Play interactive tourEdit tour
Windows Analysis Report Sales Order List.exe
Overview
General Information
Detection
GuLoader AveMaria
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Yara detected Generic Dropper
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AveMaria stealer
GuLoader behavior detected
Multi AV Scanner detection for dropped file
Yara detected GuLoader
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect Any.run
Increases the number of concurrent connection per server for Internet Explorer
Contains functionality to hide user accounts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Allocates memory in foreign processes
Injects code into the Windows Explorer (explorer.exe)
Creates an undocumented autostart registry key
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Drops PE files to the application program directory (C:\ProgramData)
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Sigma detected: Direct Autorun Keys Modification
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Creates a DirectInput object (often for capturing keystrokes)
AV process strings found (often used to terminate AV products)
Installs a raw input device (often for capturing keystrokes)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Contains functionality to detect virtual machines (SLDT)
Uses reg.exe to modify the Windows registry
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=downloads;R"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
Click to see the 14 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AveMaria | Yara detected AveMaria stealer | Joe Security | ||
AveMaria_WarZone | unknown | unknown |
| |
MAL_Envrial_Jan18_1 | Detects Encrial credential stealer malware | Florian Roth |
| |
Click to see the 3 entries |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Direct Autorun Keys Modification | Show sources |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: |
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Directory created: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Binary or memory string: |
Source: | Binary or memory string: |
E-Banking Fraud: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 2_2_022E1E3D | |
Source: | Code function: | 2_2_022ED671 | |
Source: | Code function: | 2_2_022F6B37 | |
Source: | Code function: | 2_2_022EDBA3 | |
Source: | Code function: | 2_2_022ED01F | |
Source: | Code function: | 2_2_022E3D31 | |
Source: | Code function: | 2_2_022EC22A | |
Source: | Code function: | 2_2_022E4279 | |
Source: | Code function: | 2_2_022EAE56 | |
Source: | Code function: | 2_2_022E42A5 | |
Source: | Code function: | 2_2_022EAAA3 | |
Source: | Code function: | 2_2_022EA68C | |
Source: | Code function: | 2_2_022EE295 | |
Source: | Code function: | 2_2_022EA691 | |
Source: | Code function: | 2_2_022EC2E4 | |
Source: | Code function: | 2_2_022EBADD | |
Source: | Code function: | 2_2_022E2ED9 | |
Source: | Code function: | 2_2_022E12D4 | |
Source: | Code function: | 2_2_022EBED0 | |
Source: | Code function: | 2_2_022F2B30 | |
Source: | Code function: | 2_2_022F4F00 | |
Source: | Code function: | 2_2_022EB34D | |
Source: | Code function: | 2_2_022EB745 | |
Source: | Code function: | 2_2_022E5B99 | |
Source: | Code function: | 2_2_022E9FE8 | |
Source: | Code function: | 2_2_022EC7CD | |
Source: | Code function: | 2_2_022EBBD1 | |
Source: | Code function: | 2_2_022EC024 | |
Source: | Code function: | 2_2_022ED414 | |
Source: | Code function: | 2_2_022ED079 | |
Source: | Code function: | 2_2_022EB0C8 | |
Source: | Code function: | 2_2_022ED8D8 | |
Source: | Code function: | 2_2_022EC539 | |
Source: | Code function: | 2_2_022E2D33 | |
Source: | Code function: | 2_2_022F3D63 | |
Source: | Code function: | 2_2_022EB98D | |
Source: | Code function: | 2_2_022EBD85 | |
Source: | Code function: | 2_2_022F4993 | |
Source: | Code function: | 2_2_022EB5E0 | |
Source: | Code function: | 2_2_022ED5FC | |
Source: | Code function: | 15_2_02346B37 | |
Source: | Code function: | 15_2_0233DBA3 | |
Source: | Code function: | 15_2_02343D63 | |
Source: | Code function: | 15_2_02334279 | |
Source: | Code function: | 15_2_023342A5 | |
Source: | Code function: | 15_2_0233E295 | |
Source: | Code function: | 15_2_023312D4 | |
Source: | Code function: | 15_2_02342B30 | |
Source: | Code function: | 15_2_02344F00 | |
Source: | Code function: | 15_2_02339FE8 | |
Source: | Code function: | 15_2_02333FD5 | |
Source: | Code function: | 15_2_0233DBDF | |
Source: | Code function: | 15_2_0233D01F | |
Source: | Code function: | 15_2_02344993 | |
Source: | Code function: | 15_2_0233D5FC |
Source: | Code function: | 2_2_022EDBA3 | |
Source: | Code function: | 2_2_022ED01F | |
Source: | Code function: | 2_2_022E3D31 | |
Source: | Code function: | 2_2_022F6548 | |
Source: | Code function: | 2_2_022EC22A | |
Source: | Code function: | 2_2_022EDE40 | |
Source: | Code function: | 2_2_022EAE56 | |
Source: | Code function: | 2_2_022EAAA3 | |
Source: | Code function: | 2_2_022EC2E4 | |
Source: | Code function: | 2_2_022EBADD | |
Source: | Code function: | 2_2_022EBED0 | |
Source: | Code function: | 2_2_022F4F00 | |
Source: | Code function: | 2_2_022EB34D | |
Source: | Code function: | 2_2_022EB745 | |
Source: | Code function: | 2_2_022EC7CD | |
Source: | Code function: | 2_2_022EBBD1 | |
Source: | Code function: | 2_2_022EC024 | |
Source: | Code function: | 2_2_022EB0C8 | |
Source: | Code function: | 2_2_022ED8D8 | |
Source: | Code function: | 2_2_022EC539 | |
Source: | Code function: | 2_2_022EDD13 | |
Source: | Code function: | 2_2_022F3D63 | |
Source: | Code function: | 2_2_022EB98D | |
Source: | Code function: | 2_2_022EBD85 | |
Source: | Code function: | 2_2_022EB5E0 | |
Source: | Code function: | 4_2_0167834D | |
Source: | Code function: | 4_2_016780FC | |
Source: | Code function: | 4_2_01678529 | |
Source: | Code function: | 4_2_016780F7 | |
Source: | Code function: | 15_2_0233DBA3 | |
Source: | Code function: | 15_2_0233DBDF |
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Process created: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Directory created: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_0040441F | |
Source: | Code function: | 2_2_00403829 | |
Source: | Code function: | 2_2_004044E7 | |
Source: | Code function: | 2_2_0040A894 | |
Source: | Code function: | 2_2_0040A10A | |
Source: | Code function: | 2_2_00404597 | |
Source: | Code function: | 2_2_004045AB | |
Source: | Code function: | 2_2_004051C6 | |
Source: | Code function: | 2_2_0040665F | |
Source: | Code function: | 2_2_0040427B | |
Source: | Code function: | 2_2_004062C3 | |
Source: | Code function: | 2_2_0040A6CA | |
Source: | Code function: | 2_2_0040730F | |
Source: | Code function: | 2_2_0040434B | |
Source: | Code function: | 2_2_00404347 | |
Source: | Code function: | 2_2_0040634B | |
Source: | Code function: | 2_2_004067E7 | |
Source: | Code function: | 2_2_022E1D75 | |
Source: | Code function: | 2_2_022ED765 | |
Source: | Code function: | 2_2_022E183E | |
Source: | Code function: | 2_2_022E5122 | |
Source: | Code function: | 2_2_022E1D75 | |
Source: | Code function: | 2_2_022E9B0C | |
Source: | Code function: | 2_2_022E5FF5 | |
Source: | Code function: | 2_2_022ECC4A | |
Source: | Code function: | 2_2_022ED629 | |
Source: | Code function: | 2_2_022E001E | |
Source: | Code function: | 2_2_022E66CA | |
Source: | Code function: | 2_2_022E24FD | |
Source: | Code function: | 2_2_022E2E80 | |
Source: | Code function: | 2_2_022EDF11 |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Creates an undocumented autostart registry key | Show sources |
Source: | Key value created or modified: | Jump to behavior |
Hooking and other Techniques for Hiding and Protection: |
---|
Contains functionality to hide user accounts | Show sources |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Hides that the sample has been downloaded from the Internet (zone.identifier) | Show sources |
Source: | File opened: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 2_2_022F3AA0 |
Source: | Code function: | 4_3_018A1329 |
Source: | Process information queried: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 2_2_022F3AA0 |
Source: | Code function: | 2_2_022F2200 | |
Source: | Code function: | 2_2_022ED2AB | |
Source: | Code function: | 2_2_022F4F00 | |
Source: | Code function: | 2_2_022ED079 | |
Source: | Code function: | 2_2_022F2DB4 | |
Source: | Code function: | 15_2_02342200 | |
Source: | Code function: | 15_2_0233D2AD | |
Source: | Code function: | 15_2_02344F00 | |
Source: | Code function: | 15_2_02342DB4 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_022EEE64 |
Source: | Code function: | 2_2_022F6B37 | |
Source: | Code function: | 15_2_02346B37 |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Injects code into the Windows Explorer (explorer.exe) | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Lowering of HIPS / PFW / Operating System Security Settings: |
---|
Increases the number of concurrent connection per server for Internet Explorer | Show sources |
Source: | Registry key created or modified: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected Generic Dropper | Show sources |
Source: | File source: |
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
GuLoader behavior detected | Show sources |
Source: | Signature Results: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AveMaria stealer | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Registry Run Keys / Startup Folder1 | Process Injection312 | Masquerading3 | Input Capture21 | Query Registry1 | Remote Services | Input Capture21 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Endpoint Denial of Service1 |
Default Accounts | Scheduled Task/Job | DLL Side-Loading1 | Registry Run Keys / Startup Folder1 | Modify Registry1 | LSASS Memory | Security Software Discovery431 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion23 | Security Account Manager | Virtualization/Sandbox Evasion23 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection312 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol113 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Hidden Files and Directories1 | LSA Secrets | System Information Discovery2 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Hidden Users1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Obfuscated Files or Information1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Software Packing1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | DLL Side-Loading1 | /etc/passwd and /etc/shadow | System Network Connections Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | ReversingLabs | Win32.Trojan.GuLoader |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | ReversingLabs | Win32.Trojan.GuLoader |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.XPACK.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen2 | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.186.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.161 | true | false | high | |
doc-0k-48-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.185.161 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
93.184.220.29 | unknown | European Union | 15133 | EDGECASTUS | false |
Private |
---|
IP |
---|
192.168.11.1 |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 526595 |
Start date: | 22.11.2021 |
Start time: | 19:37:50 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Sales Order List.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.evad.winEXE@12/14@2/4 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:40:43 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
93.184.220.29 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
EDGECASTUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8478396170633179 |
Encrypted: | false |
SSDEEP: | 96:YGTIFeXYXpgU+KsFY2gUoh7JfrvXIxcQGc6YQVcENcw3Ti+HbHg/TVG4rmMoVazR:YSIkgqtKbmIbV3PLjEADu76dfAIO8QM |
MD5: | 726233F268AF487916D11A48783A277B |
SHA1: | 73F09323FE011E46836EA48C0B6C6E2672FB532F |
SHA-256: | 9A06535409A1A8800CCA715AA0EF99DFD56FC7142F838FFC69476DEE450F5C0C |
SHA-512: | E6EEBF38FE7840E6A080531551E774EC2B8BB10FFE26DFDA60458CBA0C04035A2E5B25BFA1C28D2AF00789592BF6111C034DFD01BAC8826F6E38A2E6DAB77A5A |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.848572589416445 |
Encrypted: | false |
SSDEEP: | 96:YTTPF7YYXpgU+KsFY2gUor7JDSvXIxcQsc6tcElcw3B+HbHg/TVG4rmMoVazWLn0:YnPhqtKMmSpvSjEADu76dfAIO8QM |
MD5: | 7DAB837A1A80EA790A9363618F28ADBD |
SHA1: | 1D59EAE9899B281C100E26112C3730F8A9A485F4 |
SHA-256: | 0CC025180D514E387C09D9E2050B162746A106E61E438BAC22A0E1F0FA190F45 |
SHA-512: | CF8F78A2CF5FCF3675AE183D2D13EED2C6F0F0339A41D9493F9F119C1572F89137CE6814C60A1E9EF5A60B456B2A38636C5FB89965572063DF265AD932C0554A |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49428 |
Entropy (8bit): | 2.2764484756070344 |
Encrypted: | false |
SSDEEP: | 192:DWGdU2O2Oamg80s+5MTfML70kDqQNTgYdgEnDUfVSzCkP5xVCFcEb4D9BcAjPV:Cp2OBaKA0kDqQVgNfVUxVCFcEb4D3 |
MD5: | A32CC57E95B135A03775F90374DC995B |
SHA1: | 083E228177F799BEE907FB1A4DE81B3D73E11341 |
SHA-256: | 8C0F7FFE3BC51283DAE224EE37C186A77279BE22F629C0D0838AD40AA10B57C8 |
SHA-512: | 0A1341A9F25A089658DE797267091DD8ED7AC28DB4336AE4976918CED9607111EDC47CFE6683D02506F5C5D51A1A31DD20D72D9415E238358AEB64F83A47A710 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6312 |
Entropy (8bit): | 3.716692772422422 |
Encrypted: | false |
SSDEEP: | 192:R9l7lZNizL6qeYY89yxhprU89bdOsfYfm:R9lnNif6qeYY8UbdNfN |
MD5: | 273081CE0FBE3E7A4B6A7FFF7CD15508 |
SHA1: | 005B7C88175F36C015E2769ECDCBBDA0C2FF364B |
SHA-256: | 816132BBE3824BC8C56BC8E56BCC19B1D4130B880CB176F5EBEBB2CDEBE1BD83 |
SHA-512: | 88D67B70122F5CCE1B37BC71B8AAE7B5577BFCFEAE3CA657F2E69716F38111EEC63473AD0D6CFE73ABF894C96AFA87438597DBB1C1DF87C536C303C5456990EF |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4815 |
Entropy (8bit): | 4.497462564893132 |
Encrypted: | false |
SSDEEP: | 48:cvIwwtl8zskme702I7VFJ5WS2CfjkoF5s3rm8M4JVaqaFp+q8uTLgyNXnd:uILfkb7GySPfwJVrmxvgyNXnd |
MD5: | 8E8ACA891C0DAFDAD9B716CFCF16E35D |
SHA1: | AFC2E8B7BC9F63788356F029B9CDC3B7BCE461B8 |
SHA-256: | 40452B4A0C70CA3D191252F5BAFAB4D45A1640943CB2C7284CE6EEA081B816AD |
SHA-512: | BE7148D25001E505F77322F4EAE9FA81DDAD355496D59A2D4D0D085FCC1AFE86DB6C1EFFE98F921D022B6D87E3C797A2E3D53FFAE1FA9E028B5C8C0C26A74456 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46432 |
Entropy (8bit): | 2.2247663829786646 |
Encrypted: | false |
SSDEEP: | 192:lVGdUO1Oamu80Fj9XRMTuML70k3qQNo1pUC+SzCkPr/78yC0J67GcwW2lvJMF0:fpPad9W0k3qQCAC+S/78yC022Xw0 |
MD5: | 93DA37795E39DDBFC35B3FD49EFD3677 |
SHA1: | C8A82681CA147B3359C272635AF4600C3D626E17 |
SHA-256: | 653599677A687AF787EFD41ABC1131C435F0A387633B9ABF612C1FF8A13BA26A |
SHA-512: | 72764C240C07B65258FFE6EB1E4BC175033A3DA61BA7E2CE2BAD79F4E0505FBEB6715704DD17019BFC8F12D1E71D166F47191FF6927D16D2D9C0CC3D348C0DD8 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6318 |
Entropy (8bit): | 3.71965123962902 |
Encrypted: | false |
SSDEEP: | 96:R7IU6o7lZt3izS6qWgYtD3EOvzcuujulRZaMQU989bz2OsfSpsm:R9l7lZNizS6qWgY5VhpD989bqOsfSum |
MD5: | CF08123302862458DFB30EC779525E8E |
SHA1: | EB9C1D4C31F4F91D7FDA061F6EB859F649EB82BD |
SHA-256: | 8F2F9ABE5B08E3BB2F5D79D9C9942B72A820C49547F58FF0509CEBB7BA76733D |
SHA-512: | 94D19CA7FE6EA154EF167E5696654801650C641497AD235D1952863C34AA57B79FE93C00A373EFA54F3B4C35AB182498B0E9220C30E9222F08E713A9CB686AEF |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4819 |
Entropy (8bit): | 4.4952153447217285 |
Encrypted: | false |
SSDEEP: | 48:cvIwwtl8zskje702I7VFJ5WS2CfjkoGs3rm8M4JVaYOqFIVjq+q8uJlOQyNXnd:uILfk67GySPfTJV38Fqx/jyNXnd |
MD5: | 58F740B602AFA8D8CB8AA8499E07AC1D |
SHA1: | 42C251BD39F06CCC85A621E0FFECD604C17D27AE |
SHA-256: | FB4E46665816F4DA83ADE7D64B5AA3CBAD643AB9E5C6990B6382436F306BCD83 |
SHA-512: | 78A14FBFBA655633D8B86611DC11CB3E943FB807E44DB260816762EE44932E670D95F6601E7A64FD4C1F70C010F9484D1DB95A0455F45D598291F2E01E085C34 |
Malicious: | false |
Preview: |
|
Process: | C:\Users\user\Desktop\Sales Order List.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192512 |
Entropy (8bit): | 5.002958856412811 |
Encrypted: | false |
SSDEEP: | 3072:trejCYyLGrRxfFNEv6QN744ndRkHDwLVly5Mrc0yvhXeJ:treiGrRNFMjN6jIVCMrcbeJ |
MD5: | 80BAD0903EE7EC98805678673720CFD9 |
SHA1: | 35AECF6FE3AC24ADAF16C04B787E90AC4C845EB0 |
SHA-256: | 260E6B75D7616EFD29C05151F1CE95BBAB1AAF8703F86F62C4D9BC6D308A56B8 |
SHA-512: | 9A88B4EA27BBC8B83C0722C715C12B3667D6138D27D2FABB315A8A8C4DDCB020962625D1AA75C56D7E2082BBDED7FFAA3512B482F1A4BA138D1877A55E848E9B |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Users\user\Desktop\Sales Order List.exe |
File Type: | |
Category: | modified |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | true |
Preview: |
|
Process: | C:\Users\user\Desktop\Sales Order List.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 4.01191323271951 |
Encrypted: | false |
SSDEEP: | 384:wcZ0tADSVlx6JQhynrV7Vr9wrCIM/ZUYVPzBAPN:wcZeADSV/6qhynrV7VxwrrMvqPN |
MD5: | 6C4C01A4316CD9338DE51EC175EBF11D |
SHA1: | 8C5D5B07E0ED6AAC72705F516E25BEAEA891EFA0 |
SHA-256: | 95876F7C1242672418DB201C02D70276EE9CC4345394DEAD3500619A39DA28F0 |
SHA-512: | 9F60729E865B0414DB4792F76465EDCE1595D22E884D01C07389A312474D1CE916E4CF73275D5AA0CB411D8EBB0617EF661CD10467AD838FD1B0B388C44823D5 |
Malicious: | false |
Preview: |
|
Process: | C:\ProgramData\images.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32768 |
Entropy (8bit): | 4.01191323271951 |
Encrypted: | false |
SSDEEP: | 384:wcZ0tADSVlx6JQhynrV7Vr9wrCIM/ZUYVPzBAPN:wcZeADSV/6qhynrV7VxwrrMvqPN |
MD5: | 6C4C01A4316CD9338DE51EC175EBF11D |
SHA1: | 8C5D5B07E0ED6AAC72705F516E25BEAEA891EFA0 |
SHA-256: | 95876F7C1242672418DB201C02D70276EE9CC4345394DEAD3500619A39DA28F0 |
SHA-512: | 9F60729E865B0414DB4792F76465EDCE1595D22E884D01C07389A312474D1CE916E4CF73275D5AA0CB411D8EBB0617EF661CD10467AD838FD1B0B388C44823D5 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2359296 |
Entropy (8bit): | 4.229022675301259 |
Encrypted: | false |
SSDEEP: | 24576:53LsOZS1hnA9WpZhOnzm9VxS70YagmcnYJ2:53LsOZS1hnA9WpZhyS9PSYYagmcnYJ2 |
MD5: | DCE0352F52A581AE193E3739AEB94EF8 |
SHA1: | 85D78703929E839540AAE2177A83D4CF3B6AE1FF |
SHA-256: | CC33452D33B55B127F0687AA6A986AD18D21ED02F66556C65C2532FF2B938445 |
SHA-512: | 7A50534F145F8912201DA957EFC11A1E16A62013D79B69EF863B1684D21AF6492B79271FB68AD191220565A2D69D3C5461D4BD136D6EBDA3A882D55CE314D856 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 106496 |
Entropy (8bit): | 4.160771825952116 |
Encrypted: | false |
SSDEEP: | 1536:S3hrUgdf3Q43IjRGaqnv5nTsb71c+rUgdfteceDetoWLrI:wyKf4CKfteceDetoWLr |
MD5: | 8984087B2EEE85640E7CF7DA8CCFC985 |
SHA1: | D7FDCAF6E0BFEE4A88F98EE76563B6775FEB4543 |
SHA-256: | 12147707FDFF3EBBD9180DF79A8C93918D7CCE69C73D26808CBE7B5E4358D451 |
SHA-512: | 50D7079563A500851C3009A64132161DA05E05779860A423BD58EBBBEEDCCE2073A0EFF12E88AA88E55D2FB5585AFC56990DAE07BB51EA94A81A3E2F61E499DD |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.002958856412811 |
TrID: |
|
File name: | Sales Order List.exe |
File size: | 192512 |
MD5: | 80bad0903ee7ec98805678673720cfd9 |
SHA1: | 35aecf6fe3ac24adaf16c04b787e90ac4c845eb0 |
SHA256: | 260e6b75d7616efd29c05151f1ce95bbab1aaf8703f86f62c4d9bc6d308a56b8 |
SHA512: | 9a88b4ea27bbc8b83c0722c715c12b3667d6138d27d2fabb315a8a8c4ddcb020962625d1aa75c56d7e2082bbded7ffaa3512b482f1a4ba138d1877a55e848e9b |
SSDEEP: | 3072:trejCYyLGrRxfFNEv6QN744ndRkHDwLVly5Mrc0yvhXeJ:treiGrRNFMjN6jIVCMrcbeJ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L......G.................0..........L........@....@........ |
File Icon |
---|
Icon Hash: | 0ceefedec6f67c0c |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40134c |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x47ABAEC7 [Fri Feb 8 01:22:15 2008 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | f27a613fda76c14f4eab7dc0085d799e |
Entrypoint Preview |
---|
Instruction |
---|
push 00407ED4h |
call 00007F939CCA5953h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx+1Bh], bl |
inc eax |
or ch, FFFFFFE7h |
jc 00007F939CCA59A7h |
mov ds, word ptr [esi-04881682h] |
cmc |
loop 00007F939CCA5962h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax+72h], dh |
outsd |
outsw |
jc 00007F939CCA59CFh |
popad |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add eax, B2E49462h |
outsd |
enter 431Fh, A9h |
pop ebx |
add bl, dh |
jl 00007F939CCA5951h |
jno 00007F939CCA58F2h |
test edi, edx |
and dword ptr [edi], esi |
push ds |
xchg eax, ebp |
pop edx |
dec esi |
xor dword ptr [edx+esi*8-7E5EB600h], 7Eh |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xchg dword ptr [ecx+00h], ebp |
add byte ptr [ebp+00000068h], bl |
or byte ptr [eax], al |
jne 00007F939CCA59D0h |
je 00007F939CCA59C3h |
arpl word ptr [ebx+6Ch], bp |
add byte ptr [66000B01h], cl |
imul ebp, dword ptr [edx+6Ch], 00006B6Fh |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x23b14 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x26000 | 0x90bd | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x100 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x22f6c | 0x23000 | False | 0.367292131696 | data | 5.18350124338 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x24000 | 0x13f0 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x26000 | 0x90bd | 0xa000 | False | 0.346240234375 | data | 4.35051738239 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x2e7ff | 0x8be | MS Windows icon resource - 1 icon, 32x32, 8 bits/pixel | English | United States |
INSTALL | 0x2d385 | 0x8be | MS Windows icon resource - 1 icon, 32x32 | English | United States |
INSTALL | 0x2ce82 | 0x503 | ISO-8859 text, with CRLF line terminators | English | United States |
SETUP | 0x2e501 | 0x2fe | MS Windows icon resource - 1 icon, 32x32, 16 colors | English | United States |
SETUP | 0x2dc43 | 0x8be | MS Windows icon resource - 1 icon, 32x32 | English | United States |
RT_ICON | 0x2bfda | 0xea8 | data | ||
RT_ICON | 0x2b732 | 0x8a8 | data | ||
RT_ICON | 0x2b06a | 0x6c8 | data | ||
RT_ICON | 0x2ab02 | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x2855a | 0x25a8 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0x274b2 | 0x10a8 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0x26b2a | 0x988 | dBase III DBT, version number 0, next free block index 40 | ||
RT_ICON | 0x266c2 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x2664c | 0x76 | data | ||
RT_VERSION | 0x263a0 | 0x2ac | data | Turkmen | Turkmenistan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaVar2Vec, __vbaR8Str, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaVarDup, __vbaFpI4, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0442 0x04b0 |
LegalCopyright | Identiv |
InternalName | Bandies |
FileVersion | 1.00 |
CompanyName | Identiv |
LegalTrademarks | Identiv |
ProductName | Identiv |
ProductVersion | 1.00 |
FileDescription | Identiv |
OriginalFilename | Bandies.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Turkmen | Turkmenistan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 22, 2021 19:40:21.012541056 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.012623072 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.012769938 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.029973984 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.030036926 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.084928989 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.085134029 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.085199118 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.088140011 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.088325024 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.212809086 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.212899923 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.213602066 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.213736057 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.216972113 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.260008097 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.642613888 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.642795086 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.642851114 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.643023968 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.643069983 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.643183947 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.643234015 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.643399954 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.643449068 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.643495083 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.643560886 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.643696070 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.648004055 CET | 49806 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 22, 2021 19:40:21.648104906 CET | 443 | 49806 | 142.250.186.46 | 192.168.11.20 |
Nov 22, 2021 19:40:21.736989975 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.737066031 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.737317085 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.737657070 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.737721920 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.792342901 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.792573929 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.794605017 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.794764042 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.794841051 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.798468113 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.798500061 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.798964024 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:21.799083948 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.799452066 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:21.839992046 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.050637960 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.050880909 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.050895929 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.050945044 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.050976992 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.051012039 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.051054955 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.051158905 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.051876068 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.052067995 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.052110910 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.052125931 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.053251982 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.053514957 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.053575039 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.053822994 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.053981066 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.054146051 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.054214001 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.054471970 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.061546087 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.061721087 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.061774015 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.061810970 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.061918020 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.061954021 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.061985016 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.062218904 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.062338114 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.062536001 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.062599897 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.062866926 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.063085079 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.063251019 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.063298941 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.063550949 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.063870907 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.064111948 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.064157963 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.064357996 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.064538002 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.064738989 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.064779043 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.064974070 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.065196991 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.065440893 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.065496922 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.065756083 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.066076040 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.066242933 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.066312075 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.066520929 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.066783905 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.067059040 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.067116976 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.067378044 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.067473888 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.067666054 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.067734957 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.068025112 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.068157911 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.068371058 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.068408966 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.068630934 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.068639994 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.068669081 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.068840027 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.068870068 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.069030046 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.069384098 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.069636106 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.069669008 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.069830894 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.070017099 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.070262909 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.070291042 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.070456028 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.070727110 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.070930958 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.070960045 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.071141958 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.071346998 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.071561098 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.071592093 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.071757078 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.072359085 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072520971 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072583914 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.072621107 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072640896 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072695017 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.072792053 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072865963 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.072912931 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.072946072 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.073061943 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.073076010 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.073640108 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.073787928 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.073838949 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.073870897 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.073935986 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.074043036 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.074445009 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.074601889 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.074629068 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.074672937 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.074892044 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.074922085 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075211048 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.075426102 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075562954 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.075604916 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075700045 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075798035 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075865030 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.075896978 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.075905085 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.076242924 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.076277018 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.076303959 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.076412916 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.076478958 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.076508999 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.076529980 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.076616049 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.076816082 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.077217102 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.077435017 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.077476025 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.077510118 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.077608109 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.077630997 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.077650070 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.077816010 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.078201056 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.078425884 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.078459978 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.078594923 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.078641891 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.078675985 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.078820944 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.078843117 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.079094887 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.079272032 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.079302073 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.079453945 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.079459906 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.079502106 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.079734087 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.079963923 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.080127001 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.080157042 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.080305099 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.080388069 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.080416918 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.080470085 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.080576897 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.080817938 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081037998 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081053019 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081083059 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081188917 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081211090 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081227064 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081382990 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081406116 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081434965 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081558943 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081690073 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081691027 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081717968 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.081816912 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081897020 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.081923008 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.082113981 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.082190037 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.082391977 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.082418919 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.082539082 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.082590103 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.082618952 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.082690001 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.082771063 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.082989931 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.083131075 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.083146095 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.083323956 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.083373070 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.083401918 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.083498955 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.083589077 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.083615065 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.083786964 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.083991051 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084165096 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084192991 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084343910 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084386110 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084414959 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084516048 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084594965 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084599972 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084628105 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084750891 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084767103 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084913015 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.084929943 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.084952116 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085083961 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085099936 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085246086 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085261106 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085410118 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085417032 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085433960 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085542917 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085591078 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085604906 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085758924 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085772038 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085792065 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.085902929 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085911036 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.085936069 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086093903 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086122036 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086285114 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086327076 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086344957 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086433887 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086504936 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086514950 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086532116 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086675882 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086694956 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086757898 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086776018 CET | 443 | 49807 | 142.250.185.161 | 192.168.11.20 |
Nov 22, 2021 19:40:22.086807013 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:22.086884975 CET | 49807 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 22, 2021 19:40:30.135546923 CET | 49788 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:40:30.255772114 CET | 80 | 49774 | 93.184.220.29 | 192.168.11.20 |
Nov 22, 2021 19:40:30.256021023 CET | 49774 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:40:30.990953922 CET | 80 | 49787 | 93.184.220.29 | 192.168.11.20 |
Nov 22, 2021 19:40:30.991090059 CET | 49787 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:41:19.091660976 CET | 49774 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:41:19.103540897 CET | 80 | 49774 | 93.184.220.29 | 192.168.11.20 |
Nov 22, 2021 19:41:19.103806019 CET | 49774 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:41:19.966475964 CET | 49787 | 80 | 192.168.11.20 | 93.184.220.29 |
Nov 22, 2021 19:41:19.978332043 CET | 80 | 49787 | 93.184.220.29 | 192.168.11.20 |
Nov 22, 2021 19:41:19.978702068 CET | 49787 | 80 | 192.168.11.20 | 93.184.220.29 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 22, 2021 19:40:20.993186951 CET | 57839 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 22, 2021 19:40:21.003087044 CET | 53 | 57839 | 1.1.1.1 | 192.168.11.20 |
Nov 22, 2021 19:40:21.695991993 CET | 51352 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 22, 2021 19:40:21.727973938 CET | 53 | 51352 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 22, 2021 19:40:20.993186951 CET | 192.168.11.20 | 1.1.1.1 | 0x2a23 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 22, 2021 19:40:21.695991993 CET | 192.168.11.20 | 1.1.1.1 | 0xa94e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 22, 2021 19:40:21.003087044 CET | 1.1.1.1 | 192.168.11.20 | 0x2a23 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | ||
Nov 22, 2021 19:40:21.727973938 CET | 1.1.1.1 | 192.168.11.20 | 0xa94e | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 22, 2021 19:40:21.727973938 CET | 1.1.1.1 | 192.168.11.20 | 0xa94e | No error (0) | 142.250.185.161 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49806 | 142.250.186.46 | 443 | C:\Users\user\Desktop\Sales Order List.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-22 18:40:21 UTC | 0 | OUT | |
2021-11-22 18:40:21 UTC | 0 | IN | |
2021-11-22 18:40:21 UTC | 1 | IN | |
2021-11-22 18:40:21 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49807 | 142.250.185.161 | 443 | C:\Users\user\Desktop\Sales Order List.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-22 18:40:21 UTC | 2 | OUT | |
2021-11-22 18:40:22 UTC | 2 | IN |