Play interactive tourEdit tour
Windows Analysis Report Orden de compra M244545.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Yara detected AgentTesla
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.huebuksebs@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Source: | Code function: | 11_2_01476E10 | |
Source: | Code function: | 11_2_01477608 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040166E | |
Source: | Code function: | 0_2_00401621 | |
Source: | Code function: | 0_2_00401432 | |
Source: | Code function: | 11_2_01006B08 | |
Source: | Code function: | 11_2_010007F8 | |
Source: | Code function: | 11_2_01044320 | |
Source: | Code function: | 11_2_01043A50 | |
Source: | Code function: | 11_2_0104BA58 | |
Source: | Code function: | 11_2_0104C7B8 | |
Source: | Code function: | 11_2_01043708 | |
Source: | Code function: | 11_2_01438C80 | |
Source: | Code function: | 11_2_0143C710 | |
Source: | Code function: | 11_2_0143A318 | |
Source: | Code function: | 11_2_01434EB0 | |
Source: | Code function: | 11_2_01431D28 | |
Source: | Code function: | 11_2_014341D1 | |
Source: | Code function: | 11_2_01435450 | |
Source: | Code function: | 11_2_01437F90 | |
Source: | Code function: | 11_2_014332A8 | |
Source: | Code function: | 11_2_014728D0 | |
Source: | Code function: | 11_2_014740B8 | |
Source: | Code function: | 11_2_01479B20 | |
Source: | Code function: | 11_2_1D1A39D0 | |
Source: | Code function: | 11_2_1D1A3718 | |
Source: | Code function: | 11_2_1D1A0672 | |
Source: | Code function: | 11_2_1D1A7048 | |
Source: | Code function: | 11_2_1D1A39C8 | |
Source: | Code function: | 11_2_1D1A3808 | |
Source: | Code function: | 11_2_1D1AA760 | |
Source: | Code function: | 11_2_1D1A37E2 | |
Source: | Code function: | 11_2_1E065E08 | |
Source: | Code function: | 11_2_1E064ACC | |
Source: | Code function: | 11_2_1E066AF1 | |
Source: | Code function: | 11_2_0143AD10 | |
Source: | Code function: | 11_2_0143CCAF |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 0_2_004059CF | |
Source: | Code function: | 11_2_1D1A0381 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | 11_2_0104EA88 |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 11_2_01046950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion351 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion351 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
csavarcsapagyexpress.hu | 185.111.89.226 | true | true |
| unknown |
drive.google.com | 172.217.168.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.193 | true | false | high | |
doc-14-9g-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.csavarcsapagyexpress.hu | unknown | unknown | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.185.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
185.111.89.226 | csavarcsapagyexpress.hu | Hungary | 51013 | WEBSUPPORT-SRO-SK-ASSK | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1655 |
Start date: | 14.10.2021 |
Start time: | 04:13:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Orden de compra M244545.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@5/1@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
04:15:58 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.111.89.226 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
WEBSUPPORT-SRO-SK-ASSK | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.7855993258224325 |
TrID: |
|
File name: | Orden de compra M244545.exe |
File size: | 98304 |
MD5: | 7c04ecf5dc6999877e87cf9c1c933a3f |
SHA1: | 905c177e8ea3a2173e322c13b25cd156bd6dea39 |
SHA256: | cf7bd1c802c044a777529246743d3a5c907e4c02a29525afe2c48daee9b2fd9d |
SHA512: | 125d0c2e70138bac0c6fb7416085b993c24ed67a8881be2b5f6a9361f4814dbd0084b99b182d7275d02ee0dcb877b8ad5c04f7711a454abf7359c5ef4aaf8459 |
SSDEEP: | 1536:tNDLZynUIR5qVCSbwmNYDsbYFSrZbQFsnD+IjDlD:tNB7U5qVC8wkkFg73jDl |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L......K.................@...0...............P....@........ |
File Icon |
---|
Icon Hash: | 69e1c892f664c884 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012b4 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4BCDC590 [Tue Apr 20 15:17:36 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3d3cd1bd8dcc611a5734bf41f4e1a6a6 |
Entrypoint Preview |
---|
Instruction |
---|
push 0041051Ch |
call 00007F2980BFBA33h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
ror dword ptr [ebp+esi-10ACEBBCh], 1 |
dec ebx |
call far A5DAh : 696DB9C0h |
stc |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc ecx |
dec ecx |
dec esi |
inc esi |
dec edi |
push edx |
pop edx |
imul esp, dword ptr [ebp+72h], 0A003473h |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
cmp byte ptr [58E9EFEDh], al |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x14124 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x16000 | 0x1c2a | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xf0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x13518 | 0x14000 | False | 0.510925292969 | data | 6.24325085767 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0xcc4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x16000 | 0x1c2a | 0x2000 | False | 0.346069335938 | data | 3.69516488298 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x1792c | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x1706e | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
CUSTOM | 0x16d70 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel | English | United States |
RT_ICON | 0x164c8 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x164b4 | 0x14 | data | ||
RT_VERSION | 0x161a0 | 0x314 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | ExpressVPN |
InternalName | REMEMBERER |
FileVersion | 4.00 |
CompanyName | ExpressVPN |
LegalTrademarks | ExpressVPN |
Comments | ExpressVPN |
ProductName | ExpressVPN |
ProductVersion | 4.00 |
FileDescription | ExpressVPN |
OriginalFilename | REMEMBERER.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2021 04:15:47.597313881 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.597330093 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:47.597592115 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.609925985 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.609935999 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:47.646533012 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:47.646771908 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.646914959 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.647135973 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:47.647396088 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.821963072 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.822685957 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:47.823004961 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.828558922 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:47.869894981 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:48.310708046 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:48.310936928 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:48.311151028 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:48.311183929 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:48.311197996 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:48.311389923 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:48.368861914 CEST | 49780 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 04:15:48.368880987 CEST | 443 | 49780 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 04:15:48.445447922 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.445466042 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.445636988 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.445991039 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.446002007 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.478605986 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.478737116 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.478841066 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.479401112 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.479671955 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.483174086 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.483345985 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.483500004 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.484282970 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.526016951 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.854543924 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.854717970 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.854800940 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.854846001 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.854929924 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.854965925 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.855027914 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855061054 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.855115891 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855142117 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855356932 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855654955 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.855851889 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855895042 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.855906963 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.856131077 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.856362104 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.859510899 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.859743118 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.862386942 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.862570047 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.862620115 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.862919092 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.865325928 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.865575075 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.865614891 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.865772963 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.865792990 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.865814924 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.865952015 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.865973949 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.866023064 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.866229057 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.866242886 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.866267920 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.866395950 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.866424084 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.866445065 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.866674900 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.867353916 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.867532969 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.867573977 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.867769957 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.867827892 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.867980003 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.868096113 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.868238926 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.868269920 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.868546963 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.868604898 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.868839025 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.869071007 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.869230032 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.869265079 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.869508982 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.869565964 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.869779110 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.869824886 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.869976044 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.870019913 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.870233059 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.870289087 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.870496988 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.870806932 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.870968103 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.871002913 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.871148109 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.871186018 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.871421099 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.871603012 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.871781111 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.871937990 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.871994019 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.872005939 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.872242928 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.873265982 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.873465061 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.873495102 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.873517990 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.873663902 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.873703003 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.873965979 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.874202967 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.874254942 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.874521017 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.876319885 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.876507044 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.876569033 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.876605988 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.876671076 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.876786947 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.876869917 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.876899004 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.876949072 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.877038956 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.877067089 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.877083063 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.877307892 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.877356052 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.877531052 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.877676964 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.877863884 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.877872944 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.877911091 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.878024101 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.878050089 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.878067970 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.878273964 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.878498077 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.878652096 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.878676891 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.878695011 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.878900051 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.878946066 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.879127979 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.879317999 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.879477978 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.879498959 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.879520893 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.879635096 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.879657030 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.879673004 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.879880905 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.880108118 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.880264044 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.880294085 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.880398989 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.880470991 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.880503893 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.880609989 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.880788088 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.881007910 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881156921 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.881349087 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881494999 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.881524086 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881623983 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881701946 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.881722927 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881737947 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.881794930 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.881880999 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.882179022 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.882354021 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.882375956 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.882395983 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.882533073 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.882560968 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.882579088 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.882726908 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.882911921 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883070946 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.883093119 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883200884 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883306026 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.883331060 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883394003 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.883474112 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.883716106 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883874893 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.883944035 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.883969069 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884022951 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884089947 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884119987 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884140968 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884267092 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884347916 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884639978 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884790897 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884803057 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884826899 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.884960890 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.884985924 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.885113955 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.885210991 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.885231972 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.885261059 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.885282993 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.885369062 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.885462046 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.887396097 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.887561083 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.887689114 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.887736082 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.887763977 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.887883902 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.887973070 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888139009 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888174057 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888338089 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888381958 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888413906 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888488054 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888567924 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888591051 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888731003 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888731956 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888760090 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888866901 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888894081 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.888900042 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.888912916 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889054060 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889071941 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889089108 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889199018 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889249086 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889329910 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889369011 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889389038 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889421940 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889494896 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889578104 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889585018 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889609098 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889738083 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889753103 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.889790058 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.889883995 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890060902 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890125990 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890149117 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890260935 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890292883 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890377998 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890440941 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890464067 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890494108 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890574932 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890598059 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890665054 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890685081 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890810013 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890850067 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.890861988 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.890876055 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891043901 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891079903 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891100883 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891186953 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891277075 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891287088 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891309023 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891448975 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891460896 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891484022 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891592979 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891618967 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891680956 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891702890 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891772032 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891845942 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.891855001 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.891874075 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892060995 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892072916 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892096043 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892204046 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892230988 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892297029 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892375946 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892400980 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892456055 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892554998 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892577887 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892754078 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.892779112 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892972946 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.892988920 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893034935 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893052101 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893104076 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893203020 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893223047 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893323898 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893410921 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893435001 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893491030 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893589973 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893645048 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893666029 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893743992 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893800974 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893824100 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.893856049 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.893996954 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894048929 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894066095 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894165993 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894212008 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894232035 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894375086 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894383907 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894401073 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894499063 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894570112 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894634962 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894658089 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.894732952 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894814014 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.894836903 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895025015 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895067930 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895181894 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895273924 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895278931 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895287991 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895359993 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895370007 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895451069 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895452023 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895462036 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895489931 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:15:48.895612955 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895668030 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895721912 CEST | 49781 | 443 | 192.168.11.20 | 142.250.185.193 |
Oct 14, 2021 04:15:48.895737886 CEST | 443 | 49781 | 142.250.185.193 | 192.168.11.20 |
Oct 14, 2021 04:17:24.706707001 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.728167057 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.728395939 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.811098099 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.811794996 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.833708048 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.834151983 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.857367039 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.860424995 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.887386084 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.887486935 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.887567997 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.887624025 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.887729883 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.887789011 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.888670921 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.891997099 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:24.913861036 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:24.962604046 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.039819002 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.061616898 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.063045979 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.085180044 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.085645914 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.114952087 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.115622997 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.137628078 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.138050079 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.200640917 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.272274971 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.272720098 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.294678926 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.337587118 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.360786915 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.360826969 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.360903978 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.360975981 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:17:25.382628918 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.382661104 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.382680893 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:25.382702112 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:26.560708046 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:17:26.602941990 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:18:26.625785112 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:18:26.626110077 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:19:04.628603935 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:19:04.651602030 CEST | 587 | 49788 | 185.111.89.226 | 192.168.11.20 |
Oct 14, 2021 04:19:04.651890993 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
Oct 14, 2021 04:19:04.652384996 CEST | 49788 | 587 | 192.168.11.20 | 185.111.89.226 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2021 04:15:47.563695908 CEST | 55921 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 04:15:47.584059954 CEST | 53 | 55921 | 1.1.1.1 | 192.168.11.20 |
Oct 14, 2021 04:15:48.407147884 CEST | 54760 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 04:15:48.444083929 CEST | 53 | 54760 | 1.1.1.1 | 192.168.11.20 |
Oct 14, 2021 04:17:24.591820002 CEST | 57826 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 04:17:24.665316105 CEST | 53 | 57826 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 14, 2021 04:15:47.563695908 CEST | 192.168.11.20 | 1.1.1.1 | 0xe06c | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 14, 2021 04:15:48.407147884 CEST | 192.168.11.20 | 1.1.1.1 | 0x6496 | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 14, 2021 04:17:24.591820002 CEST | 192.168.11.20 | 1.1.1.1 | 0x1227 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 14, 2021 04:15:47.584059954 CEST | 1.1.1.1 | 192.168.11.20 | 0xe06c | No error (0) | 172.217.168.46 | A (IP address) | IN (0x0001) | ||
Oct 14, 2021 04:15:48.444083929 CEST | 1.1.1.1 | 192.168.11.20 | 0x6496 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 14, 2021 04:15:48.444083929 CEST | 1.1.1.1 | 192.168.11.20 | 0x6496 | No error (0) | 142.250.185.193 | A (IP address) | IN (0x0001) | ||
Oct 14, 2021 04:17:24.665316105 CEST | 1.1.1.1 | 192.168.11.20 | 0x1227 | No error (0) | csavarcsapagyexpress.hu | CNAME (Canonical name) | IN (0x0001) | ||
Oct 14, 2021 04:17:24.665316105 CEST | 1.1.1.1 | 192.168.11.20 | 0x1227 | No error (0) | 185.111.89.226 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49780 | 172.217.168.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-14 02:15:47 UTC | 0 | OUT | |
2021-10-14 02:15:48 UTC | 0 | IN | |
2021-10-14 02:15:48 UTC | 1 | IN | |
2021-10-14 02:15:48 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49781 | 142.250.185.193 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-14 02:15:48 UTC | 1 | OUT | |
2021-10-14 02:15:48 UTC | 2 | IN |