Play interactive tourEdit tour
Windows Analysis Report PEDIDO.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Yara detected AgentTesla
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops certificate files (DER)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "margaridasantos@tccinfaes.comTccBps1427logmail.tccinfaes.comsarahmorg434@gmail.com"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
Networking: |
---|
Sigma detected: RegAsm connects to smtp port | Show sources |
Source: | Author: Joe Security: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Antivirus detection for URL or domain | Show sources |
Source: | Avira URL Cloud: |
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 6_2_1C9C2338 | |
Source: | Code function: | 6_2_1C9C2A70 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | File created: | Jump to dropped file |
Source: | Static PE information: |
Source: | Code function: | 1_2_00401673 | |
Source: | Code function: | 1_2_00401626 | |
Source: | Code function: | 1_2_00401437 | |
Source: | Code function: | 1_2_02AA5290 | |
Source: | Code function: | 1_2_02AA1623 | |
Source: | Code function: | 1_2_02AA1A0E | |
Source: | Code function: | 1_2_02AA398D | |
Source: | Code function: | 1_2_02AA6733 | |
Source: | Code function: | 1_2_02AA071E | |
Source: | Code function: | 1_2_02AA391C | |
Source: | Code function: | 6_2_00A41130 | |
Source: | Code function: | 6_2_00A43A50 | |
Source: | Code function: | 6_2_00A4BA58 | |
Source: | Code function: | 6_2_00A44320 | |
Source: | Code function: | 6_2_00A4C7B8 | |
Source: | Code function: | 6_2_00A43708 | |
Source: | Code function: | 6_2_00AA6D90 | |
Source: | Code function: | 6_2_00AA07E0 | |
Source: | Code function: | 6_2_00B3C04B | |
Source: | Code function: | 6_2_00B3BF79 | |
Source: | Code function: | 6_2_00E478D0 | |
Source: | Code function: | 6_2_00E4F540 | |
Source: | Code function: | 6_2_00E47A3F | |
Source: | Code function: | 6_2_00E4D7A8 | |
Source: | Code function: | 6_2_00E46728 | |
Source: | Code function: | 6_2_00E444F8 | |
Source: | Code function: | 6_2_00E43330 | |
Source: | Code function: | 6_2_1C9C7096 | |
Source: | Code function: | 6_2_1C9CAC28 | |
Source: | Code function: | 6_2_1C9C6908 | |
Source: | Code function: | 6_2_1C9CF260 | |
Source: | Code function: | 6_2_1C9CCB97 | |
Source: | Code function: | 6_2_1C9C0006 | |
Source: | Code function: | 6_2_1C9C0040 | |
Source: | Code function: | 6_2_1C9C6148 | |
Source: | Code function: | 6_2_1FD45E08 | |
Source: | Code function: | 6_2_1FD44ACC | |
Source: | Code function: | 6_2_1FD45DC1 | |
Source: | Code function: | 6_2_1FD46AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_00405ACD | |
Source: | Code function: | 1_2_004046EF | |
Source: | Code function: | 1_2_02AA095C | |
Source: | Code function: | 6_2_1C9CC81D |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 6_2_00A46950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to steal Mail credentials (via file access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading1 | OS Credential Dumping2 | Query Registry1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Credentials in Registry1 | Security Software Discovery421 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Security Account Manager | Process Discovery2 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Virtualization/Sandbox Evasion341 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | Application Window Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | File and Directory Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | System Information Discovery115 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Virustotal | Browse | ||
11% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
tccinfaes.com | 188.93.227.195 | true | true |
| unknown |
drive.google.com | 172.217.168.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.181.225 | true | false | high | |
doc-0g-as-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.tccinfaes.com | unknown | unknown | true |
| unknown |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.168.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.181.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
188.93.227.195 | tccinfaes.com | Portugal | 8426 | CLARANET-ASClaraNETLTDGB | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 1664 |
Start date: | 14.10.2021 |
Start time: | 10:44:55 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | PEDIDO.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 22 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.spre.troj.spyw.evad.winEXE@10/3@4/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
10:47:34 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
188.93.227.195 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
CLARANET-ASClaraNETLTDGB | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | modified |
Size (bytes): | 192 |
Entropy (8bit): | 2.755523122618336 |
Encrypted: | false |
SSDEEP: | 3:kkFklv01cMlXfllXlE/zMcArXNNX8RolJuRdyo1dlUKlGXJlDdt:kKTjl81OdNMa8Rdy+UKcXP |
MD5: | 240C5803FD8B708383CCED2908F7ED81 |
SHA1: | AC7AE0B5E7D78BE98C95E19D2CA9ED52CACD6677 |
SHA-256: | 6D2D7E41F80CFEF882973A57D2CDFDBB8B41A55F5D790C2A4B5903244E172605 |
SHA-512: | 57B265B7BEC44D3023F0886D897BD1B37D24A262A12AAEE0ABE4CEB2E03665655A578C4A2EC55006B5B8138DABF8D7DB674ECD02E3C98B0D5C2D3031B41B2868 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.79980248716969 |
TrID: |
|
File name: | PEDIDO.exe |
File size: | 98304 |
MD5: | 8bc016e5779262b772d16903af6e142c |
SHA1: | 5fa020fa3a63a481eff19fca06e11c424d346e9f |
SHA256: | 69a8e2fa9664dce4cb9ab2d1a2e7ba67bd0516b9e4c8608e9c246d614be3241f |
SHA512: | 75705b51a700371ab9211b81bf0e36aeae80825418a3e260c9b9e6610cb3f31833349b309ac88f6e67bf3f16a34d349802c617a25f9a52e8bcfb989bf7289a53 |
SSDEEP: | 1536:tqD1R2xaclNLo4V4UQhH03JYVtKP2BlxS6pE5LD:tqPkNLo4VRQh8OKettS5L |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L...i..T.................@...0...............P....@........ |
File Icon |
---|
Icon Hash: | 69e1c892f664c884 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4012b4 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5402F169 [Sun Aug 31 09:56:57 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3d3cd1bd8dcc611a5734bf41f4e1a6a6 |
Entrypoint Preview |
---|
Instruction |
---|
push 004102ECh |
call 00007F8784739123h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add ah, dl |
adc ah, byte ptr [edx+4B4D12BAh] |
cdq |
mov ecx, 444C7E8Ah |
in eax, dx |
in al, dx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc ebp |
outsb |
insd |
jc 00007F878473919Dh |
xor dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
cmp bl, ah |
sub al, BCh |
out dx, eax |
test al, D9h |
inc ebp |
inc ebx |
mov ah, 7Bh |
pop esp |
sub al, 9Bh |
mov byte ptr [ecx], al |
test dword ptr [eax+11E72ED8h], 8B481779h |
cmp bl, byte ptr [edi] |
ret |
nop |
dec ecx |
mov dword ptr [edx+33AD4F3Ah], ebx |
cdq |
iretw |
adc dword ptr [edi+00AA000Ch], esi |
pushad |
rcl dword ptr [ebx+00000000h], cl |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
lodsb |
in eax, dx |
add byte ptr [eax], al |
or ecx, dword ptr [ecx] |
add byte ptr [eax], al |
add byte ptr [esi], al |
add byte ptr [esi+65h], dl |
outsb |
je 00007F8784739197h |
jc 00007F8784739132h |
or eax, 51000601h |
jne 00007F8784739197h |
jc 00007F8784739197h |
jnc 00007F8784739132h |
sbb dword ptr [ecx], eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x13f04 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x16000 | 0x1c32 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xf0 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x132f8 | 0x14000 | False | 0.50859375 | data | 6.25990201424 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x15000 | 0xcc4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x16000 | 0x1c32 | 0x2000 | False | 0.346435546875 | data | 3.68560912734 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x17934 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
CUSTOM | 0x17076 | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
CUSTOM | 0x16d78 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors, 4 bits/pixel | English | United States |
RT_ICON | 0x164d0 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x164bc | 0x14 | data | ||
RT_VERSION | 0x161a0 | 0x31c | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, __vbaLateIdCallLd, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaVarAdd, __vbaVarDup, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | ExpressVPN |
InternalName | Lurifaksernes |
FileVersion | 4.00 |
CompanyName | ExpressVPN |
LegalTrademarks | ExpressVPN |
Comments | ExpressVPN |
ProductName | ExpressVPN |
ProductVersion | 4.00 |
FileDescription | ExpressVPN |
OriginalFilename | Lurifaksernes.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2021 10:47:22.804116011 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.804188967 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.804392099 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.823154926 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.823209047 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.880420923 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.880661011 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.882417917 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.882608891 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.997232914 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:22.997293949 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.998034000 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:22.998297930 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.003554106 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.045945883 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.368940115 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.369133949 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.369234085 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.369381905 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.369426012 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.369532108 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.369560957 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.369610071 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.369708061 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.369728088 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.426846981 CEST | 49795 | 443 | 192.168.11.20 | 172.217.168.46 |
Oct 14, 2021 10:47:23.426906109 CEST | 443 | 49795 | 172.217.168.46 | 192.168.11.20 |
Oct 14, 2021 10:47:23.507318974 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.507384062 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.507550001 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.507863045 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.507904053 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.561512947 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.561748981 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.564671040 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.564820051 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.564850092 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.568097115 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.568121910 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.568531036 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.568701982 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.568936110 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.610017061 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.816692114 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.816852093 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.816930056 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.817116976 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.817358017 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.817766905 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.817986965 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.819242001 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.819386959 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.819417000 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.819432020 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.819458961 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.819607019 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.819911957 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.820166111 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.820208073 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.820358992 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.826781034 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.826941013 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.826987028 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.827136040 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.827169895 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.827318907 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.827356100 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.827574968 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.827733994 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.827902079 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.827940941 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.828090906 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.828448057 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.828632116 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.828665972 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.828891993 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.829152107 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.829308987 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.829344034 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.829523087 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.829945087 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.830156088 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.830199957 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.830353975 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.830611944 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.830785990 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.830827951 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.830977917 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.831372976 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.831542969 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.831589937 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.831783056 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.832349062 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.832501888 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.832544088 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.832715034 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.832745075 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.832870007 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.832978010 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.833019018 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.833066940 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.833164930 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.833993912 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834234953 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834239006 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.834280014 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834398031 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.834430933 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834605932 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.834719896 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834867001 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.834883928 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.834917068 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.835000038 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.835019112 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.835536003 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.835685968 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.835691929 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.835716963 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.835892916 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.837361097 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.837513924 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.837548018 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.837641001 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.837719917 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.837749958 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.837799072 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.837902069 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.837935925 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838044882 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838093042 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.838129044 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838198900 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.838371038 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.838404894 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838560104 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.838645935 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838804007 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.838820934 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.838840008 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.839010000 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.839045048 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.839200020 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.839611053 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.839776039 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.839804888 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.839822054 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.839961052 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.839993000 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.840141058 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.840814114 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.840974092 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.841020107 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.841223955 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.841398001 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.841545105 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.841583014 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.841732979 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.841768980 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.841933966 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.842053890 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.842226982 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.842267036 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.842489958 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.842514038 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.842541933 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.842653990 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.842803955 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.842902899 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843121052 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843158960 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843307972 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843348980 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843497038 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843534946 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843712091 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843759060 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843790054 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.843864918 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843945980 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.843976021 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844125986 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844160080 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844315052 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844350100 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844502926 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844511986 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844542980 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844630003 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844654083 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844731092 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.844873905 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.844934940 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.845098972 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.845128059 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.845276117 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.845284939 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.845310926 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.845488071 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.846266985 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.846425056 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.846458912 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.846570015 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.846666098 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.846704960 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.846744061 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.846843004 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.846868038 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.846882105 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.847023964 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.847033978 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.847055912 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.847157955 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.847232103 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.847333908 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.847363949 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.847382069 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.847507954 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.848218918 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848386049 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.848429918 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848601103 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848618984 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.848651886 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848731995 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.848824978 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848886967 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.848923922 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.848977089 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849040031 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849066019 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849093914 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849221945 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849255085 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849383116 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849399090 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849423885 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849605083 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849606037 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849632025 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849733114 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849752903 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849776030 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.849921942 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.849957943 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850116014 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850182056 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850204945 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850261927 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850282907 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850323915 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850343943 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850466967 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850497961 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850518942 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850667000 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850830078 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850840092 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850858927 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.850975037 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.850992918 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851121902 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851145029 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851165056 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851195097 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851217985 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851269007 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851367950 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851378918 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851521015 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851658106 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851799965 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851811886 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851938963 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.851953983 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.851969957 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852050066 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852125883 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852145910 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852205992 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852221012 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852286100 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852447033 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852457047 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852591991 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852648973 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852790117 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.852854967 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852968931 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.852998972 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853017092 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853100061 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853163004 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853184938 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853223085 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853308916 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853439093 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853450060 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853590965 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853602886 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853737116 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853809118 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853827000 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.853892088 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.853915930 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854060888 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854073048 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854108095 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854213953 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854228020 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854420900 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854435921 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854537964 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854583979 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854597092 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854609966 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854698896 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854746103 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854751110 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854799986 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854819059 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.854861975 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.854932070 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855057001 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855063915 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855149984 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855201006 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855215073 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855276108 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855365038 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855371952 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855412006 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855427980 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855459929 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855515003 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855613947 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855623960 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855767965 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.855892897 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.855966091 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.856046915 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.856096029 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.856111050 CEST | 443 | 49796 | 142.250.181.225 | 192.168.11.20 |
Oct 14, 2021 10:47:23.856143951 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:47:23.856209040 CEST | 49796 | 443 | 192.168.11.20 | 142.250.181.225 |
Oct 14, 2021 10:48:59.634769917 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:48:59.684962988 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:48:59.685165882 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:03.872208118 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:03.873426914 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:03.923958063 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:03.924401045 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:03.978167057 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:03.981957912 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.042304993 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.042387009 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.042437077 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.042696953 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.049652100 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.100640059 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.150158882 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.655208111 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.705615997 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.707501888 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.758299112 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.758934021 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.848287106 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.864567995 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.865276098 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.915379047 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.915750027 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:04.979686022 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:04.980180979 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.031260014 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.071830034 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.075567007 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.075592995 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.075653076 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.075661898 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:49:05.125819921 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.125933886 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.125968933 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.125998974 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.150690079 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:49:05.196801901 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:50:39.348105907 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:50:39.400023937 CEST | 587 | 49827 | 188.93.227.195 | 192.168.11.20 |
Oct 14, 2021 10:50:39.400352955 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
Oct 14, 2021 10:50:39.400665045 CEST | 49827 | 587 | 192.168.11.20 | 188.93.227.195 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Oct 14, 2021 10:47:22.769853115 CEST | 56974 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 10:47:22.793199062 CEST | 53 | 56974 | 1.1.1.1 | 192.168.11.20 |
Oct 14, 2021 10:47:23.474787951 CEST | 52856 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 10:47:23.506088018 CEST | 53 | 52856 | 1.1.1.1 | 192.168.11.20 |
Oct 14, 2021 10:48:59.310488939 CEST | 50580 | 53 | 192.168.11.20 | 1.1.1.1 |
Oct 14, 2021 10:48:59.595242023 CEST | 53 | 50580 | 1.1.1.1 | 192.168.11.20 |
Oct 14, 2021 10:49:04.372673035 CEST | 54578 | 53 | 192.168.11.20 | 1.1.1.1 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Oct 14, 2021 10:47:22.769853115 CEST | 192.168.11.20 | 1.1.1.1 | 0x754b | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 14, 2021 10:47:23.474787951 CEST | 192.168.11.20 | 1.1.1.1 | 0x66af | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 14, 2021 10:48:59.310488939 CEST | 192.168.11.20 | 1.1.1.1 | 0xf0e | Standard query (0) | A (IP address) | IN (0x0001) | |
Oct 14, 2021 10:49:04.372673035 CEST | 192.168.11.20 | 1.1.1.1 | 0xfcd8 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Oct 14, 2021 10:47:22.793199062 CEST | 1.1.1.1 | 192.168.11.20 | 0x754b | No error (0) | 172.217.168.46 | A (IP address) | IN (0x0001) | ||
Oct 14, 2021 10:47:23.506088018 CEST | 1.1.1.1 | 192.168.11.20 | 0x66af | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 14, 2021 10:47:23.506088018 CEST | 1.1.1.1 | 192.168.11.20 | 0x66af | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) | ||
Oct 14, 2021 10:48:59.595242023 CEST | 1.1.1.1 | 192.168.11.20 | 0xf0e | No error (0) | tccinfaes.com | CNAME (Canonical name) | IN (0x0001) | ||
Oct 14, 2021 10:48:59.595242023 CEST | 1.1.1.1 | 192.168.11.20 | 0xf0e | No error (0) | 188.93.227.195 | A (IP address) | IN (0x0001) | ||
Oct 14, 2021 10:49:04.430510044 CEST | 1.1.1.1 | 192.168.11.20 | 0xfcd8 | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49795 | 172.217.168.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-14 08:47:22 UTC | 0 | OUT | |
2021-10-14 08:47:23 UTC | 0 | IN | |
2021-10-14 08:47:23 UTC | 1 | IN | |
2021-10-14 08:47:23 UTC | 1 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49796 | 142.250.181.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-10-14 08:47:23 UTC | 1 | OUT | |
2021-10-14 08:47:23 UTC | 2 | IN |