Analysis Report FAKTURA I RACHUNKI.exe
Overview
General Information
Detection
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Username: ": "JrBJv6DyR8", "URL: ": "http://KeXrtgodXUi1h.com", "To: ": "syndic8@yandex.com", "ByHost: ": "mail.brimaq.com:587", "Password: ": "UXB9CyQFuVvwdgx", "From: ": "jaen@brimaq.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | TCP traffic: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_0041112C |
System Summary: |
---|
Source: | Code function: | 0_2_023450CB | |
Source: | Code function: | 0_2_02345294 | |
Source: | Code function: | 0_2_0234533A | |
Source: | Code function: | 0_2_02345170 | |
Source: | Code function: | 0_2_02345162 | |
Source: | Code function: | 0_2_023453E8 | |
Source: | Code function: | 2_2_00F8525E | |
Source: | Code function: | 2_2_00F84E07 | |
Source: | Code function: | 2_2_00F853E8 | |
Source: | Code function: | 2_2_00F85294 | |
Source: | Code function: | 2_2_00F8533A |
Source: | Code function: | 0_2_00406B0F | |
Source: | Code function: | 0_2_023450CB | |
Source: | Code function: | 0_2_02342036 | |
Source: | Code function: | 0_2_02342022 | |
Source: | Code function: | 0_2_02340E2E | |
Source: | Code function: | 0_2_0234087D | |
Source: | Code function: | 0_2_023446F2 | |
Source: | Code function: | 0_2_02341CEE | |
Source: | Code function: | 0_2_0234173A | |
Source: | Code function: | 0_2_02344328 | |
Source: | Code function: | 0_2_02342B1B | |
Source: | Code function: | 0_2_02343D76 | |
Source: | Code function: | 0_2_02345170 | |
Source: | Code function: | 0_2_02342372 | |
Source: | Code function: | 0_2_02342379 | |
Source: | Code function: | 0_2_02345162 | |
Source: | Code function: | 0_2_0234156B | |
Source: | Code function: | 0_2_02340954 | |
Source: | Code function: | 0_2_023447A7 | |
Source: | Code function: | 0_2_02341587 | |
Source: | Code function: | 0_2_023409E5 | |
Source: | Code function: | 0_2_023439C3 | |
Source: | Code function: | 2_2_01391900 | |
Source: | Code function: | 2_2_0139B9B5 | |
Source: | Code function: | 2_2_013919E4 | |
Source: | Code function: | 2_2_01397898 | |
Source: | Code function: | 2_2_0139EE30 | |
Source: | Code function: | 2_2_0139AAA8 | |
Source: | Code function: | 2_2_013987E0 | |
Source: | Code function: | 2_2_013A2020 | |
Source: | Code function: | 2_2_013A2768 | |
Source: | Code function: | 2_2_013A2F6D | |
Source: | Code function: | 2_2_013AB740 | |
Source: | Code function: | 2_2_1CDA6720 | |
Source: | Code function: | 2_2_1CDA5000 | |
Source: | Code function: | 2_2_1CDAB288 | |
Source: | Code function: | 2_2_1CDB34A0 | |
Source: | Code function: | 2_2_1CDB5D80 | |
Source: | Code function: | 2_2_1CDB4D00 | |
Source: | Code function: | 2_2_1CDB97D8 | |
Source: | Code function: | 2_2_1CDB8010 | |
Source: | Code function: | 2_2_1CDBAC90 | |
Source: | Code function: | 2_2_1CDBDF78 | |
Source: | Code function: | 2_2_1CDB1108 | |
Source: | Code function: | 2_2_1CDB1AD7 | |
Source: | Code function: | 2_2_1CDB1AE8 |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00402494 | |
Source: | Code function: | 0_2_00406C0A | |
Source: | Code function: | 0_2_00406C10 | |
Source: | Code function: | 0_2_00406C16 | |
Source: | Code function: | 0_2_00406C1C | |
Source: | Code function: | 0_2_00403294 | |
Source: | Code function: | 0_2_00402498 | |
Source: | Code function: | 0_2_0040269C | |
Source: | Code function: | 0_2_00402F78 | |
Source: | Code function: | 0_2_0040379C | |
Source: | Code function: | 0_2_0040332C | |
Source: | Code function: | 0_2_00406BCE | |
Source: | Code function: | 0_2_00406BD4 | |
Source: | Code function: | 0_2_00406BDA | |
Source: | Code function: | 0_2_00406BE0 | |
Source: | Code function: | 0_2_004051E0 | |
Source: | Code function: | 0_2_004043E4 | |
Source: | Code function: | 0_2_00406BE6 | |
Source: | Code function: | 0_2_00406BEC | |
Source: | Code function: | 0_2_00406BF2 | |
Source: | Code function: | 0_2_00406BF8 | |
Source: | Code function: | 0_2_00406BFE | |
Source: | Code function: | 0_2_00406C04 | |
Source: | Code function: | 0_2_02340072 | |
Source: | Code function: | 0_2_02341132 | |
Source: | Code function: | 0_2_02344506 | |
Source: | Code function: | 2_2_013987A6 | |
Source: | Code function: | 2_2_0139D23D | |
Source: | Code function: | 2_2_013A7A39 | |
Source: | Code function: | 2_2_013A1E0B |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Detected RDTSC dummy instruction sequence (likely for instruction hammering) | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 2_2_00F824D8 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_00F824D8 |
Source: | Code function: | 0_2_02342E6B |
Source: | Code function: | 2_2_00F822DB | |
Source: | Code function: | 2_2_00F849C5 | |
Source: | Code function: | 2_2_00F84A48 | |
Source: | Code function: | 2_2_00F83F39 | |
Source: | Code function: | 2_2_00F84310 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel12 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | LSASS Memory | Security Software Discovery631 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Virtualization/Sandbox Evasion341 | Distributed Component Object Model | Clipboard Data1 | Scheduled Transfer | Application Layer Protocol112 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | Remote System Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery313 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
12% | ReversingLabs | Win32.Trojan.Generic |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
brimaq.com | 78.128.8.31 | true | true |
| unknown |
googlehosted.l.googleusercontent.com | 172.217.168.33 | true | false | high | |
mail.brimaq.com | unknown | unknown | true |
| unknown |
doc-0s-1k-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
78.128.8.31 | brimaq.com | Bulgaria | 31083 | TELEPOINTBG | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Emerald |
Analysis ID: | 383950 |
Start date: | 08.04.2021 |
Start time: | 12:58:33 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 14s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | FAKTURA I RACHUNKI.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/1@3/2 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:00:03 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TELEPOINTBG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.820730298106959 |
TrID: |
|
File name: | FAKTURA I RACHUNKI.exe |
File size: | 126976 |
MD5: | ac62ebbbf6ec96f48a8cca64793bf8fb |
SHA1: | c1e10d41d090cb7d0505b46a1b48f3f533aa6aad |
SHA256: | 5708e5be9ec5564f3f16b38f87b0c7a0178274ed580a8566e31a995a80e353bb |
SHA512: | 3e6581e22319fa6adc526ee5c62352ccf0b45a7f519d9fa82c060acce7e6df1feac6ea971865866b113d6470a325939cc330a1e6f343c70d90eb1ffd14309951 |
SSDEEP: | 1536:f3GouBdGoPd3YqbfztVcOOTb3kCQv5i8+FMOihGo:fGZBdGcO0tVcOO/vQY8tOihG |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......u...1...1...1.......0...~...0.......0...Rich1...........PE..L.....zT.....................`....................@................ |
File Icon |
---|
Icon Hash: | 0ccea09899191898 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4016bc |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x547AB41E [Sun Nov 30 06:07:26 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b99d75676bd131a32dd8593967e4443d |
Entrypoint Preview |
---|
Instruction |
---|
push 0041091Ch |
call 00007F4DA0B864F3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add ch, dh |
call far 40C9h : A7DC1FC2h |
stosd |
mov es, word ptr [eax-509AA2ADh] |
stc |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
insd |
popad |
xor dword ptr [bx+si], esp |
push esp |
jc 00007F4DA0B86563h |
jo 00007F4DA0B86567h |
jp 00007F4DA0B8656Bh |
popad |
insb |
add byte ptr [ecx+67h], ch |
push 00202074h |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
sub byte ptr [eax-4Dh], ah |
into |
lodsd |
pop edx |
mov cs, word ptr [ebp+eax*2-78h] |
jnle 00007F4DA0B86566h |
cmp byte ptr [edi-61h], al |
push 1519A6C9h |
mov gs, word ptr [ecx] |
hlt |
inc esp |
inc ebx |
cmp dword ptr [D1967FB6h], 4F3A498Dh |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
das |
int1 |
add byte ptr [eax], al |
rol byte ptr [eax+eax+00h], cl |
add byte ptr [636F5300h], al |
imul esp, dword ptr [ecx+00h], 0006010Dh |
outsb |
jne 00007F4DA0B86575h |
jns 00007F4DA0B86572h |
add byte ptr [ecx], bl |
add dword ptr [eax], eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x18754 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1a000 | 0x4856 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x160 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x17cd8 | 0x18000 | False | 0.399688720703 | data | 6.38244790313 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0xaf4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1a000 | 0x4856 | 0x5000 | False | 0.414111328125 | data | 4.36134725027 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x1c2ae | 0x25a8 | data | ||
RT_ICON | 0x1b206 | 0x10a8 | data | ||
RT_ICON | 0x1a87e | 0x988 | data | ||
RT_ICON | 0x1a416 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1a3d8 | 0x3e | data | ||
RT_VERSION | 0x1a180 | 0x258 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, __vbaEnd, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaVarForInit, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaNew2, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarAdd, __vbaVarDup, __vbaStrToAnsi, __vbaFpI4, _CIatan, __vbaStrMove, __vbaCastObj, __vbaAryCopy, _allmul, __vbaLateIdSt, _CItan, __vbaFPInt, __vbaVarForNext, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | spiritu |
FileVersion | 3.00 |
CompanyName | Salty |
Comments | Salty |
ProductName | Salty |
ProductVersion | 3.00 |
FileDescription | Salty |
OriginalFilename | spiritu.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 12:59:54.076888084 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.088737965 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.088859081 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.089565992 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.101257086 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.113404989 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.113428116 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.113444090 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.113456011 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.113595009 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.130697012 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.142597914 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.142709017 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.143599033 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.159888029 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354562998 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354589939 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354608059 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354626894 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354655981 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.354758024 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.354823112 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.355194092 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.355216026 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.355305910 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.355993032 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.356015921 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.356112957 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.356779099 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.356802940 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.356880903 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.357748985 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.357769012 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.357866049 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.364959955 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.365125895 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.366472960 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.366497993 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.366682053 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.366864920 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.367209911 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.367291927 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.367693901 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.367894888 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.367980003 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.368638992 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.368758917 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.368822098 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.368874073 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.369818926 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.369843960 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.369930029 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.370223999 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.370275021 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.370357037 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.371006966 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.371105909 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.371113062 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.371175051 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.371829033 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.371851921 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.371922016 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.371952057 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.372915030 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.372982979 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.373075962 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.373658895 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.373719931 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.373898029 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.374234915 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.374309063 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.374337912 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.374456882 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.375217915 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.375255108 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.375348091 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.375797033 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.376125097 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.378381968 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.378416061 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.378458977 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.378469944 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.378506899 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.378515005 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.379914045 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.379949093 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380044937 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380048037 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.380075932 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380146980 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.380645990 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380678892 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380744934 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.380775928 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.380812883 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.381489992 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.381524086 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.381567955 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.381623030 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.381665945 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.382430077 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.382464886 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.382566929 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.382662058 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.382811069 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.383375883 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.383410931 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.383493900 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.383505106 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.383646011 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.384167910 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.384202957 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.384243011 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.384298086 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.384339094 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.385134935 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.385169983 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.385258913 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.385365963 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.385507107 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.385827065 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.385951996 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.391371012 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391408920 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391450882 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391510010 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.391546011 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.391664982 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391726017 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.391748905 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391781092 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391813040 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.391829014 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.391865015 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.392373085 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.392404079 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.392446041 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.392452955 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.392482996 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.392519951 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.392527103 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.392561913 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.392625093 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.393167019 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.393331051 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.393786907 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.393805027 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.393881083 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394012928 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394205093 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394249916 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394265890 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394280910 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394305944 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394321918 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394427061 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394520998 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394891024 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394918919 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394934893 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.394949913 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394985914 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.394998074 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.395015001 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.395030975 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.395062923 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.395076990 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396173000 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396192074 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396256924 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396265030 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396331072 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396523952 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396608114 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396627903 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396634102 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396650076 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.396660089 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396675110 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.396702051 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.397171021 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397257090 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397278070 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397321939 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397325039 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.397337914 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397351027 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397376060 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.397408962 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.397897005 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.397998095 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398022890 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398066044 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398096085 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398263931 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398322105 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398329973 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398387909 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398394108 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398444891 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398446083 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398502111 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398854017 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398869991 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398929119 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.398960114 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398977041 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.398997068 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.399029970 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.399049997 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.399051905 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.399168015 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.399683952 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.399748087 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.399801016 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.399820089 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.399876118 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400065899 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400106907 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400121927 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400154114 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400187016 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400202990 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400247097 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400595903 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400788069 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400801897 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400804996 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400820971 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400826931 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400837898 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400851011 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.400863886 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.400902033 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.401879072 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402004004 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402019024 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402020931 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.402076960 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.402245045 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402261972 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402282953 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402297974 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402316093 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.402343035 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.402939081 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402956963 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402977943 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.402993917 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.403012037 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.403012991 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.403027058 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.403038979 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.403091908 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.403693914 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.403789043 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405122042 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405137062 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405219078 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405220032 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405231953 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405263901 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405266047 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405309916 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405522108 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405535936 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405587912 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405666113 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405678988 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405699968 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405713081 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405734062 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405739069 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.405775070 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.405800104 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.406239986 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406255007 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406306982 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406311035 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.406364918 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.406547070 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406559944 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406584978 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406596899 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.406618118 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.406656027 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.407231092 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407246113 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407319069 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.407382011 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407394886 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407422066 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407444000 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.407474041 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.407474041 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407507896 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.407562017 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.408088923 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408112049 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408130884 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408154011 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408168077 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.408171892 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408185005 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408200026 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.408200979 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.408233881 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.408258915 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 12:59:54.409272909 CEST | 443 | 49717 | 172.217.168.33 | 192.168.2.6 |
Apr 8, 2021 12:59:54.409370899 CEST | 49717 | 443 | 192.168.2.6 | 172.217.168.33 |
Apr 8, 2021 13:01:29.836757898 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:29.880373955 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:29.880652905 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:29.992228985 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:29.992747068 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.036658049 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.037194967 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.085578918 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.092257977 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.149180889 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.149209023 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.149223089 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.149626017 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.157768965 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.203007936 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.233402967 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.277302027 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.279162884 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.323797941 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.324767113 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.373774052 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.375024080 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.419004917 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.419707060 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.501738071 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.502377033 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.546047926 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.548486948 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.548702002 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.549401999 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.549504995 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
Apr 8, 2021 13:01:30.594024897 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.594069958 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.594230890 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.594257116 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.613635063 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 |
Apr 8, 2021 13:01:30.653312922 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 8, 2021 12:59:31.325407982 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:31.338635921 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:31.957942009 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:31.970499992 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:34.149878025 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:34.163836002 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:35.499371052 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:35.513375044 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:36.672579050 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:36.684636116 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:37.636022091 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:37.648880005 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:38.655216932 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:38.668001890 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:50.976676941 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:50.988904953 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:53.282546043 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:53.308614016 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:54.047566891 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:54.074717999 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 12:59:56.837440014 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 12:59:56.857350111 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:08.197259903 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:08.212652922 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:09.260449886 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:09.273159981 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:10.023032904 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:10.035923958 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:13.818162918 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:13.831867933 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:16.318934917 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:16.385103941 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:16.939888954 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:16.952446938 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:17.401299000 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:17.414516926 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:17.548805952 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:17.561593056 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:17.919332027 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:17.933033943 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:18.206734896 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:18.233263016 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:18.381154060 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:18.394428015 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:18.676812887 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:18.689332962 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:18.810220003 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:18.823066950 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:19.197959900 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:19.257272959 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:19.876759052 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:19.890892029 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:20.724663019 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:20.737973928 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:21.184771061 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:21.198182106 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:21.658407927 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:21.807991982 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:29.075272083 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:29.094196081 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:35.899086952 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:35.912130117 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:36.710695982 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:36.723328114 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:37.692277908 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:37.704863071 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:38.838335991 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:38.851082087 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:41.063921928 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:41.076550007 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:00:54.385833025 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:00:54.399205923 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:01:00.012593031 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:01:00.025682926 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:01:02.281184912 CEST | 50700 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:01:02.294496059 CEST | 53 | 50700 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:01:29.743458033 CEST | 54069 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:01:29.796550989 CEST | 53 | 54069 | 8.8.8.8 | 192.168.2.6 |
Apr 8, 2021 13:01:29.808728933 CEST | 61178 | 53 | 192.168.2.6 | 8.8.8.8 |
Apr 8, 2021 13:01:29.821937084 CEST | 53 | 61178 | 8.8.8.8 | 192.168.2.6 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Apr 8, 2021 12:59:54.047566891 CEST | 192.168.2.6 | 8.8.8.8 | 0xeb1a | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 8, 2021 13:01:29.743458033 CEST | 192.168.2.6 | 8.8.8.8 | 0x5d4 | Standard query (0) | A (IP address) | IN (0x0001) | |
Apr 8, 2021 13:01:29.808728933 CEST | 192.168.2.6 | 8.8.8.8 | 0x5f64 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 8, 2021 12:59:54.074717999 CEST | 8.8.8.8 | 192.168.2.6 | 0xeb1a | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 8, 2021 12:59:54.074717999 CEST | 8.8.8.8 | 192.168.2.6 | 0xeb1a | No error (0) | 172.217.168.33 | A (IP address) | IN (0x0001) | ||
Apr 8, 2021 13:01:29.796550989 CEST | 8.8.8.8 | 192.168.2.6 | 0x5d4 | No error (0) | brimaq.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 8, 2021 13:01:29.796550989 CEST | 8.8.8.8 | 192.168.2.6 | 0x5d4 | No error (0) | 78.128.8.31 | A (IP address) | IN (0x0001) | ||
Apr 8, 2021 13:01:29.821937084 CEST | 8.8.8.8 | 192.168.2.6 | 0x5f64 | No error (0) | brimaq.com | CNAME (Canonical name) | IN (0x0001) | ||
Apr 8, 2021 13:01:29.821937084 CEST | 8.8.8.8 | 192.168.2.6 | 0x5f64 | No error (0) | 78.128.8.31 | A (IP address) | IN (0x0001) |
HTTPS Packets |
---|
Timestamp | Source IP | Source Port | Dest IP | Dest Port | Subject | Issuer | Not Before | Not After | JA3 SSL Client Fingerprint | JA3 SSL Client Digest |
---|---|---|---|---|---|---|---|---|---|---|
Apr 8, 2021 12:59:54.113456011 CEST | 172.217.168.33 | 443 | 192.168.2.6 | 49717 | CN=*.googleusercontent.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Tue Mar 16 20:32:57 CET 2021 Thu Jun 15 02:00:42 CEST 2017 | Tue Jun 08 21:32:56 CEST 2021 Wed Dec 15 01:00:42 CET 2021 | 771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0 | 37f463bf4616ecd445d4a1937da06e19 |
CN=GTS CA 1O1, O=Google Trust Services, C=US | CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 | Thu Jun 15 02:00:42 CEST 2017 | Wed Dec 15 01:00:42 CET 2021 |
SMTP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP | Commands |
---|---|---|---|---|---|
Apr 8, 2021 13:01:29.992228985 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 | 220-srvr.laprimeracloud08.com ESMTP Exim 4.94 #2 Thu, 08 Apr 2021 13:01:30 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. |
Apr 8, 2021 13:01:29.992747068 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 | EHLO 910646 |
Apr 8, 2021 13:01:30.036658049 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 | 250-srvr.laprimeracloud08.com Hello 910646 [185.32.222.8] 250-SIZE 52428800 250-8BITMIME 250-PIPELINING 250-X_PIPE_CONNECT 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP |
Apr 8, 2021 13:01:30.037194967 CEST | 49751 | 587 | 192.168.2.6 | 78.128.8.31 | STARTTLS |
Apr 8, 2021 13:01:30.085578918 CEST | 587 | 49751 | 78.128.8.31 | 192.168.2.6 | 220 TLS go ahead |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:59:27 |
Start date: | 08/04/2021 |
Path: | C:\Users\user\Desktop\FAKTURA I RACHUNKI.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 126976 bytes |
MD5 hash: | AC62EBBBF6EC96F48A8CCA64793BF8FB |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | Visual Basic |
Reputation: | low |
General |
---|
Start time: | 12:59:40 |
Start date: | 08/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xb0000 |
File size: | 64616 bytes |
MD5 hash: | 6FD7592411112729BF6B1F2F6C34899F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:59:40 |
Start date: | 08/04/2021 |
Path: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xba0000 |
File size: | 64616 bytes |
MD5 hash: | 6FD7592411112729BF6B1F2F6C34899F |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | .Net C# or VB.NET |
Yara matches: |
|
Reputation: | high |
General |
---|
Start time: | 12:59:41 |
Start date: | 08/04/2021 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff61de10000 |
File size: | 625664 bytes |
MD5 hash: | EA777DEEA782E8B4D7C7C33BBF8A4496 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|
Executed Functions |
---|
Function 023450CB, Relevance: 1.8, APIs: 1, Instructions: 250COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02345170, Relevance: 1.7, APIs: 1, Instructions: 200COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02345162, Relevance: 1.7, APIs: 1, Instructions: 178COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342E6B, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041109C, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00411188, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 02340954, Relevance: .2, Instructions: 206COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0234156B, Relevance: .1, Instructions: 149COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023409E5, Relevance: .1, Instructions: 141COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00406B0F, Relevance: .1, Instructions: 139COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02341587, Relevance: .1, Instructions: 96COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0234173A, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023439C3, Relevance: .1, Instructions: 92COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342022, Relevance: .1, Instructions: 77COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02343D76, Relevance: .1, Instructions: 74COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0234087D, Relevance: .1, Instructions: 64COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02341CEE, Relevance: .1, Instructions: 63COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342379, Relevance: .1, Instructions: 60COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02340E2E, Relevance: .1, Instructions: 58COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023447A7, Relevance: .1, Instructions: 57COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02344328, Relevance: .1, Instructions: 54COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342036, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 023446F2, Relevance: .1, Instructions: 53COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342B1B, Relevance: .0, Instructions: 41COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 02342372, Relevance: .0, Instructions: 36COMMON
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041112C, Relevance: .0, Instructions: 8COMMON
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413CB4, Relevance: 45.3, APIs: 30, Instructions: 267COMMON
C-Code - Quality: 44% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 51% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416BF7, Relevance: 40.8, APIs: 27, Instructions: 259COMMON
C-Code - Quality: 50% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00414E48, Relevance: 37.7, APIs: 25, Instructions: 244COMMON
C-Code - Quality: 55% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 57% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416828, Relevance: 34.7, APIs: 23, Instructions: 205COMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004160CA, Relevance: 34.7, APIs: 23, Instructions: 178COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 52% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 54% |
|
APIs |
|
Strings |
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 58% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417385, Relevance: 28.7, APIs: 19, Instructions: 194COMMON
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004179F7, Relevance: 28.7, APIs: 19, Instructions: 167COMMON
C-Code - Quality: 58% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416372, Relevance: 28.6, APIs: 19, Instructions: 107COMMON
C-Code - Quality: 51% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 61% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 50% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 60% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
C-Code - Quality: 49% |
|
APIs |
|
Strings |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415AF6, Relevance: 21.1, APIs: 14, Instructions: 132COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417D9A, Relevance: 21.1, APIs: 14, Instructions: 132COMMON
C-Code - Quality: 52% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004177DC, Relevance: 19.7, APIs: 13, Instructions: 153COMMON
C-Code - Quality: 46% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00417C61, Relevance: 15.1, APIs: 10, Instructions: 80COMMON
C-Code - Quality: 56% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415CCA, Relevance: 13.6, APIs: 9, Instructions: 103COMMON
C-Code - Quality: 64% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00415601, Relevance: 12.1, APIs: 8, Instructions: 75COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004180FA, Relevance: 10.6, APIs: 7, Instructions: 77COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 0041430E, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 004159DA, Relevance: 10.6, APIs: 7, Instructions: 69COMMON
C-Code - Quality: 66% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00416B0D, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
C-Code - Quality: 53% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413B04, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00413BDC, Relevance: 7.6, APIs: 5, Instructions: 57COMMON
C-Code - Quality: 54% |
|
APIs |
|
Memory Dump Source |
|
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Executed Functions |
---|
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84E07, Relevance: 1.5, APIs: 1, Instructions: 13nativeCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F818A6, Relevance: 1.6, APIs: 1, Instructions: 83threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F818CA, Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1CDBC248, Relevance: 1.6, APIs: 1, Instructions: 55COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1CDBDC6F, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1CDAA120, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 1CDAB068, Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
APIs |
|
Memory Dump Source |
|
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F82639, Relevance: 1.5, APIs: 1, Instructions: 13fileCOMMON
APIs |
|
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Non-executed Functions |
---|
Function 00F849C5, Relevance: .2, Instructions: 209COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84A48, Relevance: .1, Instructions: 124COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F84310, Relevance: .0, Instructions: 32COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F822DB, Relevance: .0, Instructions: 7COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F824D8, Relevance: .0, Instructions: 6COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |
Function 00F83F39, Relevance: .0, Instructions: 5COMMON
Memory Dump Source |
|
Yara matches |
Similarity |
|
Uniqueness |
Uniqueness Score: -1.00% |