Play interactive tourEdit tour
Windows Analysis Report Statement of Account.exe
Overview
General Information
Detection
GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Potential malicious icon found
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Multi AV Scanner detection for domain / URL
Hides threads from debuggers
Writes to foreign memory regions
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
May check the online IP address of the machine
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Abnormal high CPU Usage
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 24_2_00A09E00 | |
Source: | Code function: | 24_2_00A0A51B |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 24_2_00A0CCC8 | |
Source: | Code function: | 24_2_00A0F838 | |
Source: | Code function: | 24_2_00A0C418 | |
Source: | Code function: | 24_2_00A0C870 | |
Source: | Code function: | 24_2_00A0D9D0 | |
Source: | Code function: | 24_2_00A0D120 | |
Source: | Code function: | 24_2_00A0D578 | |
Source: | Code function: | 24_2_00A0E280 | |
Source: | Code function: | 24_2_00A0E6D8 | |
Source: | Code function: | 24_2_00A0DE28 | |
Source: | Code function: | 24_2_00A0EF88 | |
Source: | Code function: | 24_2_00A0F3E0 | |
Source: | Code function: | 24_2_00A0EB30 | |
Source: | Code function: | 24_2_00A0C180 | |
Source: | Code function: | 24_2_00A0C190 | |
Source: | Code function: | 24_2_1DABEDF0 | |
Source: | Code function: | 24_2_1DABCE48 | |
Source: | Code function: | 24_2_1DABDE40 | |
Source: | Code function: | 24_2_1DABE990 | |
Source: | Code function: | 24_2_1DABD9D1 | |
Source: | Code function: | 24_2_1DABFB11 | |
Source: | Code function: | 24_2_1DABF6B0 | |
Source: | Code function: | 24_2_1DABF252 | |
Source: | Code function: | 24_2_1DABDE31 | |
Source: | Code function: | 24_2_1DABC99B | |
Source: | Code function: | 24_2_1DABCB7C | |
Source: | Code function: | 24_2_1DABE186 | |
Source: | Code function: | 24_2_1DABC368 |
Networking: |
---|
May check the online IP address of the machine | Show sources |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTPS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00401868 | |
Source: | Code function: | 0_2_0040228E | |
Source: | Code function: | 0_2_00403253 | |
Source: | Code function: | 0_2_0040346F | |
Source: | Code function: | 0_2_00403612 | |
Source: | Code function: | 0_2_004032D9 | |
Source: | Code function: | 0_2_004034FC | |
Source: | Code function: | 0_2_00403353 | |
Source: | Code function: | 0_2_004033E4 | |
Source: | Code function: | 0_2_00403583 | |
Source: | Code function: | 0_2_004031B3 | |
Source: | Code function: | 24_2_00A0CCC8 | |
Source: | Code function: | 24_2_00A0F838 | |
Source: | Code function: | 24_2_00A0C418 | |
Source: | Code function: | 24_2_00A0C870 | |
Source: | Code function: | 24_2_00A0D9D0 | |
Source: | Code function: | 24_2_00A0D120 | |
Source: | Code function: | 24_2_00A0D578 | |
Source: | Code function: | 24_2_00A0E280 | |
Source: | Code function: | 24_2_00A0E6D8 | |
Source: | Code function: | 24_2_00A0DE28 | |
Source: | Code function: | 24_2_00A02208 | |
Source: | Code function: | 24_2_00A0EF88 | |
Source: | Code function: | 24_2_00A097E0 | |
Source: | Code function: | 24_2_00A0F3E0 | |
Source: | Code function: | 24_2_00A06728 | |
Source: | Code function: | 24_2_00A0EB30 | |
Source: | Code function: | 24_2_00A0CCB8 | |
Source: | Code function: | 24_2_00A0F828 | |
Source: | Code function: | 24_2_00A0C408 | |
Source: | Code function: | 24_2_00A0C86C | |
Source: | Code function: | 24_2_00A05D80 | |
Source: | Code function: | 24_2_00A021FA | |
Source: | Code function: | 24_2_00A0D9C0 | |
Source: | Code function: | 24_2_00A05923 | |
Source: | Code function: | 24_2_00A0D111 | |
Source: | Code function: | 24_2_00A0D569 | |
Source: | Code function: | 24_2_00A05D70 | |
Source: | Code function: | 24_2_00A0E6C8 | |
Source: | Code function: | 24_2_00A0BA30 | |
Source: | Code function: | 24_2_00A0DE18 | |
Source: | Code function: | 24_2_00A0E271 | |
Source: | Code function: | 24_2_00A097CF | |
Source: | Code function: | 24_2_00A0F3DC | |
Source: | Code function: | 24_2_00A0EB21 | |
Source: | Code function: | 24_2_00A0EF79 | |
Source: | Code function: | 24_2_1DABEDF0 | |
Source: | Code function: | 24_2_1DAB2F0A | |
Source: | Code function: | 24_2_1DABCE48 | |
Source: | Code function: | 24_2_1DABE990 | |
Source: | Code function: | 24_2_1DABD9D1 | |
Source: | Code function: | 24_2_1DABFB11 | |
Source: | Code function: | 24_2_1DAB5A68 | |
Source: | Code function: | 24_2_1DAB4440 | |
Source: | Code function: | 24_2_1DABF6B0 | |
Source: | Code function: | 24_2_1DAB9148 | |
Source: | Code function: | 24_2_1DAB6090 | |
Source: | Code function: | 24_2_1DABE2D0 | |
Source: | Code function: | 24_2_1DABF252 | |
Source: | Code function: | 24_2_1DABC368 | |
Source: | Code function: | 24_2_1DABC357 | |
Source: | Code function: | 24_2_1DABE2C1 |
Source: | Code function: |
Source: | Process Stats: | ||
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 0_2_00403F65 | |
Source: | Code function: | 0_2_00402213 | |
Source: | Code function: | 0_2_004067BA | |
Source: | Code function: | 0_2_02273C41 | |
Source: | Code function: | 0_2_02270F1A | |
Source: | Code function: | 0_2_02272908 | |
Source: | Code function: | 0_2_02270F1A | |
Source: | Code function: | 0_2_02273364 | |
Source: | Code function: | 0_2_02272B5B | |
Source: | Code function: | 0_2_02272DCE | |
Source: | Code function: | 0_2_022733CE |
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Last function: |
Source: | Process information queried: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_0040228E | |
Source: | Code function: | 0_2_004031B3 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 24_2_1DABCE48 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
GuLoader behavior detected | Show sources |
Source: | Signature Results: |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | DLL Side-Loading1 | Process Injection112 | Virtualization/Sandbox Evasion21 | OS Credential Dumping2 | Security Software Discovery321 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | LSASS Memory | Virtualization/Sandbox Evasion21 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | System Network Configuration Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol13 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information4 | LSA Secrets | System Information Discovery14 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
21% | Virustotal | Browse | ||
23% | ReversingLabs | Win32.Trojan.Mucc |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
3% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
1% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
6% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
1% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
windowsupdate.s.llnwi.net | 178.79.242.128 | true | false |
| unknown |
drive.google.com | 172.217.168.46 | true | false | high | |
freegeoip.app | 104.21.19.200 | true | false |
| unknown |
googlehosted.l.googleusercontent.com | 142.250.184.193 | true | false | high | |
checkip.dyndns.com | 132.226.247.73 | true | false |
| unknown |
doc-08-4k-docs.googleusercontent.com | unknown | unknown | false | high | |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown | |
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
104.21.19.200 | freegeoip.app | United States | 13335 | CLOUDFLARENETUS | false | |
142.250.184.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
132.226.247.73 | checkip.dyndns.com | United States | 16989 | UTMEMUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1637 |
Start date: | 13.10.2021 |
Start time: | 12:33:16 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 0s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Statement of Account.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 34 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@7/0@4/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
104.21.19.200 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
132.226.247.73 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
windowsupdate.s.llnwi.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
freegeoip.app | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
UTMEMUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
54328bd36c14bd82ddaa0c04b25ed9ad | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
No created / dropped files found |
---|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 6.361190831487217 |
TrID: |
|
File name: | Statement of Account.exe |
File size: | 135168 |
MD5: | 0fb63e5eb6af1aff086e3c2a2321f716 |
SHA1: | 5e7e1db40c9104297c3b05b26c97a788eb92401b |
SHA256: | 0b65815d462586870177898072a1500ec014a390eb466ea0dd716567ada4109a |
SHA512: | 4dfd892dec9c4182005f668b201063085c6868085c2f556791c5654516ce9a4be9c7a7c887e0da182f7cfb29c5690cf45638fb6749bf49e7ba74929d82c35a82 |
SSDEEP: | 1536:5sYs89TfPXmlAo30SC66Biy2bbMSekC7dY5KwchyuGWawkANvv0LLhQ4sZiDNmMN:5JXS0SC6aiyCYUKw7T3hBd |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........#...B...B...B..L^...B...`...B...d...B..Rich.B..........PE..L....u.W.....................`......h.............@.............B.. |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401868 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x578A7516 [Sat Jul 16 17:55:34 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | c727a98e677fb7bd25bb06d2a2d956f1 |
Entrypoint Preview |
---|
Instruction |
---|
push 00410428h |
call 00007F91C08DF495h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xchg eax, ebp |
xchg eax, ecx |
shr dword ptr [8B4B3A7Ch+ebx*2], FFFFFFC8h |
mov bl, 0Bh |
mov byte ptr [si-61h], bl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc edx |
add byte ptr [esi], al |
push eax |
add dword ptr [ecx], 6Ch |
popad |
je 00007F91C08DF516h |
imul esp, dword ptr [ebx+00h], 00000002h |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
and ebp, dword ptr [ecx+51ABB3F1h] |
jmp far 173Bh : 9F8F446Ch |
popad |
pop edi |
jne 00007F91C08DF4F5h |
mov dl, 26h |
inc ecx |
call 00007F920C4D6215h |
lahf |
push esi |
jne 00007F91C08DF493h |
in eax, dx |
jmp 00007F91C08DF439h |
mov eax, 33AD4F3Ah |
cdq |
iretw |
adc dword ptr [edi+00AA000Ch], esi |
pushad |
rcl dword ptr [ebx+00000000h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
and dl, ch |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push es |
add byte ptr [ebx+79h], dl |
jnc 00007F91C08DF51Ch |
add byte ptr fs:[50000501h], cl |
push edx |
dec ecx |
pop edx |
inc ebp |
add byte ptr [ecx], bl |
add dword ptr [eax], eax |
inc edx |
add byte ptr [edx], ah |
add byte ptr [00005000h+eax], ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x1a9b4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0x4562 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x154 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x19ef0 | 0x1a000 | False | 0.567673903245 | data | 6.83550763896 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x1b000 | 0xaf0 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1c000 | 0x4562 | 0x5000 | False | 0.396142578125 | data | 4.61030929614 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
DATA | 0x1ca74 | 0x3aee | MS Windows icon resource - 3 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel | English | United States |
RT_ICON | 0x1c944 | 0x130 | data | ||
RT_ICON | 0x1c65c | 0x2e8 | data | ||
RT_ICON | 0x1c534 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1c504 | 0x30 | data | ||
RT_VERSION | 0x1c1a0 | 0x364 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaI2Str, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaI4Str, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | RealNetworks, Inc. |
InternalName | Unnec1 |
FileVersion | 66.00 |
CompanyName | RealNetworks, Inc. |
LegalTrademarks | RealNetworks, Inc. |
Comments | RealNetworks, Inc. |
ProductName | RealNetworks, Inc. |
ProductVersion | 66.00 |
FileDescription | RealNetworks, Inc. |
OriginalFilename | Unnec1.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 12:36:35.892155886 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:35.892231941 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:35.892505884 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:35.918798923 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:35.918858051 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:35.976691008 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:35.976886034 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:35.979199886 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:35.979445934 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.192205906 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.192259073 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.193125963 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.193463087 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.199913979 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.241883039 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.683862925 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.683986902 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.684245110 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.684253931 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.684418917 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.689610004 CEST | 49757 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 12:36:36.689661026 CEST | 443 | 49757 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 12:36:36.818552971 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.818634033 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.818909883 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.819175959 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.819231033 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.873447895 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.873637915 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.875483036 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.875667095 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.875684023 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.880954027 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.880979061 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.881388903 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:36.881551027 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.881869078 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:36.925945997 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.109566927 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.109778881 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.110131979 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.110379934 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.110904932 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.111090899 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.112200022 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.112325907 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.112495899 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.112535000 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.112938881 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.113054037 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.113089085 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.113373041 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.119905949 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.120145082 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.120187044 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.120346069 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.120353937 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.120378971 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.120553017 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.120589972 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.120999098 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.121258020 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.121308088 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.121479988 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.121745110 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.122030973 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.122081041 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.122267962 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.122488022 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.122971058 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.123019934 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.123267889 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.123465061 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.123517036 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.123852015 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.123924971 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.124195099 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.124236107 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.124471903 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.124562025 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.124850988 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.124882936 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.125080109 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.125406027 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.125622988 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.125672102 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.125828028 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.126077890 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.126230955 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.126270056 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.126445055 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.126640081 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.126785994 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.126818895 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.126964092 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.127266884 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.127403975 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.127434015 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.127705097 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.127739906 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.127893925 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.128036022 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.128200054 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.128232002 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.128496885 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.128652096 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.129025936 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.129062891 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.129343033 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.129409075 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.129678965 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.129710913 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.129872084 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.130449057 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.130599976 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.130639076 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.130789042 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.130821943 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131015062 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.131052017 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131201982 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.131223917 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131242037 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131382942 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.131417036 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131547928 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.131726027 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.131877899 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.131917953 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.132066011 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.132097006 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.132267952 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.132299900 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.132452965 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.132637978 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.132814884 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.132853031 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.133032084 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.133054972 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.133071899 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.133220911 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.133549929 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.133725882 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.133759022 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.133930922 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.134042978 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.134079933 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.134203911 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.134397030 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.134433031 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.134627104 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.134658098 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.134680986 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.134865999 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.134916067 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.135267973 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.135369062 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.135514021 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.135551929 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.135703087 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.135730028 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.135943890 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.135982037 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.136145115 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.136224031 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.136395931 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.136428118 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.136558056 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.136574030 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.136594057 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.136713982 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.136739969 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.137041092 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.137190104 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.137229919 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.137376070 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.137407064 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.137559891 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.137593031 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.137764931 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.138006926 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.138240099 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.138267040 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.138284922 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.138396978 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.138420105 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.138437033 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.138592958 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.138807058 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.139044046 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.139070034 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.139089108 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.139272928 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.139300108 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.139317989 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.139444113 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.139889956 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.140121937 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.140157938 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.140192986 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.140338898 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.140371084 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.140500069 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.140670061 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.140698910 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141024113 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.141166925 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141381979 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.141416073 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141571999 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.141609907 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141757011 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141765118 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.141789913 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.141911030 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.141937971 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.142082930 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.142117977 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.142199039 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:37.142292976 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.142379999 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.147737980 CEST | 49758 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 12:36:37.147789955 CEST | 443 | 49758 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 12:36:38.783976078 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:39.020638943 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
Oct 13, 2021 12:36:39.020806074 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:39.021188021 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:39.257883072 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
Oct 13, 2021 12:36:39.258580923 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
Oct 13, 2021 12:36:39.312411070 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:39.343060017 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:39.580378056 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
Oct 13, 2021 12:36:39.624989033 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:36:40.476267099 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.476286888 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.476419926 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.480354071 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.480367899 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.512346029 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.512646914 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.514879942 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.515301943 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.522053957 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.551620960 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.551775932 CEST | 443 | 49760 | 104.21.19.200 | 192.168.11.20 |
Oct 13, 2021 12:36:40.552097082 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:36:40.555022955 CEST | 49760 | 443 | 192.168.11.20 | 104.21.19.200 |
Oct 13, 2021 12:37:44.579916000 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
Oct 13, 2021 12:37:44.580279112 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:38:19.618469954 CEST | 49759 | 80 | 192.168.11.20 | 132.226.247.73 |
Oct 13, 2021 12:38:19.855418921 CEST | 80 | 49759 | 132.226.247.73 | 192.168.11.20 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 12:36:35.853833914 CEST | 57378 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 12:36:35.878083944 CEST | 53 | 57378 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 12:36:36.757107973 CEST | 64648 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 12:36:36.811844110 CEST | 53 | 64648 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 12:36:38.728669882 CEST | 51245 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 12:36:38.737804890 CEST | 53 | 51245 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 12:36:40.465620041 CEST | 60225 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 12:36:40.475270987 CEST | 53 | 60225 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 13, 2021 12:36:35.853833914 CEST | 192.168.11.20 | 1.1.1.1 | 0x1c19 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:36:36.757107973 CEST | 192.168.11.20 | 1.1.1.1 | 0x86e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:36:38.728669882 CEST | 192.168.11.20 | 1.1.1.1 | 0x655b | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 12:36:40.465620041 CEST | 192.168.11.20 | 1.1.1.1 | 0xf65a | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 13, 2021 12:35:50.271889925 CEST | 1.1.1.1 | 192.168.11.20 | 0xc31a | No error (0) | 178.79.242.128 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:35:50.271889925 CEST | 1.1.1.1 | 192.168.11.20 | 0xc31a | No error (0) | 178.79.242.0 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:35.878083944 CEST | 1.1.1.1 | 192.168.11.20 | 0x1c19 | No error (0) | 172.217.168.46 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:36.811844110 CEST | 1.1.1.1 | 192.168.11.20 | 0x86e | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 12:36:36.811844110 CEST | 1.1.1.1 | 192.168.11.20 | 0x86e | No error (0) | 142.250.184.193 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 216.146.43.71 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:38.737804890 CEST | 1.1.1.1 | 192.168.11.20 | 0x655b | No error (0) | 216.146.43.70 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:40.475270987 CEST | 1.1.1.1 | 192.168.11.20 | 0xf65a | No error (0) | 104.21.19.200 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:36:40.475270987 CEST | 1.1.1.1 | 192.168.11.20 | 0xf65a | No error (0) | 172.67.188.154 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 12:40:23.662216902 CEST | 1.1.1.1 | 192.168.11.20 | 0xcd19 | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49757 | 172.217.168.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49758 | 142.250.184.193 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.11.20 | 49760 | 104.21.19.200 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.11.20 | 49759 | 132.226.247.73 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Oct 13, 2021 12:36:39.021188021 CEST | 5740 | OUT | |
Oct 13, 2021 12:36:39.258580923 CEST | 5740 | IN | |
Oct 13, 2021 12:36:39.343060017 CEST | 5741 | OUT | |
Oct 13, 2021 12:36:39.580378056 CEST | 5741 | IN |
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49757 | 172.217.168.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 10:36:36 UTC | 0 | OUT | |
2021-10-13 10:36:36 UTC | 0 | IN | |
2021-10-13 10:36:36 UTC | 1 | IN | |
2021-10-13 10:36:36 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49758 | 142.250.184.193 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 10:36:36 UTC | 1 | OUT | |
2021-10-13 10:36:37 UTC | 2 | IN |