Play interactive tourEdit tour
Windows Analysis Report Anexo I e II do convite#U00b7pdf.exe
Overview
General Information
Detection
GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Potential malicious icon found
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Creates processes with suspicious names
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Abnormal high CPU Usage
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id="}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) | Show sources |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Static PE information: |
Source: | Code function: | 0_2_020A269B | |
Source: | Code function: | 0_2_020A942C | |
Source: | Code function: | 0_2_020ADAD0 | |
Source: | Code function: | 0_2_020AEEF5 | |
Source: | Code function: | 0_2_020A820F | |
Source: | Code function: | 0_2_020AD26B | |
Source: | Code function: | 0_2_020A826F | |
Source: | Code function: | 0_2_020A7263 | |
Source: | Code function: | 0_2_020A72A3 | |
Source: | Code function: | 0_2_020AD2E3 | |
Source: | Code function: | 0_2_020A82FB | |
Source: | Code function: | 0_2_020AD343 | |
Source: | Code function: | 0_2_020A835F | |
Source: | Code function: | 0_2_020A4364 | |
Source: | Code function: | 0_2_020A83CB | |
Source: | Code function: | 0_2_020AD3F7 | |
Source: | Code function: | 0_2_020AD02E | |
Source: | Code function: | 0_2_020AE033 | |
Source: | Code function: | 0_2_020AD05B | |
Source: | Code function: | 0_2_020AE062 | |
Source: | Code function: | 0_2_020A8067 | |
Source: | Code function: | 0_2_020AE08F | |
Source: | Code function: | 0_2_020A9099 | |
Source: | Code function: | 0_2_020A70A8 | |
Source: | Code function: | 0_2_020A80BB | |
Source: | Code function: | 0_2_020AD0BF | |
Source: | Code function: | 0_2_020A90CF | |
Source: | Code function: | 0_2_020AD103 | |
Source: | Code function: | 0_2_020A912B | |
Source: | Code function: | 0_2_020A7127 | |
Source: | Code function: | 0_2_020A8130 | |
Source: | Code function: | 0_2_020AD15F | |
Source: | Code function: | 0_2_020AA17B | |
Source: | Code function: | 0_2_020AE177 | |
Source: | Code function: | 0_2_020A81BB | |
Source: | Code function: | 0_2_020AD1DB | |
Source: | Code function: | 0_2_020A7643 | |
Source: | Code function: | 0_2_020AB645 | |
Source: | Code function: | 0_2_020A76B3 | |
Source: | Code function: | 0_2_020A7723 | |
Source: | Code function: | 0_2_020A77B8 | |
Source: | Code function: | 0_2_020AF7D5 | |
Source: | Code function: | 0_2_020AE431 | |
Source: | Code function: | 0_2_020A945F | |
Source: | Code function: | 0_2_020A8463 | |
Source: | Code function: | 0_2_020A0494 | |
Source: | Code function: | 0_2_020AE4A7 | |
Source: | Code function: | 0_2_020A94C3 | |
Source: | Code function: | 0_2_020AC4EB | |
Source: | Code function: | 0_2_020A84FB | |
Source: | Code function: | 0_2_020A750E | |
Source: | Code function: | 0_2_020AE517 | |
Source: | Code function: | 0_2_020A9523 | |
Source: | Code function: | 0_2_020A8547 | |
Source: | Code function: | 0_2_020A7552 | |
Source: | Code function: | 0_2_020A85CB | |
Source: | Code function: | 0_2_020A9A53 | |
Source: | Code function: | 0_2_020A7A6F | |
Source: | Code function: | 0_2_020A0AB8 | |
Source: | Code function: | 0_2_020A9AD7 | |
Source: | Code function: | 0_2_020A7AE7 | |
Source: | Code function: | 0_2_020ADB37 | |
Source: | Code function: | 0_2_020A9B44 | |
Source: | Code function: | 0_2_020ADB6F | |
Source: | Code function: | 0_2_020A7BA3 | |
Source: | Code function: | 0_2_020ADBC7 | |
Source: | Code function: | 0_2_020ADBFF | |
Source: | Code function: | 0_2_020A7807 | |
Source: | Code function: | 0_2_020A788B | |
Source: | Code function: | 0_2_020A790F | |
Source: | Code function: | 0_2_020A796E | |
Source: | Code function: | 0_2_020A7963 | |
Source: | Code function: | 0_2_020A7974 | |
Source: | Code function: | 0_2_020A99DB | |
Source: | Code function: | 0_2_020A79FB | |
Source: | Code function: | 0_2_020A7E6F | |
Source: | Code function: | 0_2_020A7EE3 | |
Source: | Code function: | 0_2_020ADEF7 | |
Source: | Code function: | 0_2_020AEF2F | |
Source: | Code function: | 0_2_020A7F5B | |
Source: | Code function: | 0_2_020AEF6B | |
Source: | Code function: | 0_2_020ADF8B | |
Source: | Code function: | 0_2_020ADFC3 | |
Source: | Code function: | 0_2_020A9C0F | |
Source: | Code function: | 0_2_020A7C2F | |
Source: | Code function: | 0_2_020A6C4E | |
Source: | Code function: | 0_2_020A9C83 | |
Source: | Code function: | 0_2_020A7C9B | |
Source: | Code function: | 0_2_020ADCE3 | |
Source: | Code function: | 0_2_020A9D07 | |
Source: | Code function: | 0_2_020A7D13 | |
Source: | Code function: | 0_2_020ADD17 | |
Source: | Code function: | 0_2_020ADD6F | |
Source: | Code function: | 0_2_020A7D73 | |
Source: | Code function: | 0_2_020A9D74 | |
Source: | Code function: | 0_2_020ADDDB | |
Source: | Code function: | 0_2_020A7DEB | |
Source: | Code function: | 0_2_020A9DE7 |
Source: | Code function: | 0_2_020A942C | |
Source: | Code function: | 0_2_020ADAD0 | |
Source: | Code function: | 0_2_020AE9C2 | |
Source: | Code function: | 0_2_020A820F | |
Source: | Code function: | 0_2_020A826F | |
Source: | Code function: | 0_2_020A82FB | |
Source: | Code function: | 0_2_020A835F | |
Source: | Code function: | 0_2_020A4364 | |
Source: | Code function: | 0_2_020A83CB | |
Source: | Code function: | 0_2_020AD02E | |
Source: | Code function: | 0_2_020A8067 | |
Source: | Code function: | 0_2_020A70A8 | |
Source: | Code function: | 0_2_020A80BB | |
Source: | Code function: | 0_2_020A8130 | |
Source: | Code function: | 0_2_020A81BB | |
Source: | Code function: | 0_2_020A961B | |
Source: | Code function: | 0_2_020A9635 | |
Source: | Code function: | 0_2_020A7643 | |
Source: | Code function: | 0_2_020AB645 | |
Source: | Code function: | 0_2_020A8663 | |
Source: | Code function: | 0_2_020A76B3 | |
Source: | Code function: | 0_2_020A96CB | |
Source: | Code function: | 0_2_020A86E3 | |
Source: | Code function: | 0_2_020A7723 | |
Source: | Code function: | 0_2_020A9747 | |
Source: | Code function: | 0_2_020A8753 | |
Source: | Code function: | 0_2_020A77B8 | |
Source: | Code function: | 0_2_020AF7D5 | |
Source: | Code function: | 0_2_020A945F | |
Source: | Code function: | 0_2_020A8463 | |
Source: | Code function: | 0_2_020A0494 | |
Source: | Code function: | 0_2_020A94C3 | |
Source: | Code function: | 0_2_020A84FB | |
Source: | Code function: | 0_2_020A9523 | |
Source: | Code function: | 0_2_020A8547 | |
Source: | Code function: | 0_2_020A7552 | |
Source: | Code function: | 0_2_020A9593 | |
Source: | Code function: | 0_2_020A95BD | |
Source: | Code function: | 0_2_020A85CB | |
Source: | Code function: | 0_2_020A7A6F | |
Source: | Code function: | 0_2_020AEA7F | |
Source: | Code function: | 0_2_020A7AE7 | |
Source: | Code function: | 0_2_020A7BA3 | |
Source: | Code function: | 0_2_020A7807 | |
Source: | Code function: | 0_2_020A788B | |
Source: | Code function: | 0_2_020A790F | |
Source: | Code function: | 0_2_020A796E | |
Source: | Code function: | 0_2_020A7963 | |
Source: | Code function: | 0_2_020A7974 | |
Source: | Code function: | 0_2_020A79FB | |
Source: | Code function: | 0_2_020AEE11 | |
Source: | Code function: | 0_2_020A7E6F | |
Source: | Code function: | 0_2_020A7EE3 | |
Source: | Code function: | 0_2_020A7F5B | |
Source: | Code function: | 0_2_020A7C2F | |
Source: | Code function: | 0_2_020A7C9B | |
Source: | Code function: | 0_2_020A7D13 | |
Source: | Code function: | 0_2_020A7D73 | |
Source: | Code function: | 0_2_020A7DEB | |
Source: | Code function: | 13_2_0056FBF7 | |
Source: | Code function: | 13_2_0056FD81 | |
Source: | Code function: | 13_2_0056FE33 | |
Source: | Code function: | 13_2_0056FC2B | |
Source: | Code function: | 13_2_0056FBF1 | |
Source: | Code function: | 13_2_0056FB82 | |
Source: | Code function: | 13_2_0056FBAF | |
Source: | Code function: | 13_2_0056FCAF |
Source: | Process Stats: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_00402653 | |
Source: | Code function: | 0_2_00402667 | |
Source: | Code function: | 0_2_0040267B | |
Source: | Code function: | 0_2_0040268F | |
Source: | Code function: | 0_2_00402617 | |
Source: | Code function: | 0_2_0040262B | |
Source: | Code function: | 0_2_0040263F | |
Source: | Code function: | 0_2_004026DF | |
Source: | Code function: | 0_2_004026F3 | |
Source: | Code function: | 0_2_00402707 | |
Source: | Code function: | 0_2_004026A3 | |
Source: | Code function: | 0_2_004026B7 | |
Source: | Code function: | 0_2_004026CB | |
Source: | Code function: | 0_2_00402757 | |
Source: | Code function: | 0_2_0040276B | |
Source: | Code function: | 0_2_00404B68 | |
Source: | Code function: | 0_2_0040277F | |
Source: | Code function: | 0_2_00403D74 | |
Source: | Code function: | 0_2_0040271B | |
Source: | Code function: | 0_2_0040272F | |
Source: | Code function: | 0_2_00402603 | |
Source: | Code function: | 0_2_00406F3D | |
Source: | Code function: | 0_2_00402743 | |
Source: | Code function: | 0_2_00402793 | |
Source: | Code function: | 0_2_00406191 | |
Source: | Code function: | 0_2_004027A7 | |
Source: | Code function: | 0_2_020A991E | |
Source: | Code function: | 0_2_020A313C | |
Source: | Code function: | 0_2_020A991E | |
Source: | Code function: | 0_2_020A991E | |
Source: | Code function: | 0_2_020A4642 |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Code function: | 0_2_020ACEC8 |
Source: | Window / User API: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 0_2_020ACEC8 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_020ADAD0 | |
Source: | Code function: | 0_2_020AC6DF | |
Source: | Code function: | 0_2_020ABA35 | |
Source: | Code function: | 0_2_020ADB37 | |
Source: | Code function: | 0_2_020A8EE2 |
Source: | Code function: | 0_2_020AA1B2 |
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
GuLoader behavior detected | Show sources |
Source: | Signature Results: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Process Injection11 | Masquerading1 | OS Credential Dumping2 | Security Software Discovery311 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion211 | Credentials in Registry1 | Virtualization/Sandbox Evasion211 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | Application Window Discovery1 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Non-Application Layer Protocol4 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol115 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing1 | LSA Secrets | System Information Discovery4 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
30% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File | ||
100% | Avira | TR/Dropper.VB.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 216.58.209.46 | true | false | high | |
googlehosted.l.googleusercontent.com | 216.58.208.129 | true | false | high | |
doc-0g-14-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
63.250.34.171 | unknown | United States | 22612 | NAMECHEAP-NETUS | true | |
216.58.208.129 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
216.58.209.46 | drive.google.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 531208 |
Start date: | 30.11.2021 |
Start time: | 15:32:13 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 56s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Anexo I e II do convite#U00b7pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 26 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@3/2@2/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: | Failed |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
15:34:09 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
63.250.34.171 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NAMECHEAP-NETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 46 |
Entropy (8bit): | 1.0424600748477153 |
Encrypted: | false |
SSDEEP: | 3:/lbON:u |
MD5: | 89CA7E02D8B79ED50986F098D5686EC9 |
SHA1: | A602E0D4398F00C827BFCF711066E67718CA1377 |
SHA-256: | 30AC626CBD4A97DB480A0379F6D2540195F594C967B7087A26566E352F24C794 |
SHA-512: | C5F453E32C0297E51BE43F84A7E63302E7D1E471FADF8BB789C22A4D6E03712D26E2B039D6FBDBD9EBD35C4E93EC27F03684A7BBB67C4FADCCE9F6279417B5DE |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.91903718028051 |
TrID: |
|
File name: | Anexo I e II do convite#U00b7pdf.exe |
File size: | 115928 |
MD5: | e779a8be256d298c6d96884724d7792b |
SHA1: | 5ff1cb154e5001791e3dd019721462fe20bfec80 |
SHA256: | 9dbfeb5b6cdf7f40899f2f36ecd59d8c1f72ec680248e4b42f69496c61b5d19c |
SHA512: | 0eeb559b54c2beef79378f71bc147575493f5d859ca814ddfcb46f340a7afebcf02297ddce03985772366ec30be8c10000e843a27da5958d7c6d3e8109925232 |
SSDEEP: | 1536:7TkM4c0waCt/4ut/3ZlS/VONFjeh8JdThM78iK40n8VV0fRyqA:70cJvlS/VOrjehaTOJX0cV0fYqA |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i...d...i.Rich..i.................PE..L.....|Q.....................0....................@........................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x40131c |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x517CF201 [Sun Apr 28 09:55:13 2013 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | bee9d652e25bf42465265f6582df5734 |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | E=Form_adepterhak@Form_SEMIJURID.For, CN=Form_Kalmuknuda1, OU=Form_Anthro5, O=Form_calycul, L=Form_RHAPHESSAM, S=Form_PILLMONGER, C=BI |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 68C592CF7D2A2CD03819360F614D08CB |
Thumbprint SHA-1: | 58E1AF7458716DFDE5ADA2192843C20FBD7A889B |
Thumbprint SHA-256: | 432C10C7212D08B58F637E3CE97AAB0DD33BB301385662BFD13000B22CBEA931 |
Serial: | 00 |
Entrypoint Preview |
---|
Instruction |
---|
push 00401A5Ch |
call 00007F4570B75513h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dl, ah |
stc |
out dx, eax |
out 7Bh, eax |
mov esp, E296443Ch |
call 00007F4569889E55h |
je 00007F4570B75522h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add al, ah |
sar cl, cl |
add al, byte ptr [esi+6Fh] |
jc 00007F4570B7558Fh |
pop edi |
dec ecx |
dec esi |
inc esp |
dec esp |
inc ebp |
dec edx |
push edx |
inc ebp |
add byte ptr [ecx+00h], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
push es |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x19264 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x1c000 | 0x929 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1b000 | 0x14d8 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x220 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x140 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1845c | 0x19000 | False | 0.4708984375 | data | 6.01648433856 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x1a000 | 0x1c14 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x1c000 | 0x929 | 0x1000 | False | 0.177490234375 | data | 2.02437129548 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
OK | 0x1c904 | 0x25 | ASCII text, with CRLF line terminators | English | United States |
RT_ICON | 0x1c7d4 | 0x130 | data | ||
RT_ICON | 0x1c4ec | 0x2e8 | data | ||
RT_ICON | 0x1c3c4 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x1c394 | 0x30 | data | ||
RT_VERSION | 0x1c1a0 | 0x1f4 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | MethCallEngine, EVENT_SINK_AddRef, DllFunctionCall, EVENT_SINK_Release, EVENT_SINK_QueryInterface, __vbaExceptHandler |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
ProductVersion | 1.00 |
InternalName | Form_reduc |
FileVersion | 1.00 |
OriginalFilename | Form_reduc.exe |
ProductName | Form_INDLEJRE |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States | |
Chinese | Taiwan |
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
11/30/21-15:34:02.766162 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:02.766162 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:02.766162 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:02.766162 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:03.986641 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
11/30/21-15:34:05.456819 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:05.456819 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:05.456819 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:05.456819 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:06.698424 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
11/30/21-15:34:09.490068 | TCP | 2024313 | ET TROJAN LokiBot Request for C2 Commands Detected M1 | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:09.490068 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:09.490068 | TCP | 2025381 | ET TROJAN LokiBot Checkin | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:09.490068 | TCP | 2024318 | ET TROJAN LokiBot Request for C2 Commands Detected M2 | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
11/30/21-15:34:10.682764 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2021 15:33:57.852580070 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:57.852644920 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:57.852777004 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:57.868158102 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:57.868192911 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:57.942569971 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:57.942682981 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:57.943434000 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:57.943536043 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.357105017 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.357147932 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:58.357425928 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:58.357494116 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.360340118 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.400871992 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:58.869539022 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:58.869641066 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:58.869812965 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.999186039 CET | 49746 | 443 | 192.168.2.3 | 216.58.209.46 |
Nov 30, 2021 15:33:58.999216080 CET | 443 | 49746 | 216.58.209.46 | 192.168.2.3 |
Nov 30, 2021 15:33:59.354198933 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.354237080 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.354490995 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.372540951 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.372566938 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.439462900 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.439601898 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.440380096 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.440483093 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.447597027 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.447621107 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.447956085 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.448050976 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.448609114 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.488869905 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.676558971 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.676718950 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.678764105 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.678884983 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.680835009 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.680957079 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.682427883 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.682507038 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.683881998 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.683948040 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.683962107 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.684001923 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.685405970 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.685492992 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.697701931 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.697798967 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.697812080 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.697855949 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.698426962 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.698491096 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.698501110 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.698544979 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.699737072 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.699800968 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.699807882 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.699852943 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.701227903 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.701296091 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.701303959 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.701343060 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.702755928 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.702820063 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.702828884 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.702872992 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.704212904 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.704278946 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.704287052 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.704329014 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.705746889 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.705818892 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.705831051 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.705874920 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.707312107 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.707385063 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.707406998 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.707449913 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.708589077 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.708664894 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.708684921 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.708734989 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.709969044 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.710037947 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.710057974 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.710108042 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.711294889 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.711364031 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.711384058 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.711430073 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.712613106 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.712680101 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.712680101 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.712698936 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.712724924 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.712749958 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.714006901 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.714081049 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.714098930 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.714143991 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.715296030 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.715367079 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.715384007 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.715439081 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.716622114 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.716692924 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.716711044 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.716754913 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.718825102 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.718909025 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.718925953 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.718975067 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.719331980 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.719428062 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.719441891 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.719485998 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.720485926 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.720556974 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.720572948 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.720627069 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.721394062 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.721466064 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.721482038 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.721539021 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.722392082 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.722472906 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.722490072 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.722532988 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.723181963 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.723259926 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.723275900 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.723336935 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.724215031 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.724420071 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.724436998 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.724488020 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.725109100 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.725178957 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.725194931 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.725239038 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.725956917 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.726033926 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.726037979 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.726054907 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.726080894 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.726113081 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.726918936 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.726982117 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.726999044 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.727044106 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.727720022 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.727775097 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.727791071 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.727832079 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.728691101 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.728748083 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.728765011 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.728812933 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.729548931 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.729619026 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.729635000 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.729676962 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.730490923 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.730550051 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.730566025 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.730607033 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.731389046 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.731448889 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.731466055 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.731508017 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.732218027 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.732285023 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.732301950 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.732352972 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.733107090 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.733166933 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.733184099 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.733232021 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.734086990 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.734157085 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.734169006 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.734210968 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.734894991 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.734966040 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.734976053 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.735018015 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.735848904 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.735918999 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.735924006 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.735941887 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.735966921 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.736011028 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.736017942 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.736037970 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:33:59.736057997 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.736074924 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.948260069 CET | 49747 | 443 | 192.168.2.3 | 216.58.208.129 |
Nov 30, 2021 15:33:59.948288918 CET | 443 | 49747 | 216.58.208.129 | 192.168.2.3 |
Nov 30, 2021 15:34:02.456432104 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:02.753258944 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:02.753566980 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:02.766161919 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:03.056709051 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:03.056988955 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:03.349251986 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:03.986640930 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:03.986665010 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:03.986825943 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:03.988415003 CET | 49748 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:04.285831928 CET | 80 | 49748 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:05.134186983 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:05.452347994 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:05.452526093 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:05.456819057 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:05.770030022 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:05.770293951 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:06.090395927 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:06.698424101 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:06.698457003 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:06.698561907 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:06.699342966 CET | 49749 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:07.001230955 CET | 80 | 49749 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:09.165364027 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:09.484764099 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:09.484972954 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:09.490067959 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:09.809833050 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:09.809978008 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:10.101295948 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:10.682764053 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:10.682941914 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
Nov 30, 2021 15:34:10.683027983 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:10.683564901 CET | 49752 | 80 | 192.168.2.3 | 63.250.34.171 |
Nov 30, 2021 15:34:10.972251892 CET | 80 | 49752 | 63.250.34.171 | 192.168.2.3 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2021 15:33:57.795687914 CET | 57875 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2021 15:33:57.823571920 CET | 53 | 57875 | 8.8.8.8 | 192.168.2.3 |
Nov 30, 2021 15:33:59.324996948 CET | 54154 | 53 | 192.168.2.3 | 8.8.8.8 |
Nov 30, 2021 15:33:59.351377010 CET | 53 | 54154 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Nov 30, 2021 15:33:57.795687914 CET | 192.168.2.3 | 8.8.8.8 | 0x940c | Standard query (0) | A (IP address) | IN (0x0001) | |
Nov 30, 2021 15:33:59.324996948 CET | 192.168.2.3 | 8.8.8.8 | 0xebcb | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Nov 30, 2021 15:33:57.823571920 CET | 8.8.8.8 | 192.168.2.3 | 0x940c | No error (0) | 216.58.209.46 | A (IP address) | IN (0x0001) | ||
Nov 30, 2021 15:33:59.351377010 CET | 8.8.8.8 | 192.168.2.3 | 0xebcb | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Nov 30, 2021 15:33:59.351377010 CET | 8.8.8.8 | 192.168.2.3 | 0xebcb | No error (0) | 216.58.208.129 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49746 | 216.58.209.46 | 443 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49747 | 216.58.208.129 | 443 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.3 | 49748 | 63.250.34.171 | 80 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 30, 2021 15:34:02.766161919 CET | 1407 | OUT | |
Nov 30, 2021 15:34:03.056988955 CET | 1407 | OUT | |
Nov 30, 2021 15:34:03.986640930 CET | 1408 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
3 | 192.168.2.3 | 49749 | 63.250.34.171 | 80 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 30, 2021 15:34:05.456819057 CET | 1409 | OUT | |
Nov 30, 2021 15:34:05.770293951 CET | 1409 | OUT | |
Nov 30, 2021 15:34:06.698424101 CET | 1410 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
4 | 192.168.2.3 | 49752 | 63.250.34.171 | 80 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 30, 2021 15:34:09.490067959 CET | 1458 | OUT | |
Nov 30, 2021 15:34:09.809978008 CET | 1458 | OUT | |
Nov 30, 2021 15:34:10.682764053 CET | 1459 | IN |
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49746 | 216.58.209.46 | 443 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-30 14:33:58 UTC | 0 | OUT | |
2021-11-30 14:33:58 UTC | 0 | IN | |
2021-11-30 14:33:58 UTC | 1 | IN | |
2021-11-30 14:33:58 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49747 | 216.58.208.129 | 443 | C:\Users\user\Desktop\Anexo I e II do convite#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-11-30 14:33:59 UTC | 2 | OUT | |
2021-11-30 14:33:59 UTC | 2 | IN |