Play interactive tourEdit tour
Windows Analysis Report CI and PL of CMZBD-210090.exe
Overview
General Information
Detection
GuLoader AgentTesla
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Telegram RAT
Yara detected AgentTesla
GuLoader behavior detected
Hides threads from debuggers
Installs a global keyboard hook
Writes to foreign memory regions
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses the Telegram API (likely for C&C communication)
Machine Learning detection for sample
Tries to detect virtualization through RDTSC time measurements
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Abnormal high CPU Usage
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a window with clipboard capturing capabilities
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Telegram RAT |
---|
{"C2 url": "https://api.telegram.org/bot1996953049:AAH2EyLl5sWiWWep1n_p6ZBPPY3UEsTqo0M/sendMessage"}
Threatname: Agenttesla |
---|
{"Exfil Mode": "Telegram", "Chat id": "1985758957", "Chat URL": "https://api.telegram.org/bot1996953049:AAH2EyLl5sWiWWep1n_p6ZBPPY3UEsTqo0M/sendDocument"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 1 entries |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Uses the Telegram API (likely for C&C communication) | Show sources |
Source: | DNS query: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing: |
---|
Installs a global keyboard hook | Show sources |
Source: | Windows user hook set: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Window created: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | 0_2_00401114 | |
Source: | Code function: | 15_2_1D6A68D8 | |
Source: | Code function: | 15_2_1D6A5B78 | |
Source: | Code function: | 15_2_1D6AAF4B | |
Source: | Code function: | 15_2_1D73E948 | |
Source: | Code function: | 15_2_1D739A08 | |
Source: | Code function: | 15_2_1DAE47A0 | |
Source: | Code function: | 15_2_1DAE4790 | |
Source: | Code function: | 15_2_1DAE4773 | |
Source: | Code function: | 15_2_1DAE4750 |
Source: | Process Stats: | ||
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Code function: | 0_2_00404453 | |
Source: | Code function: | 0_2_00404467 | |
Source: | Code function: | 0_2_0040443F | |
Source: | Code function: | 0_2_004081A1 | |
Source: | Code function: | 0_2_0040A29F | |
Source: | Code function: | 0_2_021E0C06 | |
Source: | Code function: | 15_2_00D8DB65 | |
Source: | Code function: | 15_2_1D6A4D44 | |
Source: | Code function: | 15_2_1D6AD4E8 | |
Source: | Code function: | 15_2_1D6AD51C | |
Source: | Code function: | 15_2_1D6AD51C | |
Source: | Code function: | 15_2_1D6AB5C1 | |
Source: | Code function: | 15_2_1D6AADB0 | |
Source: | Code function: | 15_2_1D6AAC90 | |
Source: | Code function: | 15_2_1D6AAD28 | |
Source: | Code function: | 15_2_1D6AD4E8 | |
Source: | Code function: | 15_2_1D6A4C14 | |
Source: | Code function: | 15_2_1DAEC583 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 15_2_1D6A0A66 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected Telegram RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
GuLoader behavior detected | Show sources |
Source: | Signature Results: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected Telegram RAT | Show sources |
Source: | File source: | ||
Source: | File source: |
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery521 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Web Service1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Input Capture111 | Process Discovery2 | Remote Desktop Protocol | Input Capture111 | Exfiltration Over Bluetooth | Encrypted Channel11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Archive Collected Data1 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Data from Local System2 | Scheduled Transfer | Non-Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | Remote System Discovery1 | SSH | Clipboard Data1 | Data Transfer Size Limits | Application Layer Protocol14 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Information Discovery214 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
12% | ReversingLabs | |||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 172.217.168.78 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
googlehosted.l.googleusercontent.com | 172.217.168.65 | true | false | high | |
doc-0o-00-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
172.217.168.65 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 483265 |
Start date: | 14.09.2021 |
Start time: | 18:36:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | CI and PL of CMZBD-210090.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Suspected Instruction Hammering Hide Perf |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/1@3/3 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
18:41:30 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
api.telegram.org | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.999486188270087 |
TrID: |
|
File name: | CI and PL of CMZBD-210090.exe |
File size: | 126976 |
MD5: | 1f9b03378d7dc859a1c6e13a5832582e |
SHA1: | 670bf2c5dbc7f6f8d9d1ec4b8d6c527a5eefdb8b |
SHA256: | ce8385347104cf190b23811bb67ba8edac9186073d6953ca23720f1e92af7eb3 |
SHA512: | 40b070c01703ae37541b1b6d079144771bc0db0284ebbd45f715889b6b5a959f4f2bad5b3e38c882e95240f55249b0e332b7e318b3c450743c15b7b66f5403df |
SSDEEP: | 1536:bW30on+jXsoPTna24R4xoTI2l41yjEmxJjQ1CkZrik3QKRv93snKLH:lbrwGxeX+sEPCUek3QKRFl |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L.....wX..........................................@........................ |
File Icon |
---|
Icon Hash: | eca24dd23ca5cce8 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401114 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5877ECB2 [Thu Jan 12 20:53:06 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 82687acae94d2aed1f61dd47940dabd7 |
Entrypoint Preview |
---|
Instruction |
---|
push 00401944h |
call 00007F25711D4FA3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax+7Dh], dh |
jl 00007F25711D4FF4h |
inc eax |
in eax, 48h |
xchg eax, edi |
adc eax, ED999408h |
mov ah, 58h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
outsd |
jbe 00007F25711D5017h |
jc 00007F25711D501Ah |
popad |
imul ebp, dword ptr [edi+ebp*2+76h], 00000000h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
sub eax, A1070C29h |
jnp 00007F25711D500Bh |
aam 40h |
cdq |
mov byte ptr [ebx-38h], ah |
pop eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x18be4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1b000 | 0x5a4c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x220 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x70 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x17d0c | 0x18000 | False | 0.522064208984 | data | 6.30520790061 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x19000 | 0x1938 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1b000 | 0x5a4c | 0x6000 | False | 0.357218424479 | data | 5.10422339689 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x2074e | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x20450 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x1fb92 | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
RT_ICON | 0x1fa6a | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x1f502 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x1f21a | 0x2e8 | data | ||
RT_ICON | 0x1e972 | 0x8a8 | data | ||
RT_ICON | 0x1e60a | 0x368 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x1dec2 | 0x748 | data | ||
RT_ICON | 0x1d21a | 0xca8 | data | ||
RT_ICON | 0x1b572 | 0x1ca8 | data | ||
RT_GROUP_ICON | 0x1b4fc | 0x76 | data | ||
RT_VERSION | 0x1b2f0 | 0x20c | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | MethCallEngine, EVENT_SINK_AddRef, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
InternalName | meta |
FileVersion | 1.00 |
CompanyName | Cellular |
ProductName | overhailov |
ProductVersion | 1.00 |
OriginalFilename | meta.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 14, 2021 18:41:15.645840883 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:15.645905018 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:15.646064997 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:15.673167944 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:15.673242092 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:15.760016918 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:15.760169983 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:15.760277987 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:15.760365009 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.038130999 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.038193941 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.038741112 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.038841009 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.041814089 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.083163023 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.541322947 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.541496038 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.541862011 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.587311983 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.587497950 CEST | 443 | 49838 | 172.217.168.78 | 192.168.2.4 |
Sep 14, 2021 18:41:16.587594032 CEST | 49838 | 443 | 192.168.2.4 | 172.217.168.78 |
Sep 14, 2021 18:41:16.661668062 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.661709070 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.661797047 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.662507057 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.662540913 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.743624926 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.743841887 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.743875027 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.743911028 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.743932009 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.743999004 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.768923998 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.768955946 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.769349098 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:16.769406080 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.769979000 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:16.811131001 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.137495995 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.137615919 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.137634039 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.139986992 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.140114069 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.141711950 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.141803980 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.145296097 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.145354033 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.145394087 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.145428896 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.145450115 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.145483971 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.149041891 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.149315119 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.149518967 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.149589062 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.164463043 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.164599895 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.164611101 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.164664984 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.165122032 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.165189981 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.165200949 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.165242910 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.166873932 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.166956902 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.166970015 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.167023897 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.168713093 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.168783903 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.168795109 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.168845892 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.170516968 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.170587063 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.170597076 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.170644045 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.172247887 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.172324896 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.172334909 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.172393084 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.174025059 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.174093962 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.174103975 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.174150944 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.175852060 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.175924063 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.175932884 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.175981998 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.177625895 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.177702904 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.177716970 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.177769899 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.179415941 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.179481983 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.179498911 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.179560900 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.181159973 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.181231022 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.181247950 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.181302071 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.182876110 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.182952881 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.182965994 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.183017969 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.184592009 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.184667110 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.184679985 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.184731007 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.186402082 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.186499119 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.186512947 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.186569929 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.188102961 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.188182116 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.188199043 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.188261032 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.189790964 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.189857006 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.189876080 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.189934015 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.191514015 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.191589117 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.191610098 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.191667080 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.192698956 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.192787886 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.192790031 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.192811966 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.192859888 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.192874908 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.193906069 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.193979025 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.193996906 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.194070101 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.194967985 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.195045948 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.195065022 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.195142984 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.196041107 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.196206093 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.196217060 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.196266890 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.197135925 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.197221994 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.197463036 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.197546959 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.198225975 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.198306084 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.198328018 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.198390961 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.199338913 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.199433088 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.199454069 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.199512959 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.200444937 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.200515985 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.200536013 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.200592041 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.201499939 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.202097893 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.202116966 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.202178001 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.202589989 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.202657938 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.202680111 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.202737093 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.203718901 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.203799009 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.203818083 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.203876972 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.204806089 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.204883099 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.204904079 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.204968929 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.205845118 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.205924034 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.205952883 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.206010103 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.206934929 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.207000971 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.207022905 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.207082987 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.207098961 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.207156897 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.207997084 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.208054066 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.208076000 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.208132029 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.209124088 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.209206104 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.209224939 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.209291935 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.210174084 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.210251093 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.210272074 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.210329056 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.211308002 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.211381912 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.211400032 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.211456060 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.212268114 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.212346077 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.212364912 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.212795019 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.213222980 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.213283062 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.213303089 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.213363886 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.214107037 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.214198112 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.214224100 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.214302063 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.215080976 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.215169907 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.215204954 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.215275049 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.215912104 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.215991020 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.216013908 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.216079950 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.216893911 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.216985941 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.217005014 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.217067957 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.217721939 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.218344927 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.218358994 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.218421936 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.218658924 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.218724012 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.218744993 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.218813896 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.218832016 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.218883038 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.219511032 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.219587088 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.219608068 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.219666004 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.220097065 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.220166922 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.220191002 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.220276117 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.220303059 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.220372915 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.221074104 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.221158028 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.221162081 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.221215010 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.221225023 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.221267939 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.221942902 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.222012997 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.222028017 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.222045898 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.222151041 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.222811937 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.222873926 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.222898960 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.222956896 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.222970009 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.223021984 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.223653078 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.223731995 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.223748922 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.223812103 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.223825932 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.223877907 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.224523067 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.224586010 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.224826097 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.224884033 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.224900961 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.224970102 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.224987030 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.225042105 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.225667953 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.225737095 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.225759029 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.225816965 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.225828886 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.225883961 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.226412058 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.226476908 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.226499081 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.226557970 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.226568937 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.226623058 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.227298975 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.227370024 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.227392912 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.227448940 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.227461100 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.227516890 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.228058100 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.228142977 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.228152037 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.228171110 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.228241920 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.228255987 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.228863955 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.228938103 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.228960991 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.229020119 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.229031086 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.229083061 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.229737043 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.229832888 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.229875088 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.229898930 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.229935884 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.229947090 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.229959011 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.230036020 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.230434895 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.230487108 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.230509996 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.230561972 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.230578899 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.230624914 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.231179953 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.231240988 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.231262922 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.231322050 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.231338978 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.231384039 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.231867075 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.231940031 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.231962919 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232018948 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232021093 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.232038021 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232073069 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.232088089 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.232837915 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232908010 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.232928991 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232980013 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.232984066 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.233007908 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.233026028 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.233067989 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.233808041 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.233870983 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.233891010 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.233942032 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.233952999 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.233977079 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.233995914 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.234030008 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.234770060 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.234827995 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.234850883 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.234904051 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.234908104 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.234925985 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.234946966 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.234976053 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.235722065 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.235785007 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.235807896 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.235865116 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.235883951 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.235934973 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.235935926 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.235953093 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.235989094 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.236011028 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.236623049 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.236706018 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.236870050 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.236922026 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.236943960 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.236995935 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.237015009 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.237071991 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.237092018 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.237137079 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.237771034 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.237840891 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.237862110 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.237927914 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.237941980 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.238001108 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.238848925 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:41:17.240227938 CEST | 443 | 49839 | 172.217.168.65 | 192.168.2.4 |
Sep 14, 2021 18:41:17.240324020 CEST | 49839 | 443 | 192.168.2.4 | 172.217.168.65 |
Sep 14, 2021 18:42:56.357392073 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.357430935 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.358822107 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.363820076 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.363843918 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.428647995 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.428853989 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.433063030 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.433073044 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.433648109 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.440440893 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.476553917 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.479547024 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.523159027 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.894925117 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.897020102 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
Sep 14, 2021 18:42:56.897049904 CEST | 443 | 49840 | 149.154.167.220 | 192.168.2.4 |
Sep 14, 2021 18:42:56.897134066 CEST | 49840 | 443 | 192.168.2.4 | 149.154.167.220 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 14, 2021 18:36:53.400593042 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:36:53.431893110 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:26.172319889 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:26.218472958 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:42.836487055 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:42.863136053 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:46.252813101 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:46.322527885 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:47.049464941 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:47.082562923 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:47.536254883 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:47.569142103 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:47.893361092 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:47.934828043 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:48.378473997 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:48.408154011 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:49.031199932 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:49.076150894 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:49.172090054 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:49.211971045 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:49.470839977 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:49.499596119 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:50.183506012 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:50.208632946 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:51.264286995 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:51.290956974 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:37:51.990253925 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:37:52.031847954 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:38:04.459747076 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:38:04.488055944 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:38:30.179734945 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:38:30.223356962 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:41:15.583697081 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:41:15.628441095 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:41:16.621764898 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:41:16.657521963 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:42:56.229713917 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:42:56.256963015 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:44:06.179713011 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:44:06.218039989 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Sep 14, 2021 18:44:07.245057106 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Sep 14, 2021 18:44:07.294460058 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 14, 2021 18:41:15.583697081 CEST | 192.168.2.4 | 8.8.8.8 | 0xa9a7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 14, 2021 18:41:16.621764898 CEST | 192.168.2.4 | 8.8.8.8 | 0x44bd | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 14, 2021 18:42:56.229713917 CEST | 192.168.2.4 | 8.8.8.8 | 0x4b72 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 14, 2021 18:41:15.628441095 CEST | 8.8.8.8 | 192.168.2.4 | 0xa9a7 | No error (0) | 172.217.168.78 | A (IP address) | IN (0x0001) | ||
Sep 14, 2021 18:41:16.657521963 CEST | 8.8.8.8 | 192.168.2.4 | 0x44bd | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 14, 2021 18:41:16.657521963 CEST | 8.8.8.8 | 192.168.2.4 | 0x44bd | No error (0) | 172.217.168.65 | A (IP address) | IN (0x0001) | ||
Sep 14, 2021 18:42:56.256963015 CEST | 8.8.8.8 | 192.168.2.4 | 0x4b72 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) | ||
Sep 14, 2021 18:44:06.218039989 CEST | 8.8.8.8 | 192.168.2.4 | 0xae99 | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49838 | 172.217.168.78 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-14 16:41:16 UTC | 0 | OUT | |
2021-09-14 16:41:16 UTC | 0 | IN | |
2021-09-14 16:41:16 UTC | 1 | IN | |
2021-09-14 16:41:16 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.4 | 49839 | 172.217.168.65 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-14 16:41:16 UTC | 2 | OUT | |
2021-09-14 16:41:17 UTC | 2 | IN |