Play interactive tourEdit tour
Windows Analysis Report Fra FAC-ES101-2107-03806.doc.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses an obfuscated file name to hide its real file extension (double extension)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Drops certificate files (DER)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "margaridasantos@tccinfaes.comTccBps1427logmail.tccinfaes.comnoekon2ti@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Antivirus / Scanner detection for submitted sample | Show sources |
Source: | Avira: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Code function: | 27_2_014A9508 | |
Source: | Code function: | 27_2_014A9C50 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to dropped file |
Source: | Static PE information: |
Source: | Code function: | 0_2_004016F4 | |
Source: | Code function: | 0_2_00401741 | |
Source: | Code function: | 0_2_00401505 | |
Source: | Code function: | 27_2_00C41130 | |
Source: | Code function: | 27_2_00C43A50 | |
Source: | Code function: | 27_2_00C4BA70 | |
Source: | Code function: | 27_2_00C44320 | |
Source: | Code function: | 27_2_00C4C7D0 | |
Source: | Code function: | 27_2_00C43708 | |
Source: | Code function: | 27_2_00CA08F8 | |
Source: | Code function: | 27_2_00CA6EA0 | |
Source: | Code function: | 27_2_00D0BEE1 | |
Source: | Code function: | 27_2_00D0BFBB | |
Source: | Code function: | 27_2_0139DC28 | |
Source: | Code function: | 27_2_013997F0 | |
Source: | Code function: | 27_2_0139D7D0 | |
Source: | Code function: | 27_2_0139BE50 | |
Source: | Code function: | 27_2_013942F3 | |
Source: | Code function: | 27_2_013944F8 | |
Source: | Code function: | 27_2_01397E00 | |
Source: | Code function: | 27_2_014AF9E0 | |
Source: | Code function: | 27_2_014A0040 | |
Source: | Code function: | 27_2_014A6068 | |
Source: | Code function: | 27_2_014AE7A4 | |
Source: | Code function: | 27_2_014AAA68 | |
Source: | Code function: | 27_2_014A7228 | |
Source: | Code function: | 27_2_014A721F | |
Source: | Code function: | 27_2_1DCE5E08 | |
Source: | Code function: | 27_2_1DCE4ACC | |
Source: | Code function: | 27_2_1DCE5D20 | |
Source: | Code function: | 27_2_1DCE6AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 0_2_00404883 | |
Source: | Code function: | 0_2_00404A5D | |
Source: | Code function: | 0_2_00403903 | |
Source: | Code function: | 0_2_02AB26B0 | |
Source: | Code function: | 0_2_02AB6510 | |
Source: | Code function: | 0_2_02AB6510 | |
Source: | Code function: | 0_2_02AB2E8F | |
Source: | Code function: | 0_2_02AB42A0 | |
Source: | Code function: | 0_2_02AB6510 | |
Source: | Code function: | 0_2_02AB5A30 | |
Source: | Code function: | 0_2_02AB6510 | |
Source: | Code function: | 0_2_02AB5124 | |
Source: | Code function: | 0_2_02AB2B53 | |
Source: | Code function: | 27_2_00C4E6E2 | |
Source: | Code function: | 27_2_00C4E5CA | |
Source: | Code function: | 27_2_00C4C6C2 | |
Source: | Code function: | 27_2_00C4C7CA | |
Source: | Code function: | 27_2_00C4D782 | |
Source: | Code function: | 27_2_00CA1B1F | |
Source: | Code function: | 27_2_0139DB7A | |
Source: | Code function: | 27_2_0139DB82 | |
Source: | Code function: | 27_2_0139DBD2 | |
Source: | Code function: | 27_2_01396A92 | |
Source: | Code function: | 27_2_01396A8A | |
Source: | Code function: | 27_2_0139F2C6 | |
Source: | Code function: | 27_2_01397C89 |
Hooking and other Techniques for Hiding and Protection: |
---|
Uses an obfuscated file name to hide its real file extension (double extension) | Show sources |
Source: | Static PE information: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 27_2_00C46948 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading11 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Credentials in Registry1 | Security Software Discovery421 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Virtualization/Sandbox Evasion341 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information11 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Software Packing1 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | System Information Discovery115 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
62% | Virustotal | Browse | ||
34% | Metadefender | Browse | ||
54% | ReversingLabs | Win32.Trojan.AgentTesla | ||
100% | Avira | TR/AD.Nekark.gblpr |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/AD.Nekark.gblpr | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
11% | Virustotal | Browse | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tccinfaes.com | 188.93.227.195 | true | true |
| unknown |
drive.google.com | 142.250.185.174 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.161 | true | false | high | |
doc-04-ak-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.tccinfaes.com | unknown | unknown | true |
| unknown |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
true |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
188.93.227.195 | tccinfaes.com | Portugal | 8426 | CLARANET-ASClaraNETLTDGB | true | |
142.250.185.161 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1639 |
Start date: | 13.10.2021 |
Start time: | 13:03:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Fra FAC-ES101-2107-03806.doc.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@8/5@4/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:05:44 | Task Scheduler | |
13:06:48 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
188.93.227.195 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLARANET-ASClaraNETLTDGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61157 |
Entropy (8bit): | 7.995991509218449 |
Encrypted: | true |
SSDEEP: | 1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k |
MD5: | AB5C36D10261C173C5896F3478CDC6B7 |
SHA1: | 87AC53810AD125663519E944BC87DED3979CBEE4 |
SHA-256: | F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9 |
SHA-512: | E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.773803200765873 |
Encrypted: | false |
SSDEEP: | 3:kkFklqibkNl1fllXlE/zMc/JlXNNX8RolJuRdyo1dlUKlGXJlDdt:kKzJNlC1/pNMa8Rdy+UKcXP |
MD5: | C0F6E5DE5350F04A1A006A5FD4A782A0 |
SHA1: | 0EB93B14518AF71AAE6DC792D64EC113FE8EF047 |
SHA-256: | 922A6F70711F210CFFC79FE8B2D221B6F9BE498B0BB5AC57AEE036FB0BBDE63C |
SHA-512: | 5FFD74A9B80AECA9CF73CC21E5DC4675FA864A378AD614D0744CE35DA1F27E3197E9FA2A56674A41F398E5D712635A1BBE3FC33610C75AFF3DC3E9551A407FFA |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 326 |
Entropy (8bit): | 3.108423439276625 |
Encrypted: | false |
SSDEEP: | 6:kKn6EledFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:f1q2kPlE99SNxAhUefit |
MD5: | 20FAB887BAB664264C09893468BB7814 |
SHA1: | 7DBF7EA2C65D6981A7AF9B0AEA8970B3538F4B39 |
SHA-256: | 0FC9202FDB486BDE0F5381EB1D2CCAB23E9BD2D3FEB087A820175E2206691E18 |
SHA-512: | 367F0F1621CF18C94F119A7566EACFC842E459105D5E523CA37B4B4556F365E8731CDC024F7EE610C003A40370332D0A98B8E07C6E3894A1837F324F16AA8420 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.81188292947866 |
TrID: |
|
File name: | Fra FAC-ES101-2107-03806.doc.exe |
File size: | 102400 |
MD5: | 18b804e21a3c1c80c195e7d20dc38477 |
SHA1: | 9622e70cd6db56de3488e99cd18c5f51e54afb64 |
SHA256: | cbc14388711803d5a3f90396d4d33c9b3da952c37a5d919daed329cbd487c1b4 |
SHA512: | 21eade10fb00f4ef5356025ce037983b2e220835345b4bd141f1063367da309390caa83d9d822177bf5c3ef900c311a12afff2f9731787f0afb4c6f35576ffec |
SSDEEP: | 1536:tfD8AJkfjAx20HgXeyTftunugia21jbnD:tfeUxxAZnn/n |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...(.KY.................P...0......x........`....@........ |
File Icon |
---|
Icon Hash: | 69e1c892f664c884 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401378 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x594BF828 [Thu Jun 22 17:02:32 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 669316531b5190f02843878b6ed87394 |
Entrypoint Preview |
---|
Instruction |
---|
push 00410384h |
call 00007F5E386B3C95h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+esi*8-01239E7Dh], bl |
inc ebp |
inc esi |
mov ecx, edx |
out 90h, eax |
mov eax, dword ptr [00E6209Fh] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+6Eh], cl |
jbe 00007F5E386B3D0Bh |
je 00007F5E386B3D07h |
jc 00007F5E386B3D07h |
xor dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
cmp byte ptr [ebx+59h], bl |
out dx, al |
mov edi, 4A47AB16h |
stosb |
fbld [esi-764BB8D2h] |
ret |
cmpsd |
mov ch, 2Dh |
push 00000025h |
rcl byte ptr [esi-71DF64BCh], cl |
out 29h, eax |
and byte ptr [eax+40h], 0000003Ah |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push ebx |
in eax, dx |
add byte ptr [eax], al |
sbb eax, 00000009h |
or byte ptr [eax], al |
jc 00007F5E386B3D0Ch |
jbe 00007F5E386B3D0Ah |
jne 00007F5E386B3D15h |
add byte ptr [44000E01h], cl |
push esi |
inc ebp |
dec ebx |
dec edi |
dec esi |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x150d4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x17000 | 0x1cb2 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x134 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x14588 | 0x15000 | False | 0.496163504464 | data | 6.24678665883 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x16000 | 0xd0c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x17000 | 0x1cb2 | 0x2000 | False | 0.348510742188 | data | 3.76228374891 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x189b4 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x180f6 | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
CUSTOM | 0x17df8 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel | English | United States |
RT_ICON | 0x17550 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x1753c | 0x14 | data | ||
RT_VERSION | 0x171a0 | 0x39c | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, _adj_fdiv_m16i, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaDateVar, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaLateMemCall, __vbaVarAdd, __vbaStrToAnsi, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, __vbaLateIdSt, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | Collides Systems, Inc. |
InternalName | Saarede3 |
FileVersion | 4.00 |
CompanyName | Collides Systems, Inc. |
LegalTrademarks | Collides Systems, Inc. |
Comments | Collides Systems, Inc. |
ProductName | Collides Systems, Inc. |
ProductVersion | 4.00 |
FileDescription | Collides Systems, Inc. |
OriginalFilename | Saarede3.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 13:06:37.426265955 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.426346064 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.426481009 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.455434084 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.455471039 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.508017063 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.508210897 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.509462118 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.509695053 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.708281994 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.708342075 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.709140062 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:37.709300995 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.719927073 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:37.761863947 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:38.052058935 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:38.052164078 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:38.052396059 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:38.052402973 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:38.052436113 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:38.052675962 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:38.063656092 CEST | 49755 | 443 | 192.168.11.20 | 142.250.185.174 |
Oct 13, 2021 13:06:38.063704014 CEST | 443 | 49755 | 142.250.185.174 | 192.168.11.20 |
Oct 13, 2021 13:06:38.140450001 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.140464067 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.140631914 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.140964031 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.140973091 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.174247980 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.174387932 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.174392939 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.174874067 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.175054073 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.181252003 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.181395054 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.181525946 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.181874037 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.225954056 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.435139894 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.435360909 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.435621977 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.435841084 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.435873985 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.435888052 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.436342955 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.436593056 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.437740088 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.437948942 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.437979937 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.438002110 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.438277006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.438545942 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.438764095 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.438801050 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.439035892 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.445163012 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.445365906 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.445384026 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.445543051 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.445632935 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.445650101 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.445832968 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.445838928 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.446338892 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.446573019 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.446588039 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.446907043 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.447048903 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.447278023 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.447293997 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.447484970 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.447705984 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.447942972 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.447962046 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.448196888 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.448362112 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.448539019 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.448558092 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.448776960 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.449063063 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.449290991 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.449306011 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.449529886 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.449748039 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.449991941 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.450006008 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.450167894 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.450514078 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.450710058 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.450721979 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.451061964 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.451143980 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.451339960 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.451353073 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.451606989 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.452054977 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.452241898 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.452256918 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.452433109 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.452645063 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.452744007 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.452886105 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.452908993 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.453063011 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.453195095 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.453280926 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.453501940 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.453517914 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.453726053 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.453918934 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.454176903 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.454199076 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.454433918 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.454668045 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.454874039 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.454895973 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.455048084 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.455725908 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.455857038 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.455952883 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.455974102 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.456103086 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.456218958 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.456275940 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.456294060 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.456470013 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.456486940 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.456676960 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.456684113 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.457087040 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.457217932 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.457228899 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.457242966 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.457454920 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.457478046 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.457680941 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.457948923 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.458151102 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.458178997 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.458359957 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.458374023 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.458388090 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.458646059 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.458659887 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.458671093 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.458839893 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.459049940 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.459228992 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.459249020 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.459265947 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.459438086 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.459600925 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.459614992 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.459619045 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.459841967 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.459965944 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.460119009 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.460197926 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.460211039 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.460222006 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.460375071 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.460565090 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.460977077 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.461118937 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.461143017 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.461222887 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.461390018 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.461406946 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.461410999 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.461621046 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.461915016 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462083101 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462146997 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462261915 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.462281942 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462287903 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.462435007 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.462441921 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.462779045 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462927103 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.462954044 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.462970018 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.463191986 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.463217974 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.463500977 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.463721037 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.463885069 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.463921070 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.463937998 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464145899 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.464164972 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464340925 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.464484930 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464649916 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464715958 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464725018 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.464740992 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.464900970 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.464915991 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.464926958 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465269089 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.465363979 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465516090 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465543032 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.465563059 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465679884 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465768099 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.465958118 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.465974092 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.465980053 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.466311932 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.466336012 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466439962 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466521025 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.466542959 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466557980 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466705084 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466744900 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.466783047 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466938019 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.466959953 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.466965914 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467129946 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467190981 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467228889 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467248917 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467420101 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467446089 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467514992 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467538118 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467678070 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467753887 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467770100 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467787027 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467931032 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467943907 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.467957973 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.467977047 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468137026 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468195915 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468333006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468353033 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468358994 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468513966 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468609095 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468631029 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468775988 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468801022 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468818903 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.468969107 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.468986988 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469002008 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469094992 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469258070 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469281912 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469289064 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469419956 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469531059 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469578028 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469598055 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469763041 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469788074 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469794035 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.469806910 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469948053 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.469981909 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470001936 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470175028 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470197916 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470351934 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470371962 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470379114 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470392942 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470520973 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470704079 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470729113 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470736027 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.470853090 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470917940 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.470993996 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471014023 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471020937 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471154928 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471328974 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471349001 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471488953 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471524000 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471615076 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471700907 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471712112 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471726894 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471872091 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.471896887 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.471904039 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472019911 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472029924 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472053051 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472223997 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472259998 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472414017 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472438097 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472444057 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472453117 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472455978 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472589970 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472768068 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472793102 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.472800016 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.472944021 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473045111 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473067045 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473140001 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473257065 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473325014 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473334074 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473356009 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473507881 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473532915 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473540068 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473552942 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473702908 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473723888 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473742008 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.473901033 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473917007 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.473933935 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474045992 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474093914 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474117041 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474251986 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474280119 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474428892 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474452019 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474478006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474625111 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474757910 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:06:38.474828959 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474845886 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.474854946 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.475022078 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.475048065 CEST | 49756 | 443 | 192.168.11.20 | 142.250.185.161 |
Oct 13, 2021 13:06:38.475080967 CEST | 443 | 49756 | 142.250.185.161 | 192.168.11.20 |
Oct 13, 2021 13:08:14.310081005 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.359857082 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.360079050 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.545202971 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.545799017 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.596400023 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.596693039 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.649461031 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.652422905 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.713670015 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.713732004 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.713771105 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.713912010 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.722609043 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:14.773189068 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:14.823795080 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:15.799772024 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:15.849793911 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:15.851572037 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:15.902158022 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:15.902633905 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:15.992692947 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.001611948 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.002186060 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.052320957 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.052683115 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.115076065 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.115494967 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.165503979 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.214108944 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.217000008 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.217078924 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.217093945 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.217175961 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:08:16.267276049 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.267335892 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.267374039 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.267410040 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.289213896 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:08:16.339061975 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:09:54.177329063 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:09:54.229832888 CEST | 587 | 49768 | 188.93.227.195 | 192.168.11.20 |
Oct 13, 2021 13:09:54.230082989 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 13, 2021 13:09:54.230460882 CEST | 49768 | 587 | 192.168.11.20 | 188.93.227.195 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 13:06:37.400597095 CEST | 60057 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 13:06:37.409956932 CEST | 53 | 60057 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 13:06:38.103961945 CEST | 56177 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 13:06:38.138346910 CEST | 53 | 56177 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 13:08:14.143503904 CEST | 50194 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 13:08:14.253453016 CEST | 53 | 50194 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 13:08:15.095901012 CEST | 59485 | 53 | 192.168.11.20 | 1.1.1.1 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 13, 2021 13:06:37.400597095 CEST | 192.168.11.20 | 1.1.1.1 | 0x72c5 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 13:06:38.103961945 CEST | 192.168.11.20 | 1.1.1.1 | 0x70d6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 13:08:14.143503904 CEST | 192.168.11.20 | 1.1.1.1 | 0x521 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 13:08:15.095901012 CEST | 192.168.11.20 | 1.1.1.1 | 0xe9b1 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 13, 2021 13:05:42.829720974 CEST | 1.1.1.1 | 192.168.11.20 | 0x6ef6 | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 13:05:42.829720974 CEST | 1.1.1.1 | 192.168.11.20 | 0x6ef6 | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 13:06:37.409956932 CEST | 1.1.1.1 | 192.168.11.20 | 0x72c5 | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 13:06:38.138346910 CEST | 1.1.1.1 | 192.168.11.20 | 0x70d6 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 13:06:38.138346910 CEST | 1.1.1.1 | 192.168.11.20 | 0x70d6 | No error (0) | 142.250.185.161 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 13:08:14.253453016 CEST | 1.1.1.1 | 192.168.11.20 | 0x521 | No error (0) | tccinfaes.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 13:08:14.253453016 CEST | 1.1.1.1 | 192.168.11.20 | 0x521 | No error (0) | 188.93.227.195 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 13:08:15.105354071 CEST | 1.1.1.1 | 192.168.11.20 | 0xe9b1 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 13:11:55.229016066 CEST | 1.1.1.1 | 192.168.11.20 | 0xca4d | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49755 | 142.250.185.174 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 11:06:37 UTC | 0 | OUT | |
2021-10-13 11:06:38 UTC | 0 | IN | |
2021-10-13 11:06:38 UTC | 1 | IN | |
2021-10-13 11:06:38 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49756 | 142.250.185.161 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 11:06:38 UTC | 1 | OUT | |
2021-10-13 11:06:38 UTC | 2 | IN |