Play interactive tourEdit tour
Windows Analysis Report Delivery note_241493.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Yara detected AgentTesla
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.husirevirus39@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 26_2_01150280 | |
Source: | Code function: | 26_2_01150A09 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00401679 | |
Source: | Code function: | 0_2_0040162C | |
Source: | Code function: | 0_2_0040143D | |
Source: | Code function: | 26_2_00931130 | |
Source: | Code function: | 26_2_0093BA18 | |
Source: | Code function: | 26_2_00933A50 | |
Source: | Code function: | 26_2_00934320 | |
Source: | Code function: | 26_2_00939570 | |
Source: | Code function: | 26_2_0093C778 | |
Source: | Code function: | 26_2_00933708 | |
Source: | Code function: | 26_2_00946AC8 | |
Source: | Code function: | 26_2_00940890 | |
Source: | Code function: | 26_2_01159168 | |
Source: | Code function: | 26_2_0115CCA8 | |
Source: | Code function: | 26_2_01155CE8 | |
Source: | Code function: | 26_2_0115C728 | |
Source: | Code function: | 26_2_01154E00 | |
Source: | Code function: | 26_2_0115E498 | |
Source: | Code function: | 26_2_0115E0C0 | |
Source: | Code function: | 26_2_01151640 | |
Source: | Code function: | 26_2_011699A8 | |
Source: | Code function: | 26_2_011669A8 | |
Source: | Code function: | 26_2_0116DB20 | |
Source: | Code function: | 26_2_0116C7D0 | |
Source: | Code function: | 26_2_01164EB0 | |
Source: | Code function: | 26_2_01163330 | |
Source: | Code function: | 26_2_1DAF5E08 | |
Source: | Code function: | 26_2_1DAF4ACC | |
Source: | Code function: | 26_2_1DAF5E03 | |
Source: | Code function: | 26_2_1DAF6AFB | |
Source: | Code function: | 26_2_01166A61 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 0_2_00405C6F | |
Source: | Code function: | 0_2_00405E60 | |
Source: | Code function: | 0_2_0040681A | |
Source: | Code function: | 0_2_00405ADA | |
Source: | Code function: | 0_2_004038BE | |
Source: | Code function: | 0_2_004053D4 | |
Source: | Code function: | 0_2_004054C4 | |
Source: | Code function: | 0_2_00406917 | |
Source: | Code function: | 0_2_004054C4 | |
Source: | Code function: | 0_2_023A1E7F | |
Source: | Code function: | 0_2_023A0854 | |
Source: | Code function: | 0_2_023A1AD8 | |
Source: | Code function: | 0_2_023A0ED7 | |
Source: | Code function: | 0_2_023A1738 | |
Source: | Code function: | 0_2_023A3180 | |
Source: | Code function: | 0_2_023A2B9A | |
Source: | Code function: | 0_2_023A1792 | |
Source: | Code function: | 0_2_023A3B9E | |
Source: | Code function: | 0_2_023A27D8 | |
Source: | Code function: | 0_2_023A0BD8 | |
Source: | Code function: | 26_2_01162179 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 26_2_00936950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
8% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
csavarcsapagyexpress.hu | 185.111.89.226 | true | true |
| unknown |
drive.google.com | 172.217.168.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.184.193 | true | false | high | |
edge-web.dual-gslb.spotify.com | 35.186.224.25 | true | false | high | |
spclient.wg.spotify.com | unknown | unknown | false | high | |
doc-04-9g-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.csavarcsapagyexpress.hu | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
185.111.89.226 | csavarcsapagyexpress.hu | Hungary | 51013 | WEBSUPPORT-SRO-SK-ASSK | true | |
142.250.184.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1645 |
Start date: | 13.10.2021 |
Start time: | 16:29:35 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Delivery note_241493.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 42 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@8/1@4/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
16:32:29 | Task Scheduler | |
16:33:16 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
edge-web.dual-gslb.spotify.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
WEBSUPPORT-SRO-SK-ASSK | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.792803239292208 |
TrID: |
|
File name: | Delivery note_241493.exe |
File size: | 98304 |
MD5: | ae27dccff11f1c8e17661269d90148b9 |
SHA1: | 365138784e65ad92bc8f05653374348aa4e00788 |
SHA256: | dd739f42791b213769f242efac95b60d0026825d5c882d576533cd8ae57514b6 |
SHA512: | 6757d4c3370e72ee590c7f37ff2f4a5071cf6aadacd6ce7e4730c3e1b4ea8fc36d2206c5994a887347524bfd3134553413a65637f4091c2c35a2ce2bd2c9b159 |
SSDEEP: | 1536:t+DTwpq/hDgCLBytxYxAK1zjzAk1Knpps45QJcs1VlkOO0tFVVOWHZRGD:t+Ypq/hcAytIBfz/1KnppsxJJ1VlkWnc |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L....{_Q.................@...0...............P....@........ |
File Icon |
---|
Icon Hash: | 69e1c892f664c884 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012b4 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x515F7BE1 [Sat Apr 6 01:35:29 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3d3cd1bd8dcc611a5734bf41f4e1a6a6 |
Entrypoint Preview |
---|
Instruction |
---|
push 004106D0h |
call 00007FB178575FA3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [esi+3AC426A1h], ah |
popad |
iretd |
dec ebx |
xchg byte ptr [ebp+71h], ah |
test byte ptr [edx-62h], ah |
in eax, 11h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc esi |
inc ecx |
push edx |
push edx |
inc ecx |
dec esi |
push esp |
dec esp |
pop ecx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
cmp byte ptr [eax-2CAED641h], dh |
stosd |
mov es, word ptr [edx-7Bh] |
adc eax, esi |
cmp eax, dword ptr [edi+220F3A63h] |
pop edx |
dec edx |
push FFFFFFB9h |
jnle 00007FB178576013h |
dec edx |
test byte ptr [eax], ch |
fld dword ptr [ecx+10h] |
in eax, 1Dh |
in al, dx |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xchg eax, edx |
int1 |
add byte ptr [eax], al |
adc cl, byte ptr [ecx] |
add byte ptr [eax], al |
add byte ptr [ebx], cl |
add byte ptr [ebp+6Eh], dl |
popad |
je 00007FB178576026h |
jnc 00007FB178576027h |
xor dword ptr fs:[eax], eax |
or eax, 42000701h |
popad |
jc 00007FB178576020h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x142a4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x16000 | 0x1c1a | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xf0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x13698 | 0x14000 | False | 0.508874511719 | data | 6.24728492454 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0xcc4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x16000 | 0x1c1a | 0x2000 | False | 0.345092773438 | data | 3.68121833479 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x1791c | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x1705e | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
CUSTOM | 0x16d60 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel | English | United States |
RT_ICON | 0x164b8 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x164a4 | 0x14 | data | ||
RT_VERSION | 0x161a0 | 0x304 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | ExpressVPN |
InternalName | Tains4 |
FileVersion | 4.00 |
CompanyName | ExpressVPN |
LegalTrademarks | ExpressVPN |
Comments | ExpressVPN |
ProductName | ExpressVPN |
ProductVersion | 4.00 |
FileDescription | ExpressVPN |
OriginalFilename | Tains4.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 16:33:04.339868069 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.339941025 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.340117931 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.369822025 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.369879007 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.427851915 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.428002119 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.428025007 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.428045988 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.430828094 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.431035042 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.661978006 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.662065029 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.662777901 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:04.662885904 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.670712948 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:04.714016914 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.060446024 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.060585022 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.060615063 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:05.060771942 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:05.060805082 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.060925007 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:05.060942888 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.061115980 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:05.114166975 CEST | 49755 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 13, 2021 16:33:05.114231110 CEST | 443 | 49755 | 172.217.168.46 | 192.168.11.20 |
Oct 13, 2021 16:33:05.208049059 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.208137035 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.208316088 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.208650112 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.208707094 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.257507086 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.257770061 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.260411978 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.260694027 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.268115997 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.268157005 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.268780947 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.269036055 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.269351006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.310026884 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.493093967 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.493300915 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.493340969 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.493606091 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.493726969 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.493891954 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.493922949 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.493930101 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.494122028 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.494401932 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.494590998 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.494623899 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.494635105 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.495250940 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.495488882 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.498341084 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.498586893 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.501399994 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.501669884 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.501715899 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.501992941 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.503644943 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.503806114 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.503842115 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.503950119 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.503989935 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.504012108 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.504128933 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.504163027 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.504183054 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.504198074 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.504336119 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.504370928 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.504995108 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.505146980 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.505176067 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.505196095 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.505445957 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.505954027 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.506098986 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.506133080 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.506407976 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.506454945 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.506683111 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.506787062 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.506939888 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.507008076 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.507034063 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.507169962 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.507205009 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.507757902 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.507916927 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.507993937 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.508029938 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.508066893 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.508219957 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.508559942 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.508707047 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.508737087 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.508758068 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.509037971 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.509505987 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.509664059 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.509673119 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.509737968 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.509871006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.510046959 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.510349989 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.510518074 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.510566950 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.510620117 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.510736942 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.510772943 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.512458086 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.512625933 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.512626886 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.512681007 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.512773037 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.512881041 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.514560938 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.514750004 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.514801979 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.514826059 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.514868021 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.514899015 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.515002012 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.515037060 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.515218019 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.515249014 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.515654087 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.515830994 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.515842915 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.515912056 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516019106 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.516172886 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.516221046 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516490936 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.516556978 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516717911 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516791105 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.516799927 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516848087 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.516874075 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.516999960 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.517349005 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.517509937 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.517544985 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.517674923 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.517757893 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.517771959 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.517832041 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.517851114 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.517967939 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.518163919 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.518481970 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.518661022 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.518727064 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.518748999 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.518769026 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.518805981 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.518894911 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.518908024 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.519284010 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.519440889 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.519444942 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.519510031 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.519690990 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.519723892 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.519867897 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.520220041 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.520375967 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.520390987 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.520457029 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.520530939 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.520541906 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.520709038 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.520762920 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.520773888 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.521002054 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.521037102 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.521065950 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.521182060 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.521209002 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.521214008 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.521259069 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.521423101 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.521819115 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.522022009 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.522037029 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.522104979 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.522176027 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.522335052 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.522380114 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.522675991 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.523279905 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523447037 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523469925 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.523535967 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523619890 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523648977 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.523715973 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523806095 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.523840904 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.523998976 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.525341988 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525515079 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525594950 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525593042 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.525641918 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525681019 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.525738001 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.525757074 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.525774956 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525790930 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.525965929 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526005983 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526034117 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526113033 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526134014 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526194096 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526211977 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526329041 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526343107 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526401997 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526431084 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526472092 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526520014 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526556015 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526678085 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526680946 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526698112 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.526751995 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526822090 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.526870966 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527015924 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527163982 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527185917 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527206898 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527354002 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527379990 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527398109 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527533054 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527549028 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527550936 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527573109 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.527731895 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.527951002 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528100014 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.528117895 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528263092 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528295040 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528299093 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.528327942 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528439045 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528477907 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.528512001 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.528613091 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.528740883 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.528824091 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529040098 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529053926 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529073000 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529170036 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529232979 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529262066 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529268980 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529279947 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529377937 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529413939 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529436111 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529521942 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529639006 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529715061 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529942989 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.529964924 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.529985905 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530133009 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530149937 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530168056 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530281067 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530318975 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530368090 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530406952 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530436993 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530488014 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530548096 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530565023 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530740023 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530769110 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530919075 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.530922890 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.530949116 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531115055 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531117916 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531141043 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531255007 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531260967 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531269073 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531289101 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531460047 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531486988 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531507015 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531689882 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531730890 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531763077 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531841993 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531878948 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.531929016 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.531955004 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532068968 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532079935 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532131910 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532150030 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532231092 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532320976 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532480955 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532629013 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532656908 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532772064 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532809973 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532840967 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.532918930 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.532952070 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533035994 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533071041 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533102989 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533143044 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533195019 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533214092 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533296108 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533324003 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533423901 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533423901 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533483982 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533505917 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533535004 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533601999 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533740044 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533762932 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533790112 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533874989 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533890009 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.533920050 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.533967972 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.534030914 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:33:05.534061909 CEST | 443 | 49756 | 142.250.184.193 | 192.168.11.20 |
Oct 13, 2021 16:33:05.534094095 CEST | 49756 | 443 | 192.168.11.20 | 142.250.184.193 |
Oct 13, 2021 16:34:41.253576994 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.273089886 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.273247004 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.350827932 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.351372004 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.371068001 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.371360064 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.392384052 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.395304918 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.420197964 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.420258045 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.420305014 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.420336962 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.420496941 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.421627045 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.424868107 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.444643021 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.486612082 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.591067076 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.610609055 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.612457991 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.632363081 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.632899046 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.656090975 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.656719923 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.676634073 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.677021027 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.735794067 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.807358980 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.807765007 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.827119112 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.857863903 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.857908964 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.857911110 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.858001947 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:34:41.877388954 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.877437115 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.877521992 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:41.877553940 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:43.086245060 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:34:43.126842022 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:35:43.149774075 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:35:43.150007010 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:36:21.167957067 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:36:21.188999891 CEST | 587 | 49769 | 185.111.89.226 | 192.168.11.20 |
Oct 13, 2021 16:36:21.189182043 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 13, 2021 16:36:21.189613104 CEST | 49769 | 587 | 192.168.11.20 | 185.111.89.226 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 13, 2021 16:33:04.292656898 CEST | 53016 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 16:33:04.325974941 CEST | 53 | 53016 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 16:33:05.163070917 CEST | 57067 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 16:33:05.202397108 CEST | 53 | 57067 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 16:34:41.143795967 CEST | 55053 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 16:34:41.202826977 CEST | 53 | 55053 | 1.1.1.1 | 192.168.11.20 |
Oct 13, 2021 16:35:29.343837976 CEST | 55011 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 13, 2021 16:35:29.415577888 CEST | 53 | 55011 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 13, 2021 16:33:04.292656898 CEST | 192.168.11.20 | 1.1.1.1 | 0xdaf6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 16:33:05.163070917 CEST | 192.168.11.20 | 1.1.1.1 | 0xc127 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 16:34:41.143795967 CEST | 192.168.11.20 | 1.1.1.1 | 0xfad0 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 13, 2021 16:35:29.343837976 CEST | 192.168.11.20 | 1.1.1.1 | 0x3d59 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 13, 2021 16:32:27.476210117 CEST | 1.1.1.1 | 192.168.11.20 | 0x4d46 | No error (0) | apimgmttmr17ij3jt5dneg64srod9jevcuajxaoube4brtu9cq.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 16:32:27.476210117 CEST | 1.1.1.1 | 192.168.11.20 | 0x4d46 | No error (0) | apimgmthszbjimgeglorvthkncixvpso9vnynvh3ehmsdll33a.cloudapp.net | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 16:33:04.325974941 CEST | 1.1.1.1 | 192.168.11.20 | 0xdaf6 | No error (0) | 172.217.168.46 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 16:33:05.202397108 CEST | 1.1.1.1 | 192.168.11.20 | 0xc127 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 16:33:05.202397108 CEST | 1.1.1.1 | 192.168.11.20 | 0xc127 | No error (0) | 142.250.184.193 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 16:34:41.202826977 CEST | 1.1.1.1 | 192.168.11.20 | 0xfad0 | No error (0) | csavarcsapagyexpress.hu | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 16:34:41.202826977 CEST | 1.1.1.1 | 192.168.11.20 | 0xfad0 | No error (0) | 185.111.89.226 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 16:35:29.415577888 CEST | 1.1.1.1 | 192.168.11.20 | 0x3d59 | No error (0) | edge-web.dual-gslb.spotify.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 13, 2021 16:35:29.415577888 CEST | 1.1.1.1 | 192.168.11.20 | 0x3d59 | No error (0) | 35.186.224.25 | A (IP address) | IN (0x0001) | ||
Oct 13, 2021 16:38:43.594571114 CEST | 1.1.1.1 | 192.168.11.20 | 0xeb1d | No error (0) | www.tm.a.prd.aadg.akadns.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49755 | 172.217.168.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 14:33:04 UTC | 0 | OUT | |
2021-10-13 14:33:05 UTC | 0 | IN | |
2021-10-13 14:33:05 UTC | 1 | IN | |
2021-10-13 14:33:05 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49756 | 142.250.184.193 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-13 14:33:05 UTC | 1 | OUT | |
2021-10-13 14:33:05 UTC | 2 | IN |