Play interactive tourEdit tour
Windows Analysis Report Scanned Payment Copy00024.scr.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trjramos.camacoil@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?expo"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Source: | Code function: | 6_2_012E5CC8 | |
Source: | Code function: | 6_2_012E6308 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Initial sample is a PE file and has a suspicious name | Show sources |
Source: | Static PE information: |
Executable has a suspicious name (potential lure to open the executable) | Show sources |
Source: | Static file information: |
Source: | Static PE information: |
Source: | Code function: | 1_2_004047F9 | |
Source: | Code function: | 6_2_00E41130 | |
Source: | Code function: | 6_2_00E43A50 | |
Source: | Code function: | 6_2_00E4BA58 | |
Source: | Code function: | 6_2_00E44320 | |
Source: | Code function: | 6_2_00E4C7B8 | |
Source: | Code function: | 6_2_00E43708 | |
Source: | Code function: | 6_2_00E56D90 | |
Source: | Code function: | 6_2_00E507E0 | |
Source: | Code function: | 6_2_00F17DF0 | |
Source: | Code function: | 6_2_00F17DFC | |
Source: | Code function: | 6_2_00F17DE4 | |
Source: | Code function: | 6_2_00F17DD8 | |
Source: | Code function: | 6_2_00F17DC0 | |
Source: | Code function: | 6_2_00F17DCC | |
Source: | Code function: | 6_2_00F17DB4 | |
Source: | Code function: | 6_2_00F17DA8 | |
Source: | Code function: | 6_2_00F17D90 | |
Source: | Code function: | 6_2_00F17D9C | |
Source: | Code function: | 6_2_00F17D84 | |
Source: | Code function: | 6_2_00F17D78 | |
Source: | Code function: | 6_2_00F17EF8 | |
Source: | Code function: | 6_2_00F17EE0 | |
Source: | Code function: | 6_2_00F17EEC | |
Source: | Code function: | 6_2_00F17ED4 | |
Source: | Code function: | 6_2_00F17EC8 | |
Source: | Code function: | 6_2_00F17EB0 | |
Source: | Code function: | 6_2_00F17EBC | |
Source: | Code function: | 6_2_00F17EA4 | |
Source: | Code function: | 6_2_00F17E98 | |
Source: | Code function: | 6_2_00F17E80 | |
Source: | Code function: | 6_2_00F17E8C | |
Source: | Code function: | 6_2_00F17E74 | |
Source: | Code function: | 6_2_00F17E68 | |
Source: | Code function: | 6_2_00F17E50 | |
Source: | Code function: | 6_2_00F17E5C | |
Source: | Code function: | 6_2_00F17E44 | |
Source: | Code function: | 6_2_00F17E38 | |
Source: | Code function: | 6_2_00F17E20 | |
Source: | Code function: | 6_2_00F17E2C | |
Source: | Code function: | 6_2_00F17E14 | |
Source: | Code function: | 6_2_00F17E08 | |
Source: | Code function: | 6_2_00F17FC4 | |
Source: | Code function: | 6_2_00F17FB8 | |
Source: | Code function: | 6_2_00F17FA0 | |
Source: | Code function: | 6_2_00F17FAC | |
Source: | Code function: | 6_2_00F17F94 | |
Source: | Code function: | 6_2_00F17F88 | |
Source: | Code function: | 6_2_00F17F70 | |
Source: | Code function: | 6_2_00F17F7C | |
Source: | Code function: | 6_2_00F17F64 | |
Source: | Code function: | 6_2_00F17F58 | |
Source: | Code function: | 6_2_00F17F40 | |
Source: | Code function: | 6_2_00F17F4C | |
Source: | Code function: | 6_2_00F17F34 | |
Source: | Code function: | 6_2_00F17F28 | |
Source: | Code function: | 6_2_00F17F10 | |
Source: | Code function: | 6_2_00F17F1C | |
Source: | Code function: | 6_2_00F17F04 | |
Source: | Code function: | 6_2_012AA4E8 | |
Source: | Code function: | 6_2_012AB8D0 | |
Source: | Code function: | 6_2_012ABB0A | |
Source: | Code function: | 6_2_012A5E70 | |
Source: | Code function: | 6_2_012A8130 | |
Source: | Code function: | 6_2_012A3330 | |
Source: | Code function: | 6_2_012E9558 | |
Source: | Code function: | 6_2_012E2DA8 | |
Source: | Code function: | 6_2_012EC8E8 | |
Source: | Code function: | 6_2_012E7BD8 | |
Source: | Code function: | 6_2_012E1BD0 | |
Source: | Code function: | 6_2_012EEE96 | |
Source: | Code function: | 6_2_012E8DA8 | |
Source: | Code function: | 6_2_012EA5A0 | |
Source: | Code function: | 6_2_012E7330 | |
Source: | Code function: | 6_2_012E6F90 | |
Source: | Code function: | 6_2_1CF64C48 | |
Source: | Code function: | 6_2_1CF61C08 | |
Source: | Code function: | 6_2_1CF617C0 | |
Source: | Code function: | 6_2_1CF6A1E8 | |
Source: | Code function: | 6_2_1CF663D0 | |
Source: | Code function: | 6_2_1DD75E08 | |
Source: | Code function: | 6_2_1DD746C4 | |
Source: | Code function: | 6_2_1DD75D20 | |
Source: | Code function: | 6_2_1DD76AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_00407576 | |
Source: | Code function: | 1_2_00406122 | |
Source: | Code function: | 1_2_00409A4D | |
Source: | Code function: | 1_2_00405B8D | |
Source: | Code function: | 1_2_023322C2 | |
Source: | Code function: | 1_2_0233284C | |
Source: | Code function: | 1_2_02332B58 | |
Source: | Code function: | 1_2_0233284C | |
Source: | Code function: | 1_2_02334471 | |
Source: | Code function: | 1_2_023334C8 | |
Source: | Code function: | 1_2_023349C9 | |
Source: | Code function: | 6_2_1CF65659 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 6_2_00E46950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
33% | ReversingLabs | Win32.Worm.GenericML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.186.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.184.225 | true | false | high | |
furteksdokuma.com.tr | 116.202.203.61 | true | true |
| unknown |
mail.furteksdokuma.com.tr | unknown | unknown | true |
| unknown |
doc-08-9o-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.46 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.184.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
116.202.203.61 | furteksdokuma.com.tr | Germany | 24940 | HETZNER-ASDE | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 530423 |
Start date: | 29.11.2021 |
Start time: | 15:51:27 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 53s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Scanned Payment Copy00024.scr.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@9/2@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:54:02 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
116.202.203.61 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Scanned Payment Copy00024.scr.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.9866006611106688 |
Encrypted: | false |
SSDEEP: | 96:jWpahLKAycVxc4LlvnffSIPW0wLzzj1ylDHn3Rs:KMhLKCxV5vnffI0wIdHBs |
MD5: | A256BBA112F7FA34FE9E19ED07D0DF83 |
SHA1: | 3E86ADD7C0890C55E8F22334A3E26134D7AB1EE8 |
SHA-256: | AB9F6744C55428A62F4696BC1779409A30420D0983EDD5536A0D280DF5EE7FE0 |
SHA-512: | 9E762DFE82611778602E8BF19439E48AF7278D3D9399FF44666EB8A196206F4B1B50B9B623710B138BD7A7E9C1E0A05BE85CE6FB7B0F208C9664669297C416EA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.028365197002993 |
TrID: |
|
File name: | Scanned Payment Copy00024.scr.exe |
File size: | 155648 |
MD5: | 9ebaab853c410a3c6ef16ecf45739e8b |
SHA1: | 67c221c5f1329829d7a808791dc030bf1288d2d7 |
SHA256: | b24869692ba4efa8bb957cb2334ac798b570277c038db867db5a177a0e9a54ec |
SHA512: | c0945c9b720ee31b8d2651ec584a02ca4373692dd1712fb09f4f87692c141bb86fd2f84b6b9dfa17f4bda49a7014682bdf7a0430b627381c6515ea679b9dabc3 |
SSDEEP: | 1536:flfJffvxToSdAB/6lUUyaNTAETxEvZ0swq+A6T++DqfJffpfJff:9fJff9oKM/6ljyK5adwXqfJffpfJff |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L...i.xT.....................P............... ....@................ |
File Icon |
---|
Icon Hash: | 70ecccaececc71e2 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4015a8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5478D769 [Fri Nov 28 20:13:29 2014 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 458ac857eb15a6ebaad7748f2f663dae |
Entrypoint Preview |
---|
Instruction |
---|
push 00402D28h |
call 00007F2DC0A42855h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
mov byte ptr [ebx+63h], dl |
and ebx, ebp |
or eax, 75ECAF4Ch |
or ebx, dword ptr [edi+edi*2+00005007h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
and byte ptr [ecx+73h], al |
and byte ptr [ecx+6Eh], cl |
inc edx |
jne 00007F2DC0A428D4h |
jne 00007F2DC0A428C5h |
push 73003661h |
bound eax, dword ptr [edx+70h] |
xor dh, byte ptr [ebx+32h] |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add eax, 98CA9952h |
ror byte ptr [ecx-34h], cl |
inc esi |
mov eax, E7A55955h |
lea edx, ecx |
je 00007F2DC0A428B1h |
mov edx, FB574C67h |
inc edi |
test al, 6Fh |
inc edx |
jmp dword ptr [edi] |
loope 00007F2DC0A4287Eh |
pop ds |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
outsb |
push ss |
add byte ptr [eax], al |
jnp 00007F2DC0A42877h |
add byte ptr [eax], al |
add byte ptr [eax+eax], al |
dec ebp |
inc ecx |
push ebp |
inc esp |
add byte ptr [54000401h], cl |
outsd |
outsb |
imul eax, dword ptr [eax], 42000119h |
add byte ptr [ebx], ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x21264 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x2f2c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x194 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20838 | 0x21000 | False | 0.353278882576 | data | 5.18913238109 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1250 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x2f2c | 0x3000 | False | 0.232584635417 | data | 4.20201309343 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x25992 | 0x1542 | data | English | United States |
RT_ICON | 0x248ea | 0x10a8 | data | ||
RT_ICON | 0x24482 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_STRING | 0x26ed4 | 0x58 | data | English | United States |
RT_GROUP_ICON | 0x24460 | 0x22 | data | ||
RT_VERSION | 0x241c0 | 0x2a0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaVarTstGt, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaPrintObj, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | Corps |
InternalName | Dybblsbro |
FileVersion | 1.00 |
CompanyName | Corps |
LegalTrademarks | Corps |
ProductName | Corps |
ProductVersion | 1.00 |
FileDescription | Corps |
OriginalFilename | Dybblsbro.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2021 15:53:51.348495960 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.348556995 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.348730087 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.367091894 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.367130995 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.418879986 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.419064999 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.420928955 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.421144962 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.531699896 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.531789064 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.532505035 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.532669067 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.536093950 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.580007076 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.865696907 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.865854979 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.865900993 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.866094112 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.866125107 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.866209030 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.866235971 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.866344929 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.870477915 CET | 49807 | 443 | 192.168.11.20 | 142.250.186.46 |
Nov 29, 2021 15:53:51.870541096 CET | 443 | 49807 | 142.250.186.46 | 192.168.11.20 |
Nov 29, 2021 15:53:51.959650993 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:51.959747076 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:51.959887028 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:51.960223913 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:51.960269928 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.006416082 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.006601095 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.007842064 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.008091927 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.011596918 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.011614084 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.011914968 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.012126923 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.012518883 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.055850029 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.346968889 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.347215891 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.347233057 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.347285986 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.347399950 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.347480059 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.347570896 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.347615957 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.347840071 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.347872972 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.348323107 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.348692894 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.349246979 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.349410057 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.349505901 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.349564075 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.349822998 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.349865913 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.350112915 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.350367069 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.357939959 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358131886 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358210087 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.358231068 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358252048 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358484030 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.358536005 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358550072 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.358567953 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.358856916 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.358894110 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.359203100 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.359360933 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.359452009 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.359505892 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.359610081 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.359730959 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.360255957 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.360424042 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.360503912 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.360559940 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.360662937 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.360707045 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.361234903 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.361396074 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.361516953 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.361568928 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.361673117 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.361845016 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.362216949 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.362410069 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.362415075 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.362462044 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.362745047 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.362759113 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.363019943 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.363178015 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.363277912 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.363329887 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.363434076 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.363579988 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.364020109 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.364180088 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.364247084 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.364253044 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.364284992 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.364546061 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.364979982 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.365154982 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.365195036 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.365226984 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.365447998 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.365473032 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.365871906 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.366048098 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.366075993 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.366108894 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.366255045 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.366277933 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.369187117 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369294882 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369410038 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.369435072 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369599104 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.369610071 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.369609118 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369628906 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369771957 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369930029 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.369942904 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.369946957 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.370316029 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.370421886 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.370527983 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.370583057 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.370621920 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.370640993 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.370670080 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.370879889 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.371360064 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.371462107 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.371510029 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.371660948 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.371681929 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.371686935 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.371876001 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.372061968 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.372288942 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.372365952 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.372533083 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.372548103 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.372550964 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.372678041 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.372924089 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373002052 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373042107 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373251915 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.373262882 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373266935 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.373428106 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.373651028 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.373833895 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373959064 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.373995066 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.374003887 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.374012947 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.374275923 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.374288082 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.374717951 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.374811888 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.374847889 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.374883890 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375050068 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.375065088 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375082016 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.375238895 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.375241995 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.375521898 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375642061 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375660896 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375897884 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.375901937 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.375904083 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.376072884 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.376425028 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.376554966 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.376574039 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.376610994 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.376615047 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.376779079 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.376955032 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.377271891 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.377419949 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.377443075 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.377687931 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.377692938 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.378072023 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.379904985 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380074978 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380079031 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380127907 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380146027 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380215883 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380264044 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380266905 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380439997 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380441904 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380496979 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380520105 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380569935 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380634069 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380636930 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.380824089 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.380987883 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.381222010 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381364107 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381381989 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381413937 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381473064 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381643057 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.381647110 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.381648064 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382028103 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382205009 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382396936 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382400990 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382565975 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382591009 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382627964 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382632017 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382637978 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382678032 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.382852077 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382854939 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.382857084 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383044004 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383048058 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383236885 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383366108 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383533001 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383550882 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383586884 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383637905 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383641958 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.383796930 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383800030 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.383974075 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.384319067 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.384485006 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.384500980 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.384535074 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.384725094 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.384728909 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.384730101 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.384732008 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.385092974 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.385313988 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385452986 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385474920 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385503054 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385516882 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385550976 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.385554075 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.385726929 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.386264086 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.386398077 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.386401892 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.386405945 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.386436939 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.386452913 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.386627913 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.386631966 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387048960 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387202978 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387337923 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387356043 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387398005 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387401104 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387504101 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387573004 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387576103 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387578011 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387749910 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387753010 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.387753963 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387940884 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.387994051 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388005972 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388147116 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388173103 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388175964 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388217926 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388305902 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388309002 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388482094 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388484955 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.388485909 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388674021 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.388843060 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.389041901 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.389249086 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.389266968 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.389307022 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:53:52.389436960 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.389444113 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.389611959 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.389621019 CET | 49808 | 443 | 192.168.11.20 | 142.250.184.225 |
Nov 29, 2021 15:53:52.389628887 CET | 443 | 49808 | 142.250.184.225 | 192.168.11.20 |
Nov 29, 2021 15:55:27.570645094 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.583134890 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.583364010 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.614018917 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.614382982 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.627397060 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.627700090 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.644790888 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.647449970 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.673264027 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.673327923 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.673377037 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.673409939 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.673614979 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.673666000 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.676554918 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.678617954 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.691924095 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.733485937 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.839421034 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.852263927 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.853327990 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.866775990 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.867206097 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.899259090 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.899868011 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.912719011 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.913044930 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.957370043 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:27.957706928 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:27.970256090 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.014624119 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:28.023325920 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:28.023449898 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:28.023467064 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:28.023472071 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:55:28.035695076 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.035801888 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.035970926 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.035984993 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.055629015 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:55:28.108402967 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:57:07.446185112 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:57:07.462130070 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Nov 29, 2021 15:57:07.462332010 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Nov 29, 2021 15:57:07.462706089 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 29, 2021 15:53:51.329303980 CET | 52740 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 15:53:51.338949919 CET | 53 | 52740 | 1.1.1.1 | 192.168.11.20 |
Nov 29, 2021 15:53:51.918389082 CET | 56804 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 15:53:51.958292961 CET | 53 | 56804 | 1.1.1.1 | 192.168.11.20 |
Nov 29, 2021 15:55:27.419835091 CET | 63453 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 29, 2021 15:55:27.510488033 CET | 53 | 63453 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 29, 2021 15:53:51.329303980 CET | 192.168.11.20 | 1.1.1.1 | 0xb8d8 | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 29, 2021 15:53:51.918389082 CET | 192.168.11.20 | 1.1.1.1 | 0x742e | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 29, 2021 15:55:27.419835091 CET | 192.168.11.20 | 1.1.1.1 | 0x11c3 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 29, 2021 15:53:51.338949919 CET | 1.1.1.1 | 192.168.11.20 | 0xb8d8 | No error (0) | 142.250.186.46 | A (IP address) | IN (0x0001) | ||
Nov 29, 2021 15:53:51.958292961 CET | 1.1.1.1 | 192.168.11.20 | 0x742e | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 29, 2021 15:53:51.958292961 CET | 1.1.1.1 | 192.168.11.20 | 0x742e | No error (0) | 142.250.184.225 | A (IP address) | IN (0x0001) | ||
Nov 29, 2021 15:55:27.510488033 CET | 1.1.1.1 | 192.168.11.20 | 0x11c3 | No error (0) | furteksdokuma.com.tr | CNAME (Canonical name) | IN (0x0001) | ||
Nov 29, 2021 15:55:27.510488033 CET | 1.1.1.1 | 192.168.11.20 | 0x11c3 | No error (0) | 116.202.203.61 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49807 | 142.250.186.46 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-29 14:53:51 UTC | 0 | OUT | |
2021-11-29 14:53:51 UTC | 0 | IN | |
2021-11-29 14:53:51 UTC | 1 | IN | |
2021-11-29 14:53:51 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49808 | 142.250.184.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-29 14:53:52 UTC | 2 | OUT | |
2021-11-29 14:53:52 UTC | 2 | IN |