Play interactive tourEdit tour
Windows Analysis Report 184285013-044310-Factura pendiente (2).exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Sigma detected: Conhost Parent Process Executions
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id=1eLHHSjrPsT_5Lmf"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Conhost Parent Process Executions | Show sources |
Source: | Author: omkar72: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Source: | Code function: | 4_2_01705220 | |
Source: | Code function: | 4_2_01705869 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 4_2_01281130 | |
Source: | Code function: | 4_2_01284320 | |
Source: | Code function: | 4_2_0128C7B0 | |
Source: | Code function: | 4_2_0128BA50 | |
Source: | Code function: | 4_2_01283A50 | |
Source: | Code function: | 4_2_01283708 | |
Source: | Code function: | 4_2_012E6D90 | |
Source: | Code function: | 4_2_012E07E0 | |
Source: | Code function: | 4_2_0166A09B | |
Source: | Code function: | 4_2_01667A28 | |
Source: | Code function: | 4_2_0166B208 | |
Source: | Code function: | 4_2_01664EB0 | |
Source: | Code function: | 4_2_01661D28 | |
Source: | Code function: | 4_2_01666518 | |
Source: | Code function: | 4_2_016641D1 | |
Source: | Code function: | 4_2_01668720 | |
Source: | Code function: | 4_2_01663330 | |
Source: | Code function: | 4_2_0166F780 | |
Source: | Code function: | 4_2_01665670 | |
Source: | Code function: | 4_2_017019B0 | |
Source: | Code function: | 4_2_0170880D | |
Source: | Code function: | 4_2_0170C348 | |
Source: | Code function: | 4_2_0170BF00 | |
Source: | Code function: | 4_2_01707B40 | |
Source: | Code function: | 4_2_01702E40 | |
Source: | Code function: | 4_2_01702E2A | |
Source: | Code function: | 4_2_1E2F5E08 | |
Source: | Code function: | 4_2_1E2F46C4 | |
Source: | Code function: | 4_2_1E2F5D41 | |
Source: | Code function: | 4_2_1E2F6AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_00407434 | |
Source: | Code function: | 1_2_00406125 | |
Source: | Code function: | 1_2_00407255 | |
Source: | Code function: | 1_2_022C4235 | |
Source: | Code function: | 1_2_022C3F71 | |
Source: | Code function: | 1_2_022C13D1 | |
Source: | Code function: | 4_2_01285F15 | |
Source: | Code function: | 4_2_0170DC26 | |
Source: | Code function: | 4_2_01700318 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_01286950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | ReversingLabs | Win32.Worm.GenericML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
malkaratso.org.tr | 212.83.130.20 | true | true |
| unknown |
drive.google.com | 142.250.185.206 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.161 | true | false | high | |
mail.malkaratso.org.tr | unknown | unknown | true | unknown | |
doc-0s-7o-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.161 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
212.83.130.20 | malkaratso.org.tr | France | 12876 | OnlineSASFR | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 530287 |
Start date: | 29.11.2021 |
Start time: | 11:27:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 184285013-044310-Factura pendiente (2).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@5/2@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
11:30:01 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
212.83.130.20 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OnlineSASFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.9866006611106688 |
Encrypted: | false |
SSDEEP: | 96:jWpahLKAycVxc4LlvnffSIPW0wLzzj1ylDHn3Rs:KMhLKCxV5vnffI0wIdHBs |
MD5: | A256BBA112F7FA34FE9E19ED07D0DF83 |
SHA1: | 3E86ADD7C0890C55E8F22334A3E26134D7AB1EE8 |
SHA-256: | AB9F6744C55428A62F4696BC1779409A30420D0983EDD5536A0D280DF5EE7FE0 |
SHA-512: | 9E762DFE82611778602E8BF19439E48AF7278D3D9399FF44666EB8A196206F4B1B50B9B623710B138BD7A7E9C1E0A05BE85CE6FB7B0F208C9664669297C416EA |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.056396633960696 |
TrID: |
|
File name: | 184285013-044310-Factura pendiente (2).exe |
File size: | 155648 |
MD5: | d69e979d7a91cdfa8915049a4e6454a5 |
SHA1: | 2c7904a4a0640f529231e1098757465f376a4735 |
SHA256: | a4268d9fec123879950639a366105a0861d3168433164f6d5c1b80f65a16f490 |
SHA512: | 6dd41e0cf1440a09c1fd69fea560101ed39f8924b8222f256cf322d6e2c14a7540228e8be1bcbbb7cff32f9c4dd52cb2d41147bc03621b736f07e4081db3f0a8 |
SSDEEP: | 3072:sfJff2iKVmUXi6uzVXwpbxBTPfJffpfJff:ziK4UXPwVXEn |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....;.N.....................P............... ....@................ |
File Icon |
---|
Icon Hash: | 70ecccaececc71e2 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4015a8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4E833B8B [Wed Sep 28 15:21:47 2011 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 458ac857eb15a6ebaad7748f2f663dae |
Entrypoint Preview |
---|
Instruction |
---|
push 00402DCCh |
call 00007F3980BEDBD5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add ch, bl |
retf |
adc al, byte ptr [ebp+470E2AC0h] |
mov byte ptr [C88C7AFBh], al |
sal dword ptr [edx-1Fh], 1 |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
inc edx |
jc 00007F3980BEDC47h |
jbe 00007F3980BEDC58h |
imul esi, dword ptr [ebx+6Ch], 65h |
outsb |
add byte ptr fs:[eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add eax, 9C8D9BAFh |
jmp 00007F391D002F07h |
je 00007F3980BEDB89h |
and ebx, dword ptr [edx] |
inc edi |
or eax, ecx |
and dword ptr [ecx-701AD827h], ebx |
ror dword ptr [ebx+esi*4-36h], 1 |
movsb |
pop edx |
sub esp, dword ptr [edx+4F3AA7E5h] |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
jc 00007F3980BEDBF8h |
add byte ptr [eax], al |
lea edx, dword ptr [06000000h] |
add byte ptr [esi+75h], cl |
imul esi, dword ptr fs:[ecx+edi*2+00h], 000C010Dh |
push ebp |
push esi |
dec ecx |
dec esp |
dec esp |
dec ecx |
inc edi |
dec eax |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x213b4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x2f2c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x194 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20988 | 0x21000 | False | 0.356548887311 | data | 5.22027370085 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1250 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x2f2c | 0x3000 | False | 0.232340494792 | data | 4.20294009628 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x25992 | 0x1542 | data | English | United States |
RT_ICON | 0x248ea | 0x10a8 | data | ||
RT_ICON | 0x24482 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_STRING | 0x26ed4 | 0x58 | data | English | United States |
RT_GROUP_ICON | 0x24460 | 0x22 | data | ||
RT_VERSION | 0x241c0 | 0x2a0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaVarTstGt, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaPrintObj, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | Corps |
InternalName | Banemand |
FileVersion | 1.00 |
CompanyName | Corps |
LegalTrademarks | Corps |
ProductName | Corps |
ProductVersion | 1.00 |
FileDescription | Corps |
OriginalFilename | Banemand.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2021 11:29:50.870119095 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:50.870202065 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:50.870376110 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:50.887514114 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:50.887571096 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:50.943502903 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:50.943751097 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:50.945564985 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:50.945893049 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.051686049 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.051743984 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.052459002 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.052625895 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.055799007 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.099900007 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.411571980 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.411900997 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.411972046 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.412180901 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.412214994 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.412369013 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.418037891 CET | 49798 | 443 | 192.168.11.20 | 142.250.185.206 |
Nov 29, 2021 11:29:51.418143988 CET | 443 | 49798 | 142.250.185.206 | 192.168.11.20 |
Nov 29, 2021 11:29:51.514401913 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.514417887 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.514671087 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.514988899 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.514998913 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.549303055 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.549515963 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.549966097 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.550148964 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.550156116 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.553618908 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.553750038 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.553981066 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.554311991 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.595879078 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.775510073 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.775783062 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.775959969 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.776254892 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.776839972 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.777070045 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.778465033 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.778682947 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.778729916 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.778939009 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.780359983 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.780677080 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.780723095 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.780949116 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.786446095 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.786638975 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.786722898 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.786775112 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.786809921 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.786921978 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.786957026 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.787606001 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.787890911 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.787935972 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.788129091 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.788353920 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.788552999 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.788599014 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.788788080 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.789108992 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.789343119 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.789390087 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.789616108 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.789823055 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.789988041 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.790015936 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.790254116 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.790467978 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.790635109 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.790661097 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.790901899 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.791233063 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.791980028 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.792049885 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.792078972 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.792232990 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.792268991 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.792294025 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.792561054 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.792818069 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.793147087 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.793194056 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.793354988 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.793529987 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.793783903 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.793831110 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.793986082 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.794161081 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.794409990 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.794456005 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.794645071 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.794876099 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.795084953 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.795130968 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.795357943 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.796523094 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.796674967 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.796704054 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.796822071 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.796986103 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.797039032 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.797049046 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.797307014 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.797722101 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.797772884 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.797983885 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.798070908 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.798320055 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.798367977 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.798583984 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.798791885 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.798943996 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.798979044 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799005032 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799156904 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799174070 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799195051 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799282074 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799371004 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799393892 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799407959 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799571991 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799598932 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.799618006 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.799865961 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.800143003 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.800280094 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.800292015 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.800316095 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.800508976 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.800535917 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.800833941 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.801057100 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.801209927 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.801223040 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.801251888 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.801425934 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.801455975 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.801609993 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.802006960 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.802170038 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.802181005 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.802215099 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.802417994 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.802453995 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.802658081 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.802882910 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803036928 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803143978 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803528070 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.803570986 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803765059 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803777933 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.803805113 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.803980112 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.804009914 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.804024935 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.804188013 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.804347992 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.804394960 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.804622889 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.804786921 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.804946899 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.804963112 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.804986000 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.805114985 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.805140972 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.805159092 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.805354118 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.805696011 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.805862904 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.805937052 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.805965900 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.805983067 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.806035042 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806112051 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806246042 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806391001 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.806520939 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.806591034 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806617022 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.806674957 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806791067 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.806818008 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.806998968 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.807440996 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.807574034 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.807655096 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.807689905 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.807718039 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.807780027 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.807833910 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.807903051 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.807955027 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.808092117 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.808120966 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.808140993 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.808337927 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.808363914 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.808533907 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.808760881 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.808891058 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809113979 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809294939 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.809329033 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809391022 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.809530973 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809614897 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809695959 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.809720993 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.809823036 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.809973001 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.809989929 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810219049 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.810369015 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810585022 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810594082 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.810617924 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810771942 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810820103 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.810842991 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810936928 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.810978889 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.810990095 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811005116 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811109066 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811124086 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811331034 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811479092 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811507940 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811657906 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811682940 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811883926 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811901093 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.811930895 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.811945915 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812019110 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812124968 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812172890 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812292099 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812314987 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812458038 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812474012 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812489033 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812628984 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812648058 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812664986 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812870026 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.812900066 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.812922001 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813024998 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813041925 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813056946 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813194990 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813205004 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813225985 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813322067 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813339949 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813355923 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813509941 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813550949 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813584089 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813638926 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813735962 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813793898 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.813952923 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.813977003 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814121008 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814194918 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.814220905 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814286947 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.814337969 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814364910 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.814383984 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814528942 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.814544916 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814570904 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814794064 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.814985991 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815136909 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815311909 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.815346956 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815500975 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.815536976 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815675020 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815834045 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.815862894 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.815886021 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816050053 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816056013 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816133022 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816157103 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816175938 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816210985 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816282988 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816381931 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816407919 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816562891 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816585064 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816759109 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816797018 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816817999 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.816885948 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.816993952 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817014933 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817040920 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817208052 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817217112 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817239046 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817348957 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817368984 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817478895 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817500114 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817642927 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817670107 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817816973 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817857981 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.817879915 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.817965984 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818097115 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.818128109 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818142891 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.818157911 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.818228006 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818320990 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.818334103 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818398952 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818439960 CET | 443 | 49799 | 142.250.186.161 | 192.168.11.20 |
Nov 29, 2021 11:29:51.818470001 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:29:51.818550110 CET | 49799 | 443 | 192.168.11.20 | 142.250.186.161 |
Nov 29, 2021 11:31:27.522155046 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.543298006 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.543541908 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.601023912 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.601380110 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.622623920 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.623333931 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.646333933 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.649240017 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.675101042 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.675163031 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.675210953 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.675245047 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.675420046 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.675462008 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.676409960 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.679398060 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.700731993 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.754939079 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.823208094 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.844513893 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.845689058 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.867321968 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.867768049 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.895950079 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.896647930 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.918113947 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.918437958 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:27.979161024 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.985239983 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:27.985666037 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.007240057 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.051774025 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.067003012 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.067085028 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.067131042 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.067179918 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:31:28.088275909 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.088325977 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.088359118 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.088390112 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.090579033 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:31:28.145605087 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:33:07.186394930 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:33:07.209364891 CET | 587 | 49801 | 212.83.130.20 | 192.168.11.20 |
Nov 29, 2021 11:33:07.209604979 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
Nov 29, 2021 11:33:07.209980965 CET | 49801 | 587 | 192.168.11.20 | 212.83.130.20 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2021 11:29:50.851100922 CET | 62579 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 11:29:50.860964060 CET | 53 | 62579 | 1.1.1.1 | 192.168.11.20 |
Nov 29, 2021 11:29:51.475315094 CET | 64829 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 11:29:51.512898922 CET | 53 | 64829 | 1.1.1.1 | 192.168.11.20 |
Nov 29, 2021 11:31:27.155812025 CET | 60104 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 11:31:27.471581936 CET | 53 | 60104 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 29, 2021 11:29:50.851100922 CET | 192.168.11.20 | 1.1.1.1 | 0x60ca | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 29, 2021 11:29:51.475315094 CET | 192.168.11.20 | 1.1.1.1 | 0x5f39 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 29, 2021 11:31:27.155812025 CET | 192.168.11.20 | 1.1.1.1 | 0xe03e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 29, 2021 11:29:50.860964060 CET | 1.1.1.1 | 192.168.11.20 | 0x60ca | No error (0) | 142.250.185.206 | A (IP address) | IN (0x0001) | ||
Nov 29, 2021 11:29:51.512898922 CET | 1.1.1.1 | 192.168.11.20 | 0x5f39 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 29, 2021 11:29:51.512898922 CET | 1.1.1.1 | 192.168.11.20 | 0x5f39 | No error (0) | 142.250.186.161 | A (IP address) | IN (0x0001) | ||
Nov 29, 2021 11:31:27.471581936 CET | 1.1.1.1 | 192.168.11.20 | 0xe03e | No error (0) | malkaratso.org.tr | CNAME (Canonical name) | IN (0x0001) | ||
Nov 29, 2021 11:31:27.471581936 CET | 1.1.1.1 | 192.168.11.20 | 0xe03e | No error (0) | 212.83.130.20 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49798 | 142.250.185.206 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-29 10:29:51 UTC | 0 | OUT | |
2021-11-29 10:29:51 UTC | 0 | IN | |
2021-11-29 10:29:51 UTC | 1 | IN | |
2021-11-29 10:29:51 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49799 | 142.250.186.161 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-29 10:29:51 UTC | 2 | OUT | |
2021-11-29 10:29:51 UTC | 2 | IN |