Play interactive tourEdit tour
Windows Analysis Report FACTURAS.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Contains functionality to detect virtual machines (SMSW)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id=11UpsPasq_HHoJ"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Source: | Code function: | 5_2_01575088 | |
Source: | Code function: | 5_2_01575868 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00403540 | |
Source: | Code function: | 1_2_023B086B | |
Source: | Code function: | 1_2_023B00B5 | |
Source: | Code function: | 1_2_023B02A1 | |
Source: | Code function: | 1_2_023B1AE1 | |
Source: | Code function: | 1_2_023B1AD8 | |
Source: | Code function: | 1_2_023B0385 | |
Source: | Code function: | 1_2_023B05F5 | |
Source: | Code function: | 5_2_00DB0040 | |
Source: | Code function: | 5_2_00DB6988 | |
Source: | Code function: | 5_2_00DB1420 | |
Source: | Code function: | 5_2_01044320 | |
Source: | Code function: | 5_2_01043A50 | |
Source: | Code function: | 5_2_0104BA50 | |
Source: | Code function: | 5_2_0104F758 | |
Source: | Code function: | 5_2_0104C7B0 | |
Source: | Code function: | 5_2_01043708 | |
Source: | Code function: | 5_2_011179D4 | |
Source: | Code function: | 5_2_0136A9F8 | |
Source: | Code function: | 5_2_01368490 | |
Source: | Code function: | 5_2_01368F20 | |
Source: | Code function: | 5_2_01361D28 | |
Source: | Code function: | 5_2_01366270 | |
Source: | Code function: | 5_2_01572D00 | |
Source: | Code function: | 5_2_015719B0 | |
Source: | Code function: | 5_2_01577428 | |
Source: | Code function: | 5_2_01578BD0 | |
Source: | Code function: | 5_2_0157E7F8 | |
Source: | Code function: | 5_2_01577E60 | |
Source: | Code function: | 5_2_0157DED5 | |
Source: | Code function: | 5_2_0157D2E0 | |
Source: | Code function: | 5_2_0157A940 | |
Source: | Code function: | 5_2_0157A9A0 | |
Source: | Code function: | 5_2_01570040 | |
Source: | Code function: | 5_2_0157C380 | |
Source: | Code function: | 5_2_01575E90 | |
Source: | Code function: | 5_2_01730040 | |
Source: | Code function: | 5_2_017350F8 | |
Source: | Code function: | 5_2_01736C78 | |
Source: | Code function: | 5_2_01736048 | |
Source: | Code function: | 5_2_1E015E08 | |
Source: | Code function: | 5_2_1E0146C4 | |
Source: | Code function: | 5_2_1E016AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_0040A86D | |
Source: | Code function: | 1_2_0040A010 | |
Source: | Code function: | 1_2_0040922A | |
Source: | Code function: | 1_2_00404AC7 | |
Source: | Code function: | 1_2_00404AD8 | |
Source: | Code function: | 1_2_0040A2B4 | |
Source: | Code function: | 1_2_00406DFA | |
Source: | Code function: | 1_2_023B1C44 | |
Source: | Code function: | 1_2_023B371F | |
Source: | Code function: | 1_2_023B335B | |
Source: | Code function: | 5_2_01733D51 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 5_2_013665E8 |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Code function: | 5_2_0104EA80 |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 5_2_01046950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion361 | Security Account Manager | Virtualization/Sandbox Evasion361 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | ReversingLabs | Win32.Downloader.GuLoader |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1140082 | Download File | ||
100% | Avira | HEUR/AGEN.1140082 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.186.174 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.129 | true | false | high | |
furteksdokuma.com.tr | 116.202.203.61 | true | true |
| unknown |
mail.furteksdokuma.com.tr | unknown | unknown | true |
| unknown |
doc-0c-6k-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.129 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
116.202.203.61 | furteksdokuma.com.tr | Germany | 24940 | HETZNER-ASDE | true |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 531838 |
Start date: | 01.12.2021 |
Start time: | 13:24:01 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 44s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | FACTURAS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@6/1@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:26:45 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
116.202.203.61 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.1786714462714025 |
TrID: |
|
File name: | FACTURAS.exe |
File size: | 152720 |
MD5: | ab82f374210a08b2221d5e1807400a32 |
SHA1: | 6a56b81549185015743deaa196996f73787c5c7d |
SHA256: | ab41887e471ac822f1240bf554098fa042910f1c7ac2f9e390081829515bc2fa |
SHA512: | 8844aca394f38a59a63b1984a00b16861a0f7e0fdc04ba20aba264da79fc6e54eeb73c6814f0745ab37ba12ba306e6371561e64f23deac22ba555d75aa3b2019 |
SSDEEP: | 1536:gZEG7DecysKvlp4erYY77BLm321zb2aKQhbHdEs5obasAJepPNp8:6EG7Dpy9nYYn2EzBKYpdOSoNp8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L.....4U.....................0............... ....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401888 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x5534C2F5 [Mon Apr 20 09:12:21 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b209c8634733456633136bfedc71877a |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | E=parteringens@Shiremen3.slu, CN=SELSKABSLOKALET, OU=Interimskvitteringerne, O=JUSTITSEN, L=Rutiners, S=honkytonks, C=ML |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | CDDFD4747563B21AE94964F7C6F9EB7A |
Thumbprint SHA-1: | 1CFBE705D5055A36D357E2EF5F5FE20BC6959CA9 |
Thumbprint SHA-256: | 176B1E7918EE21C3FEADE8CC2C9D049B7DFDE73ECFE288C07CF37C692D0011A0 |
Serial: | 00 |
Entrypoint Preview |
---|
Instruction |
---|
push 004019BCh |
call 00007F61B0690CE5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [edx-58h], ah |
wait |
dec esp |
push ss |
das |
dec ebx |
test dword ptr [esi+10DDAE1Bh], esi |
inc edi |
scasb |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
imul ebp, dword ptr [esi+6Fh], 0065696Ch |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add byte ptr [esi], bl |
mov dword ptr [A74FB7F8h], eax |
pushfd |
dec ebp |
test al, DFh |
pop edx |
mov dword ptr [ecx-242943C3h], eax |
fcomip st(0), st(2) |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x215d4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x970 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x24000 | 0x1490 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x234 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20cc4 | 0x21000 | False | 0.367520419034 | data | 5.25414504645 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x122c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x970 | 0x1000 | False | 0.173828125 | data | 2.0476168209 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x24840 | 0x130 | data | ||
RT_ICON | 0x24558 | 0x2e8 | data | ||
RT_ICON | 0x24430 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x24400 | 0x30 | data | ||
RT_VERSION | 0x24150 | 0x2b0 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaR8FixI4, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaInStrB, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | Union |
InternalName | filterhjdens |
FileVersion | 4.00 |
CompanyName | Union |
LegalTrademarks | Union |
ProductName | Union |
ProductVersion | 4.00 |
FileDescription | Union |
OriginalFilename | filterhjdens.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 1, 2021 13:26:34.633433104 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.633497000 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:34.633779049 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.652040005 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.652095079 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:34.691802025 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:34.691989899 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.692543983 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:34.692809105 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.818409920 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.819371939 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:34.819556952 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.824218035 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:34.868002892 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:35.210597038 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:35.210706949 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:35.210822105 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:35.210892916 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:35.248164892 CET | 49805 | 443 | 192.168.11.20 | 142.250.186.174 |
Dec 1, 2021 13:26:35.248192072 CET | 443 | 49805 | 142.250.186.174 | 192.168.11.20 |
Dec 1, 2021 13:26:35.292975903 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.293006897 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.293135881 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.293641090 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.293678999 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.346996069 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.347201109 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.350043058 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.350300074 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.353712082 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.353739023 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.354212999 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.354368925 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.354688883 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.396001101 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.597348928 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.597552061 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.597918034 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.598311901 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.598622084 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.599001884 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.600065947 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.600325108 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.600363970 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.600389957 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.600756884 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.603199959 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.603539944 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.604118109 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.604372025 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.607716084 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.607930899 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.607985973 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.608016968 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.608087063 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.608227015 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.608273983 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.608494997 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.608721018 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.608921051 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.608968973 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.609174013 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.609405041 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.609607935 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.609654903 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.609884024 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.610110044 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.610308886 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.610356092 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.610558033 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.610856056 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.611033916 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.611074924 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.611263037 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.611629009 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.612071991 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.612123966 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.612380028 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.612430096 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.612458944 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.612612963 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.612735987 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.613068104 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.613419056 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.613461018 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.613727093 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.613759995 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.614038944 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.614073992 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.614311934 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.614475012 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.614634037 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.614662886 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.614810944 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.615138054 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.615364075 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.615411043 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.615677118 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.616023064 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.616249084 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.616287947 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.616518974 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.616739988 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.617032051 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.617079973 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.617270947 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.617491007 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.617811918 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.617858887 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.618092060 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.618259907 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.618431091 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.618630886 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.618679047 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619040966 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619101048 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.619132996 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619263887 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619384050 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619486094 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.619539022 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.619796038 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.619972944 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.620134115 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.620186090 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.620212078 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.620286942 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.620363951 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.620383024 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.620524883 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.620826006 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.621071100 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.621110916 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.621220112 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.621292114 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.621320963 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.621385098 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.621515036 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.621562004 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.621686935 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.622100115 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.622270107 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.622293949 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.622323036 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.622416973 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.622443914 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.622693062 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.623017073 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.623188972 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.623274088 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.623289108 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.623322010 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.623645067 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.623908997 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.624057055 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.624089956 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.624207973 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.624349117 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.624398947 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.624409914 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.624566078 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.624780893 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.624953032 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625019073 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.625046968 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625161886 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.625179052 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625207901 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.625225067 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625540018 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.625785112 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625957012 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.625978947 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.625997066 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.626307964 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.626355886 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.626576900 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.626621008 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.626781940 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.626866102 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.626882076 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.626903057 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.627031088 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627063036 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627075911 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627386093 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.627561092 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.627614021 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627645969 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.627727985 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627854109 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.627881050 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628078938 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.628120899 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628267050 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.628294945 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628407955 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628483057 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.628508091 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628573895 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.628695965 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.628743887 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.628928900 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.629153013 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629317045 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629403114 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629484892 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629565001 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629592896 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.629618883 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629760981 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.629781961 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629797935 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.629936934 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.630058050 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630085945 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.630260944 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630295992 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630320072 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.630491972 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630546093 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.630707026 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630734921 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.630870104 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.630896091 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631025076 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631109953 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631237030 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.631244898 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631272078 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631522894 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631597996 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.631627083 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631724119 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.631776094 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.631932974 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.631961107 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632096052 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632169008 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632245064 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632265091 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632281065 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632364988 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632411003 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632424116 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632441998 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632586956 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632611990 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632746935 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632767916 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632786989 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.632910967 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.632937908 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633066893 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633081913 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633100033 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633239031 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633297920 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633323908 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633387089 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633467913 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633486986 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633641958 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633668900 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633697033 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633853912 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633878946 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.633938074 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.633964062 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634016991 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634032965 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634114027 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634130001 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634144068 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634258986 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634270906 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634279966 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634391069 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634421110 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634434938 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634560108 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634609938 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634624958 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634721041 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634800911 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634833097 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.634855986 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.634990931 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635138035 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635159969 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635270119 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635325909 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635384083 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635400057 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635416985 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635520935 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635543108 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635668993 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635691881 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635833025 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635860920 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.635878086 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.635987043 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636001110 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636013985 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636113882 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636168957 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636184931 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636198044 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636284113 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636291981 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636301041 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636333942 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636348963 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636563063 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636581898 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636702061 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636734009 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636748075 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636840105 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636868954 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.636883020 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.636986017 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637012959 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.637033939 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637145042 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637238979 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.637258053 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637290955 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.637425900 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.637661934 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637816906 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:26:35.637892962 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.637967110 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.638019085 CET | 49806 | 443 | 192.168.11.20 | 142.250.185.129 |
Dec 1, 2021 13:26:35.638041973 CET | 443 | 49806 | 142.250.185.129 | 192.168.11.20 |
Dec 1, 2021 13:28:11.590107918 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.602726936 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.602920055 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.632350922 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.632638931 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.645721912 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.645993948 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.663474083 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.666024923 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.693639040 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.693717003 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.693772078 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.693810940 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.694109917 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.694607019 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.696805954 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.710294962 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.765938997 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.855952024 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.868671894 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.869770050 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.883033991 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.883548021 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.914380074 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.915065050 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.928006887 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.928529978 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:11.981837988 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.989382982 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:11.989763975 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.002435923 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.047148943 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.048964024 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.048988104 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.049041033 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.049151897 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:28:12.061407089 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.061451912 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.061463118 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.061564922 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.065956116 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:28:12.109581947 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:29:51.275520086 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:29:51.291872025 CET | 587 | 49815 | 116.202.203.61 | 192.168.11.20 |
Dec 1, 2021 13:29:51.292092085 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 1, 2021 13:29:51.292498112 CET | 49815 | 587 | 192.168.11.20 | 116.202.203.61 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 1, 2021 13:26:34.615816116 CET | 57972 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 13:26:34.625118971 CET | 53 | 57972 | 1.1.1.1 | 192.168.11.20 |
Dec 1, 2021 13:26:35.281450033 CET | 63711 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 13:26:35.291563988 CET | 53 | 63711 | 1.1.1.1 | 192.168.11.20 |
Dec 1, 2021 13:28:11.242357016 CET | 52941 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 13:28:11.528119087 CET | 53 | 52941 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 1, 2021 13:26:34.615816116 CET | 192.168.11.20 | 1.1.1.1 | 0xc13b | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 1, 2021 13:26:35.281450033 CET | 192.168.11.20 | 1.1.1.1 | 0xed60 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 1, 2021 13:28:11.242357016 CET | 192.168.11.20 | 1.1.1.1 | 0xbfc7 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 1, 2021 13:26:34.625118971 CET | 1.1.1.1 | 192.168.11.20 | 0xc13b | No error (0) | 142.250.186.174 | A (IP address) | IN (0x0001) | ||
Dec 1, 2021 13:26:35.291563988 CET | 1.1.1.1 | 192.168.11.20 | 0xed60 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 1, 2021 13:26:35.291563988 CET | 1.1.1.1 | 192.168.11.20 | 0xed60 | No error (0) | 142.250.185.129 | A (IP address) | IN (0x0001) | ||
Dec 1, 2021 13:28:11.528119087 CET | 1.1.1.1 | 192.168.11.20 | 0xbfc7 | No error (0) | furteksdokuma.com.tr | CNAME (Canonical name) | IN (0x0001) | ||
Dec 1, 2021 13:28:11.528119087 CET | 1.1.1.1 | 192.168.11.20 | 0xbfc7 | No error (0) | 116.202.203.61 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49805 | 142.250.186.174 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-01 12:26:34 UTC | 0 | OUT | |
2021-12-01 12:26:35 UTC | 0 | IN | |
2021-12-01 12:26:35 UTC | 1 | IN | |
2021-12-01 12:26:35 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49806 | 142.250.185.129 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-01 12:26:35 UTC | 2 | OUT | |
2021-12-01 12:26:35 UTC | 2 | IN |