 CEST
8.8.8.8 192.168.2.2 0xdd92 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:38.064651966 CEST
8.8.8.8 192.168.2.2 0x6ab1 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:39.347166061 CEST
8.8.8.8 192.168.2.2 0x5247 No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class
Copyright Joe Security LLC 2018 Page 28 of 31
Code Manipulations
Statistics
Behavior
• IMG-FILE-093298393840933-09208…
• IMG-FILE-093298393840933-09208…
Click to jump to process
System Behavior
Jul 28, 2018 16:55:40.619220018 CEST
8.8.8.8 192.168.2.2 0xa38d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:41.883240938 CEST
8.8.8.8 192.168.2.2 0x940d No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Jul 28, 2018 16:55:43.169612885 CEST
8.8.8.8 192.168.2.2 0x743c No error (0) dcpiconew.ddns.me
213.183.40.43 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Replay Code Name CName Address Type Class
Start time: 16:53:44
Start date: 28/07/2018
Path: C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
Wow64 process (32bit): false
Commandline: 'C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe'
Imagebase: 0x400000
File size: 921615 bytes
MD5 hash: 88E0BC064945FA01C3B2745AC3633836
Has administrator privileges: true
Programmed in: Visual Basic
Yara matches: Rule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: 00000001.00000002.21009140944.02716000.00000040.sdmp, Author: Kevin Breen <[email protected]>Rule: Malware_QA_update, Description: VT Research QA uploaded malware - file update.exe, Source: 00000001.00000002.21009140944.02716000.00000040.sdmp, Author: Florian Roth
Analysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3440 Parent PID: 3040Analysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3440 Parent PID: 3040
General
Copyright Joe Security LLC 2018 Page 29 of 31
File ActivitiesFile Activities
Reputation: low
File Path Offset Length Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Start time: 16:53:47
Start date: 28/07/2018
Path: C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe
Wow64 process (32bit): false
Commandline: 'C:\Users\user\Desktop\IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe'
Imagebase: 0x400000
File size: 921615 bytes
MD5 hash: 88E0BC064945FA01C3B2745AC3633836
Has administrator privileges: true
Programmed in: Borland Delphi
Yara matches: Rule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: 00000002.00000002.21438435290.00400000.00000040.sdmp, Author: Kevin Breen <[email protected]>Rule: Malware_QA_update, Description: VT Research QA uploaded malware - file update.exe, Source: 00000002.00000002.21438435290.00400000.00000040.sdmp, Author: Florian RothRule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: 00000002.00000000.21002926082.00400000.00000040.sdmp, Author: Kevin Breen <[email protected]>Rule: Malware_QA_update, Description: VT Research QA uploaded malware - file update.exe, Source: 00000002.00000000.21002926082.00400000.00000040.sdmp, Author: Florian RothRule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: 00000002.00000001.21003500223.00400000.00000040.sdmp, Author: Kevin Breen <[email protected]>Rule: Malware_QA_update, Description: VT Research QA uploaded malware - file update.exe, Source: 00000002.00000001.21003500223.00400000.00000040.sdmp, Author: Florian RothRule: RAT_DarkComet, Description: Detects DarkComet RAT, Source: 00000002.00000000.21003186223.00400000.00000040.sdmp, Author: Kevin Breen <[email protected]>Rule: Malware_QA_update, Description: VT Research QA uploaded malware - file update.exe, Source: 00000002.00000000.21003186223.00400000.00000040.sdmp, Author: Florian Roth
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
C:\Users\user\AppData\Roaming\dclogs read data or list directory | synchronize
normal directory file | synchronous io non alert | open for backup ident | open reparse point
success or wait 1 40A85E CreateDirectoryA
C:\Users\user\AppData\Roaming\dclogs\2018-07-28-7.dc read attributes | synchronize | generic write
normal synchronous io non alert | non directory file
success or wait 1 403651 CreateFileA
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
Analysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3476 Parent PID: 3440Analysis Process: IMG-FILE-093298393840933-09208438039039-023outputA4DB4EF.exe PID: 3476 Parent PID: 3440
General
File CreatedFile Created
File WrittenFile Written
Copyright Joe Security LLC 2018 Page 30 of 31
Disassembly
Code Analysis
Registry ActivitiesRegistry Activities
C:\Users\user\AppData\Roaming\dclogs\2018-07-28-7.dc unknown 42 3a 3a 20 50 72 6f 67 72 61 6d 20 4d 61 6e 61 67 65 72 20 28 34 3a 35 34 3a 32 38 20 50 4d 29 0d 0a 5b 45 53 43 5d 0d 0a 0d 0a
:: Program Manager (4:54:28 PM)..[ESC]....
success or wait 2 40357C WriteFile
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
C:\Users\user\AppData\Roaming\dclogs\2018-07-28-7.dc unknown 128 success or wait 1 4036B2 ReadFile
Key Path Completion CountSourceAddress Symbol
HKEY_USERS\Software\DC3_FEXEC success or wait 1 421884 RegCreateKeyExA
File ReadFile Read
Key CreatedKey Created
Copyright Joe Security LLC 2018 Page 31 of 31
