Play interactive tourEdit tour
Windows Analysis Report Payment_Advice.exe
Overview
General Information
Detection
AgentTesla
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Sigma detected: RegAsm connects to smtp port
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Executable has a suspicious name (potential lure to open the executable)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "margaridasantos@tccinfaes.comTccBps1427logmail.tccinfaes.comforceconnor36@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Code function: | 5_2_1C9B54FC | |
Source: | Code function: | 5_2_1C9B5C68 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 5_2_00A46988 | |
Source: | Code function: | 5_2_00A41410 | |
Source: | Code function: | 5_2_00A81130 | |
Source: | Code function: | 5_2_00A8BA30 | |
Source: | Code function: | 5_2_00A83A50 | |
Source: | Code function: | 5_2_00A84320 | |
Source: | Code function: | 5_2_00A8C790 | |
Source: | Code function: | 5_2_00A83708 | |
Source: | Code function: | 5_2_1C999868 | |
Source: | Code function: | 5_2_1C99AAE2 | |
Source: | Code function: | 5_2_1C99AA00 | |
Source: | Code function: | 5_2_1C99EFCD | |
Source: | Code function: | 5_2_1C991D28 | |
Source: | Code function: | 5_2_1C993330 | |
Source: | Code function: | 5_2_1C9B8478 | |
Source: | Code function: | 5_2_1C9BEDB8 | |
Source: | Code function: | 5_2_1C9B19B0 | |
Source: | Code function: | 5_2_1C9BD2B8 | |
Source: | Code function: | 5_2_1C9BDAA0 | |
Source: | Code function: | 5_2_1C9BED5A | |
Source: | Code function: | 5_2_1C9B3230 | |
Source: | Code function: | 5_2_1C9B3240 | |
Source: | Code function: | 5_2_1DA45E08 | |
Source: | Code function: | 5_2_1DA44ACC | |
Source: | Code function: | 5_2_1DA45DC1 | |
Source: | Code function: | 5_2_1DA46AF1 | |
Source: | Code function: | 5_2_1C9971E0 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 1_2_0040417B | |
Source: | Code function: | 1_2_0040417B | |
Source: | Code function: | 1_2_0040417B | |
Source: | Code function: | 1_2_00406AB8 | |
Source: | Code function: | 1_2_0040857D | |
Source: | Code function: | 1_2_00405126 | |
Source: | Code function: | 1_2_004034E9 | |
Source: | Code function: | 1_2_00405421 | |
Source: | Code function: | 1_2_004031FA | |
Source: | Code function: | 1_2_004034E9 | |
Source: | Code function: | 1_2_004063A0 | |
Source: | Code function: | 1_2_00406BC2 | |
Source: | Code function: | 1_2_022D003F | |
Source: | Code function: | 1_2_022D3442 | |
Source: | Code function: | 1_2_022D5C9F | |
Source: | Code function: | 1_2_022D091B | |
Source: | Code function: | 1_2_022D23E3 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 5_2_00A86950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | ReversingLabs | Win32.Trojan.Mucc |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tccinfaes.com | 188.93.227.195 | true | true |
| unknown |
drive.google.com | 142.250.185.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 172.217.18.97 | true | false | high | |
mail.tccinfaes.com | unknown | unknown | true |
| unknown |
doc-0c-50-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
188.93.227.195 | tccinfaes.com | Portugal | 8426 | CLARANET-ASClaraNETLTDGB | true | |
172.217.18.97 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
142.250.185.238 | drive.google.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1363 |
Start date: | 27.09.2021 |
Start time: | 14:25:06 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 43s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Payment_Advice.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@4/1@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
14:27:57 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
188.93.227.195 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLARANET-ASClaraNETLTDGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.758289537816364 |
TrID: |
|
File name: | Payment_Advice.exe |
File size: | 90112 |
MD5: | 3a27f66a430a3b54d24fb8f75e837175 |
SHA1: | 4af41cd66669d3c2307c1b5af5c198778d174826 |
SHA256: | dd996392170826c47b9ab378464423e470a1bdfdff7bcd183c61e3e7896d4326 |
SHA512: | 2be02118a3affd640c2b1489816cd396ad3d1af6ab229a3a86bcc20f695445777c1146ffc7488b5bc664d16a6283a3bfa3256758804c2d0851a2bd261c1e1034 |
SSDEEP: | 768:tCbCZDdDSaAhQ41sPuTPfBcrGemB0KxtNavGJluWmqzYlf5sh/YDtOika:twCDDt41hO9mBHp88CmQua |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...0..V.................0... ...............@....@........ |
File Icon |
---|
Icon Hash: | 821ca88c8e8c8c00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012c8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5692D030 [Sun Jan 10 21:42:08 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e73b8c032c82c64991ebe487a7ffcd43 |
Entrypoint Preview |
---|
Instruction |
---|
push 0040FDF4h |
call 00007FDDE8A11513h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [esi+07B9DDCAh], ch |
xchg eax, esp |
int 47h |
xchg eax, edx |
pushfd |
pop eax |
movsx ecx, byte ptr [ebx-32h] |
and al, 00h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add al, bh |
das |
sbb al, 03h |
push esp |
imul esi, dword ptr [ebx+74h], 6Fh |
insd |
jc 00007FDDE8A11583h |
popad |
jc 00007FDDE8A11524h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
cmp byte ptr [edi-7ED8AE9Ah], al |
dec dword ptr [esi] |
dec esp |
mov dword ptr [A07C7AE1h], eax |
xchg eax, esi |
xor al, 99h |
inc edx |
dec ebp |
jp 00007FDDE8A1158Eh |
bound esi, dword ptr [ecx+608545E1h] |
xchg byte ptr [ebx], dl |
and al, ABh |
xchg eax, edi |
jmp far 6699h : 33AD4F3Ah |
iretd |
adc dword ptr [edi+00AA000Ch], esi |
pushad |
rcl dword ptr [ebx+00000000h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
sub al, 00000000h |
add byte ptr [eax+00000001h], bl |
or dword ptr [eax], eax |
push ebx |
jo 00007FDDE8A11591h |
outsd |
outsb |
jns 00007FDDE8A1158Bh |
jnc 00007FDDE8A1158Fh |
add byte ptr [46000B01h], cl |
jc 00007FDDE8A11587h |
jnc 00007FDDE8A1158Dh |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13514 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x550 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xe8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1297c | 0x13000 | False | 0.520379317434 | data | 6.25517473092 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x14000 | 0xcf4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x15000 | 0x550 | 0x1000 | False | 0.131591796875 | data | 1.42355103484 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x15428 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x15414 | 0x14 | data | ||
RT_VERSION | 0x150f0 | 0x324 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | ChatSwipe |
InternalName | AFFEJENDES |
FileVersion | 4.04.0001 |
CompanyName | ChatSwipe |
LegalTrademarks | ChatSwipe |
Comments | ChatSwipe |
ProductName | ChatSwipe |
ProductVersion | 4.04.0001 |
FileDescription | ChatSwipe |
OriginalFilename | AFFEJENDES.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 14:27:46.647640944 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.647712946 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.647860050 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.663566113 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.663614035 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.717464924 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.717726946 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.719696045 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.719927073 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.851212025 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.851265907 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.851942062 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:46.852076054 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.854641914 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:46.897972107 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659102917 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659301043 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659379959 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:47.659457922 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:47.659570932 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659710884 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:47.659746885 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659770966 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.659852982 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:47.706471920 CEST | 49793 | 443 | 192.168.11.20 | 142.250.185.238 |
Sep 27, 2021 14:27:47.706528902 CEST | 443 | 49793 | 142.250.185.238 | 192.168.11.20 |
Sep 27, 2021 14:27:47.777152061 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.777210951 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:47.777354002 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.777734995 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.777745008 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:47.811906099 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:47.812048912 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.812053919 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.812567949 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:47.812803984 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.816108942 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.816240072 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:47.816598892 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.816937923 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:47.857918024 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.046813965 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.047051907 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.047122002 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.047172070 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.047374010 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.047682047 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.047888994 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.047940016 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.048894882 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.049242973 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.049357891 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.049398899 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.049441099 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.049494982 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.049602985 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.049633980 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.049655914 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.049885988 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.056833029 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.056989908 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.057033062 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.057194948 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.057209015 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.057236910 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.057358027 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.057380915 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.057626963 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.057790995 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.057827950 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.057976007 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.058298111 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.058456898 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.058492899 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.058629990 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.058979034 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.059433937 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.059463978 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.059612989 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.059639931 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.059657097 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.059856892 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.060373068 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.060550928 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.060590982 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.060760975 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.060980082 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.061153889 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.061178923 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.061202049 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.061331034 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.061371088 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.061913013 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.062073946 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.062300920 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.062453985 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.062496901 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.062526941 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.062601089 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.062688112 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.063178062 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.063343048 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.063393116 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.063422918 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.063494921 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.063606024 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.063623905 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.063826084 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.063982964 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.064121962 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.064686060 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.064733982 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.064896107 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.064961910 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.065110922 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.065136909 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.065399885 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.065459967 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.065653086 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.066924095 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067087889 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.067125082 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067245960 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067270994 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.067292929 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067378044 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.067395926 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.067410946 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067653894 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.067698956 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.067890882 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.068119049 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.068280935 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.068382025 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.068418026 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.068425894 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.068631887 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.068872929 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069044113 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069453001 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.069494963 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069503069 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.069637060 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.069658041 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069674969 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069814920 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.069823027 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.069833040 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.069884062 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.070000887 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.070024014 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.070518970 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.070678949 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.070704937 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.070733070 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.070835114 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.070863962 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.071057081 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.071103096 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.071250916 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.071362972 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.071510077 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.071532965 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.071551085 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.071691990 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.071717978 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.071736097 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.072010994 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.072426081 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.072594881 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.072630882 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.072649956 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.072844982 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.072877884 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.073084116 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.073311090 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.073465109 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.073501110 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.073535919 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.073616982 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.073689938 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.073717117 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.074357986 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.074403048 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.074434996 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.074533939 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.074579954 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.074599028 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.074856043 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.074904919 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.075067043 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.075186968 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.075345039 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.075391054 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.075424910 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.075496912 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.075615883 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.075649977 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.075813055 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.075925112 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076066017 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076081991 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076100111 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076225042 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076244116 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076260090 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076421976 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076451063 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076646090 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076797009 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076937914 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.076956034 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.076976061 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.077089071 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.077114105 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.077326059 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.077356100 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.077528000 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.077986002 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078147888 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078180075 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078203917 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078313112 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078331947 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078346968 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078460932 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078494072 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078514099 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078619003 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078636885 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078651905 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078774929 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078845978 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.078882933 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.078962088 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079066992 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.079077959 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079098940 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.079303026 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.079699993 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079705000 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.079740047 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.079747915 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079757929 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079842091 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079857111 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079890013 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079899073 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079937935 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.079957008 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080095053 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080116034 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080225945 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080239058 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080255985 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080405951 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080436945 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080486059 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080514908 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080554008 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080662012 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080692053 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080828905 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080852032 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.080871105 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.080986023 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081002951 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081018925 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081176043 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081192017 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081206083 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081346035 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081360102 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081372976 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081392050 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081541061 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081562996 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081581116 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081670046 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081687927 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081702948 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081913948 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.081935883 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.081952095 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082103014 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082119942 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082134008 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082273006 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082287073 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082308054 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082323074 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082434893 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082453966 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082468987 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082593918 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082614899 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082633018 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082722902 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082737923 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082757950 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082931042 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.082947016 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.082962036 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083125114 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083158016 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083178997 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083290100 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083348036 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083378077 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083395004 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083576918 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083632946 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083658934 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083750963 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083802938 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.083831072 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.083983898 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084017038 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.084024906 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.084311008 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.084620953 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.084732056 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084762096 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.084769964 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084779978 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084786892 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084850073 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084908009 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084922075 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.084938049 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085099936 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085109949 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085131884 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085262060 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085278988 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085294008 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085423946 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085448027 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085469961 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085596085 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085613966 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085647106 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085793972 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.085824013 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.085980892 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086002111 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086018085 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086158037 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086205959 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086229086 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086304903 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086374044 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086380959 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086400986 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086529970 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086554050 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086582899 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086606979 CEST | 443 | 49794 | 172.217.18.97 | 192.168.11.20 |
Sep 27, 2021 14:27:48.086666107 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:27:48.086716890 CEST | 49794 | 443 | 192.168.11.20 | 172.217.18.97 |
Sep 27, 2021 14:29:23.906142950 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:23.955312967 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:23.955503941 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.168488026 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.168943882 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.218462944 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.218764067 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.270509005 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.273257971 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.331753016 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.331814051 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.331861973 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.331898928 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.332004070 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.332051992 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.334561110 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.336828947 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.386439085 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.428163052 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.530848980 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.580297947 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.581662893 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.631176949 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.631814003 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.721235991 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.729388952 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.729914904 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.779839039 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.780261040 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.840363979 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.840739965 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.890048981 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.919848919 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.919869900 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.920037031 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.920049906 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:29:24.969171047 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.969219923 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.969252110 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:24.969281912 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:25.016222954 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:29:25.068703890 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:31:03.734673977 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:31:03.786339998 CEST | 587 | 49795 | 188.93.227.195 | 192.168.11.20 |
Sep 27, 2021 14:31:03.786801100 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
Sep 27, 2021 14:31:03.787214994 CEST | 49795 | 587 | 192.168.11.20 | 188.93.227.195 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 14:26:56.150543928 CEST | 53452 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:26:56.160590887 CEST | 53 | 53452 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:26:56.327070951 CEST | 54745 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:26:56.335184097 CEST | 53 | 54745 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:27:18.321825027 CEST | 54327 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:27:18.331463099 CEST | 53 | 54327 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:27:18.608963966 CEST | 52991 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:27:18.618124008 CEST | 53 | 52991 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:27:46.625781059 CEST | 65361 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:27:46.634490013 CEST | 53 | 65361 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:27:47.742479086 CEST | 53817 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:27:47.776000977 CEST | 53 | 53817 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:29:23.700325966 CEST | 61632 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:29:23.846502066 CEST | 53 | 61632 | 1.1.1.1 | 192.168.11.20 |
Sep 27, 2021 14:30:34.089539051 CEST | 64359 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 27, 2021 14:30:34.098546028 CEST | 53 | 64359 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 27, 2021 14:27:46.625781059 CEST | 192.168.11.20 | 1.1.1.1 | 0x9019 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 14:27:47.742479086 CEST | 192.168.11.20 | 1.1.1.1 | 0xc98d | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 27, 2021 14:29:23.700325966 CEST | 192.168.11.20 | 1.1.1.1 | 0x6d52 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 27, 2021 14:27:46.634490013 CEST | 1.1.1.1 | 192.168.11.20 | 0x9019 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 14:27:47.776000977 CEST | 1.1.1.1 | 192.168.11.20 | 0xc98d | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 14:27:47.776000977 CEST | 1.1.1.1 | 192.168.11.20 | 0xc98d | No error (0) | 172.217.18.97 | A (IP address) | IN (0x0001) | ||
Sep 27, 2021 14:29:23.846502066 CEST | 1.1.1.1 | 192.168.11.20 | 0x6d52 | No error (0) | tccinfaes.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 27, 2021 14:29:23.846502066 CEST | 1.1.1.1 | 192.168.11.20 | 0x6d52 | No error (0) | 188.93.227.195 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49793 | 142.250.185.238 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-27 12:27:46 UTC | 0 | OUT | |
2021-09-27 12:27:47 UTC | 0 | IN | |
2021-09-27 12:27:47 UTC | 1 | IN | |
2021-09-27 12:27:47 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49794 | 172.217.18.97 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-27 12:27:47 UTC | 1 | OUT | |
2021-09-27 12:27:48 UTC | 2 | IN |