Play interactive tourEdit tour
Windows Analysis Report Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Creates processes with suspicious names
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "murbano@reyesyasociados.com495QTi314mail.reyesyasociados.comvirwuh@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 16_2_011C6AC0 | |
Source: | Code function: | 16_2_011C7211 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 16_2_00E41130 | |
Source: | Code function: | 16_2_00E43A50 | |
Source: | Code function: | 16_2_00E4BA58 | |
Source: | Code function: | 16_2_00E44320 | |
Source: | Code function: | 16_2_00E4C7B8 | |
Source: | Code function: | 16_2_00E43708 | |
Source: | Code function: | 16_2_00E56AC8 | |
Source: | Code function: | 16_2_00E50890 | |
Source: | Code function: | 16_2_01157C90 | |
Source: | Code function: | 16_2_0115BF78 | |
Source: | Code function: | 16_2_0115AE68 | |
Source: | Code function: | 16_2_01156518 | |
Source: | Code function: | 16_2_01151D28 | |
Source: | Code function: | 16_2_0115B710 | |
Source: | Code function: | 16_2_011CB5B0 | |
Source: | Code function: | 16_2_011CA1D0 | |
Source: | Code function: | 16_2_011CE038 | |
Source: | Code function: | 16_2_011C3C68 | |
Source: | Code function: | 16_2_011CDA20 | |
Source: | Code function: | 16_2_011C2AF0 | |
Source: | Code function: | 16_2_011C89B8 | |
Source: | Code function: | 16_2_011C7E48 | |
Source: | Code function: | 16_2_1D395550 | |
Source: | Code function: | 16_2_1D393588 | |
Source: | Code function: | 16_2_1D390040 | |
Source: | Code function: | 16_2_1D395F60 | |
Source: | Code function: | 16_2_1D39A510 | |
Source: | Code function: | 16_2_1D39003F |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 5_2_0040585F | |
Source: | Code function: | 5_2_00405D7F | |
Source: | Code function: | 5_2_00402B96 | |
Source: | Code function: | 5_2_022546C3 | |
Source: | Code function: | 5_2_022546C3 | |
Source: | Code function: | 5_2_022506CD | |
Source: | Code function: | 5_2_02256363 | |
Source: | Code function: | 5_2_022505D4 | |
Source: | Code function: | 16_2_00E45EF6 | |
Source: | Code function: | 16_2_011CD1C6 | |
Source: | Code function: | 16_2_1D39554E | |
Source: | Code function: | 16_2_1D395419 |
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | |||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior | ||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 5_2_02254DC9 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 5_2_02254DC9 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 16_2_00E46958 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery431 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
32% | Virustotal | Browse | ||
59% | ReversingLabs | Win32.Trojan.Mucc |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.185.174 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.193 | true | false | high | |
edge-web.dual-gslb.spotify.com | 35.186.224.25 | true | false | high | |
mail.reyesyasociados.com | 109.169.39.245 | true | true | unknown | |
spclient.wg.spotify.com | unknown | unknown | false | high | |
doc-0o-50-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
109.169.39.245 | mail.reyesyasociados.com | United Kingdom | 20860 | IOMART-ASGB | true | |
142.250.185.174 | drive.google.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1383 |
Start date: | 28.09.2021 |
Start time: | 12:58:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@10/1@4/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:02:24 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
109.169.39.245 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
edge-web.dual-gslb.spotify.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
mail.reyesyasociados.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
IOMART-ASGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.697062658365674 |
TrID: |
|
File name: | Zapytanie ofertowe (SHELMO Sp. z o.o. 09272021).exe |
File size: | 90112 |
MD5: | 419a3e9ce6606d5ed7b22a7574e1a294 |
SHA1: | 7c08e8f1f4f478df9baf5d00675bd174467621bc |
SHA256: | 3ebfb7cdc30291bcc995951dda1d8f62cea3e0beb990e35fabb3078b6d9d9921 |
SHA512: | 9656f15444698040c29674c4370604397c37147c07924b1bc8751b62e3a437808c234f3f155a9af927f57084264b762d5daa949c3d76b2e9755ec17690cb656e |
SSDEEP: | 768:tKI6PD+GddmSjV7vdnt/L/qT/pYT2IO7vPPqRgAWn95fRiBLWfRrhTSgStnLYqwp:tP0+6mSjxvD/q7eT2HQgFn3OWflNULK |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...q.(T.................0... ...............@....@........ |
File Icon |
---|
Icon Hash: | 821ca88c8e8c8c00 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012c8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5428C171 [Mon Sep 29 02:18:25 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e73b8c032c82c64991ebe487a7ffcd43 |
Entrypoint Preview |
---|
Instruction |
---|
push 0040FD84h |
call 00007FEEECE752C3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add al, dl |
sbb eax, 16A1B5FBh |
xchg eax, ecx |
inc ecx |
mov bh, A2h |
pop esi |
stosd |
xchg eax, ecx |
js 00007FEEECE752D2h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax+69h], dl |
arpl word ptr [ebp+esi*2+72h], si |
dec eax |
push edx |
inc esi |
inc ecx |
push edx |
push esi |
inc ebp |
push esp |
add byte ptr [ecx+eax*2+47h], al |
inc ebp |
dec esi |
inc ebp |
push ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
cmp byte ptr [ecx+4514D5FFh], dl |
push esi |
stosd |
inc edi |
cdq |
inc esp |
mov ah, EFh |
adc dh, byte ptr [esi-555086FBh] |
jmp 00007FEEECE752C5h |
das |
outsb |
rol dword ptr [ecx-69h], cl |
neg byte ptr [esp+esi] |
pop ecx |
cmp dword ptr [ecx-47h], esp |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
adc eax, ebp |
add byte ptr [eax], al |
mov eax, dword ptr [ecx] |
add byte ptr [eax], al |
add byte ptr [edx], cl |
add byte ptr [esp+eax*2+53h], al |
inc esp |
inc ecx |
inc edi |
inc ebp |
dec esi |
inc ebp |
push ebx |
add byte ptr [4E000401h], cl |
popad |
jo 00007FEEECE75333h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13484 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x540 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xe8 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x128ec | 0x13000 | False | 0.512232730263 | data | 6.18689428252 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x14000 | 0xcf4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x15000 | 0x540 | 0x1000 | False | 0.12939453125 | data | 1.40564634666 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x15418 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x15404 | 0x14 | data | ||
RT_VERSION | 0x150f0 | 0x314 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | ChatSwipe |
InternalName | SOOTIER |
FileVersion | 4.04.0001 |
CompanyName | ChatSwipe |
LegalTrademarks | ChatSwipe |
Comments | ChatSwipe |
ProductName | ChatSwipe |
ProductVersion | 4.04.0001 |
FileDescription | ChatSwipe |
OriginalFilename | SOOTIER.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2021 13:02:13.281682968 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.281766891 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.281985998 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.310043097 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.310097933 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.364548922 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.364694118 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.364728928 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.364876032 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.367634058 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.367938042 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.576765060 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.576776981 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.576940060 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:13.577075958 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.583203077 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:13.625907898 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.119752884 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.119856119 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.120125055 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:14.120158911 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:14.120337963 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.120481968 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.120496035 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:14.120695114 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:14.166517973 CEST | 49726 | 443 | 192.168.11.20 | 142.250.185.174 |
Sep 28, 2021 13:02:14.166528940 CEST | 443 | 49726 | 142.250.185.174 | 192.168.11.20 |
Sep 28, 2021 13:02:14.202445984 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.202460051 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.202599049 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.202889919 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.202898026 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.236150980 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.236331940 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.236393929 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.236979008 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.237231970 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.240746975 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.240921974 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.241080046 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.241375923 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.281881094 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.470383883 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.470598936 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.470633984 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.470664024 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.470788002 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.470834970 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.471178055 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.471380949 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.472342968 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.472546101 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.472579002 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.472619057 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.472727060 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.472800016 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.473004103 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.473196983 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.473243952 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.473431110 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.479754925 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.479994059 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.480066061 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.480190992 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.480257034 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.480307102 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.480418921 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.480494022 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.480706930 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.480901003 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.480971098 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.481158972 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.481257915 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.481475115 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.481540918 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.481775045 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.482062101 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.482245922 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.482290030 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.482475996 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.482678890 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.482863903 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.482918978 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.483084917 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.483320951 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.483494043 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.483549118 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.483735085 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.483916998 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.484067917 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.484102964 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.484262943 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.484525919 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.484714031 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.484745026 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.484894991 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.485066891 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.485233068 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.485250950 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.485281944 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.485399008 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.485419989 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.486248970 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.486407042 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.486465931 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.486498117 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.486516953 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.486565113 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.486645937 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.486902952 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487056971 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.487067938 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487088919 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487196922 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.487215042 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.487687111 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487839937 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.487840891 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487871885 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.487989902 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.488008976 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.489702940 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.489877939 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.489921093 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.489944935 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490051031 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.490073919 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.490093946 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490276098 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.490312099 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490343094 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490473986 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.490489960 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490514994 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.490747929 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.491060019 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.491226912 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.491269112 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.491291046 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.491432905 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.491465092 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.491488934 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.491729975 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.491904974 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492082119 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492085934 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.492125034 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492254019 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.492275000 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.492290020 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492434025 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.492778063 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492983103 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.492995024 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.493030071 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.493165970 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.493199110 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.493227959 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.493360996 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.493748903 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.493938923 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.493974924 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.494054079 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.494127035 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.494154930 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.494268894 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.494287968 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.494637966 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.494817972 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.494843006 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.494894981 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.495018005 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495039940 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495058060 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.495284081 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495404959 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.495570898 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.495613098 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495650053 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.495719910 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495799065 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.495815039 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.496021986 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.496356010 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.496529102 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.496566057 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.496601105 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.496670961 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.496759892 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.496777058 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.496916056 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.497340918 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.497510910 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.497540951 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.497571945 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.497653961 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.497706890 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.497720003 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.497869968 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.498217106 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.498400927 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.498449087 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.498476028 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.498548985 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.498631954 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.498667002 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.498692989 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.498703003 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.498893976 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499092102 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.499263048 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.499308109 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499346972 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.499366045 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.499428034 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499515057 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499540091 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499564886 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.499749899 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.499990940 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500149965 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500179052 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500272989 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500314951 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500335932 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500416040 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500436068 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500478029 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500497103 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500586033 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500614882 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500649929 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500672102 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500777960 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500848055 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.500869036 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.500969887 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501086950 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501179934 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501208067 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501255035 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501307011 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501399040 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501440048 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501625061 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501668930 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501813889 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501827002 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501876116 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.501957893 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.501983881 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502003908 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502160072 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502178907 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502280951 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502326012 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502357960 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502445936 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502521992 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502533913 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502547979 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502573967 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502674103 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502687931 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502701998 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502846956 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.502861977 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502880096 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.502993107 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503015995 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503038883 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503197908 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503223896 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503333092 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503417969 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503439903 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503504038 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503526926 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503599882 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503618002 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503698111 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503709078 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503791094 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503810883 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503864050 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503899097 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.503953934 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.503978968 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504060984 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504132032 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504138947 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504158020 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504296064 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504317999 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504331112 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504347086 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504487038 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504506111 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504524946 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504542112 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504684925 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504726887 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504750013 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.504825115 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504905939 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.504924059 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505091906 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505111933 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505240917 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505270958 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505278111 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505292892 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505297899 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505311012 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505445957 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505553007 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505728960 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505745888 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505763054 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.505897999 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.505924940 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506048918 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506134033 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506158113 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506175995 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506206036 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506304979 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506313086 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506314039 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506335020 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506479979 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506509066 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506530046 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506634951 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506664991 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506736040 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506753922 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506769896 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.506846905 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506923914 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506939888 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.506963015 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507103920 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507129908 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507137060 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507152081 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507256031 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507304907 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507316113 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507328987 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507494926 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507515907 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507662058 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507687092 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507813931 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507836103 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507841110 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507853985 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.507957935 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507972002 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.507996082 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:02:14.508111954 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.508203030 CEST | 49727 | 443 | 192.168.11.20 | 142.250.185.193 |
Sep 28, 2021 13:02:14.508233070 CEST | 443 | 49727 | 142.250.185.193 | 192.168.11.20 |
Sep 28, 2021 13:03:50.175822973 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.194940090 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.195190907 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.215318918 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.215816975 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.235476017 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.235780001 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.272535086 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.279819012 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.307831049 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.307898998 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.307948112 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.307984114 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.308141947 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.309533119 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.313460112 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.334080935 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.388484001 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.470958948 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.490211964 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.491904020 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.512092113 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.512597084 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.537055016 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.537662029 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.557243109 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.557658911 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.578252077 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.578608036 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.598829985 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.653614998 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.653637886 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.653695107 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.653701067 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:03:50.672823906 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.672846079 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.673235893 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.686750889 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:03:50.732150078 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:05:30.132404089 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:05:30.152806997 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:05:30.152856112 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:05:30.153063059 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:05:30.153434038 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
Sep 28, 2021 13:05:30.154298067 CEST | 587 | 49748 | 109.169.39.245 | 192.168.11.20 |
Sep 28, 2021 13:05:30.154511929 CEST | 49748 | 587 | 192.168.11.20 | 109.169.39.245 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 28, 2021 13:01:24.153304100 CEST | 54864 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:24.162718058 CEST | 53 | 54864 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:24.280258894 CEST | 59779 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:24.350070000 CEST | 53 | 59779 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:25.142340899 CEST | 55988 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:25.151146889 CEST | 53 | 55988 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:25.642889023 CEST | 54027 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:25.651279926 CEST | 53 | 54027 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:26.385423899 CEST | 64257 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:26.394272089 CEST | 53 | 64257 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:26.572901964 CEST | 54706 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:26.582103968 CEST | 53 | 54706 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:27.320261002 CEST | 50079 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:27.329226971 CEST | 53 | 50079 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:34.175177097 CEST | 49265 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:34.183306932 CEST | 53 | 49265 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:35.333899975 CEST | 49840 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:35.342751980 CEST | 53 | 49840 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:36.095288038 CEST | 61172 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:36.103693962 CEST | 53 | 61172 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:36.923989058 CEST | 59817 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:36.932432890 CEST | 53 | 59817 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:36.943465948 CEST | 55588 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:36.952140093 CEST | 53 | 55588 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:01:38.007601023 CEST | 62398 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:01:38.016793966 CEST | 53 | 62398 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:13.257863998 CEST | 57764 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:13.266354084 CEST | 53 | 57764 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:14.166940928 CEST | 59497 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:14.198234081 CEST | 53 | 59497 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:29.176237106 CEST | 59347 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:29.184748888 CEST | 53 | 59347 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:36.484287977 CEST | 61341 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:36.492734909 CEST | 53 | 61341 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:36.653369904 CEST | 57341 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:36.661535978 CEST | 53 | 57341 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:37.248641968 CEST | 51509 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:37.257642031 CEST | 53 | 51509 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:02:38.673310041 CEST | 64709 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:02:38.681657076 CEST | 53 | 64709 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:03:39.602547884 CEST | 58850 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:03:39.611356974 CEST | 53 | 58850 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:03:50.096003056 CEST | 60048 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:03:50.133709908 CEST | 53 | 60048 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:04:34.231743097 CEST | 53861 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:04:34.240674973 CEST | 53 | 53861 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:05:04.240026951 CEST | 54028 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:05:04.248840094 CEST | 53 | 54028 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:05:08.756127119 CEST | 63574 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:05:08.764718056 CEST | 53 | 63574 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:08:34.302956104 CEST | 58792 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:08:34.311642885 CEST | 53 | 58792 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:09:34.320866108 CEST | 63422 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:09:34.329977989 CEST | 53 | 63422 | 1.1.1.1 | 192.168.11.20 |
Sep 28, 2021 13:09:36.030193090 CEST | 49387 | 53 | 192.168.11.20 | 1.1.1.1 |
Sep 28, 2021 13:09:36.039073944 CEST | 53 | 49387 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Sep 28, 2021 13:02:13.257863998 CEST | 192.168.11.20 | 1.1.1.1 | 0x3ff1 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 28, 2021 13:02:14.166940928 CEST | 192.168.11.20 | 1.1.1.1 | 0xc78a | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 28, 2021 13:03:50.096003056 CEST | 192.168.11.20 | 1.1.1.1 | 0x71d7 | Standard query (0) | A (IP address) | IN (0x0001) | |
Sep 28, 2021 13:05:08.756127119 CEST | 192.168.11.20 | 1.1.1.1 | 0x5ee8 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Sep 28, 2021 13:01:25.651279926 CEST | 1.1.1.1 | 192.168.11.20 | 0x7ea0 | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 28, 2021 13:01:25.651279926 CEST | 1.1.1.1 | 192.168.11.20 | 0x7ea0 | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
Sep 28, 2021 13:02:13.266354084 CEST | 1.1.1.1 | 192.168.11.20 | 0x3ff1 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | ||
Sep 28, 2021 13:02:14.198234081 CEST | 1.1.1.1 | 192.168.11.20 | 0xc78a | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 28, 2021 13:02:14.198234081 CEST | 1.1.1.1 | 192.168.11.20 | 0xc78a | No error (0) | 142.250.185.193 | A (IP address) | IN (0x0001) | ||
Sep 28, 2021 13:03:50.133709908 CEST | 1.1.1.1 | 192.168.11.20 | 0x71d7 | No error (0) | 109.169.39.245 | A (IP address) | IN (0x0001) | ||
Sep 28, 2021 13:05:08.764718056 CEST | 1.1.1.1 | 192.168.11.20 | 0x5ee8 | No error (0) | edge-web.dual-gslb.spotify.com | CNAME (Canonical name) | IN (0x0001) | ||
Sep 28, 2021 13:05:08.764718056 CEST | 1.1.1.1 | 192.168.11.20 | 0x5ee8 | No error (0) | 35.186.224.25 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49726 | 142.250.185.174 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-28 11:02:13 UTC | 0 | OUT | |
2021-09-28 11:02:14 UTC | 0 | IN | |
2021-09-28 11:02:14 UTC | 1 | IN | |
2021-09-28 11:02:14 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49727 | 142.250.185.193 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-09-28 11:02:14 UTC | 1 | OUT | |
2021-09-28 11:02:14 UTC | 2 | IN |