Play interactive tourEdit tour
Windows Analysis Report Transferencia_29_11_2021 17.03.39.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Potential malicious icon found
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "tamasfulop@csavarcsapagyexpress.huRozsnyoi42mail.csavarcsapagyexpress.hukelvinleelee500@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=download&id=1V_BC3orZyo_Cje"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 4_2_01875908 | |
Source: | Code function: | 4_2_018760D8 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary: |
---|
Potential malicious icon found | Show sources |
Source: | Icon embedded in PE file: |
Source: | Static PE information: |
Source: | Code function: | 4_2_012AC080 | |
Source: | Code function: | 4_2_012A4320 | |
Source: | Code function: | 4_2_012ABA48 | |
Source: | Code function: | 4_2_012A3A50 | |
Source: | Code function: | 4_2_012A1120 | |
Source: | Code function: | 4_2_012A3708 | |
Source: | Code function: | 4_2_012B0890 | |
Source: | Code function: | 4_2_012B6AC8 | |
Source: | Code function: | 4_2_015FA350 | |
Source: | Code function: | 4_2_015FBB1B | |
Source: | Code function: | 4_2_015F57C8 | |
Source: | Code function: | 4_2_015F4E60 | |
Source: | Code function: | 4_2_015F1D28 | |
Source: | Code function: | 4_2_015F41D1 | |
Source: | Code function: | 4_2_015F68D8 | |
Source: | Code function: | 4_2_015F3330 | |
Source: | Code function: | 4_2_018719B0 | |
Source: | Code function: | 4_2_01878320 | |
Source: | Code function: | 4_2_01872B78 | |
Source: | Code function: | 4_2_0187DEA0 | |
Source: | Code function: | 4_2_01876D10 | |
Source: | Code function: | 4_2_0187D120 | |
Source: | Code function: | 4_2_01871157 | |
Source: | Code function: | 4_2_0187A4C8 | |
Source: | Code function: | 4_2_01870040 | |
Source: | Code function: | 4_2_1E3C5E08 | |
Source: | Code function: | 4_2_1E3C46C4 | |
Source: | Code function: | 4_2_1E3C5D41 | |
Source: | Code function: | 4_2_1E3C6AF1 | |
Source: | Code function: | 4_2_21576428 | |
Source: | Code function: | 4_2_21578650 | |
Source: | Code function: | 4_2_21572D7D | |
Source: | Code function: | 4_2_21570E00 | |
Source: | Code function: | 4_2_2157A4E8 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 2_2_00404858 | |
Source: | Code function: | 2_2_00405D26 | |
Source: | Code function: | 2_2_029D31BA | |
Source: | Code function: | 2_2_029D4003 | |
Source: | Code function: | 2_2_029D4003 | |
Source: | Code function: | 4_2_012AF46A | |
Source: | Code function: | 4_2_018752F9 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_012A6950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
25% | Virustotal | Browse | ||
9% | ReversingLabs | Win32.Downloader.GuLoader |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1140082 | Download File | ||
100% | Avira | HEUR/AGEN.1140082 | Download File |
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
csavarcsapagyexpress.hu | 185.111.89.226 | true | true |
| unknown |
drive.google.com | 142.250.185.78 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.97 | true | false | high | |
doc-08-6k-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.csavarcsapagyexpress.hu | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
185.111.89.226 | csavarcsapagyexpress.hu | Hungary | 51013 | WEBSUPPORT-SRO-SK-ASSK | true | |
142.250.185.97 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 532136 |
Start date: | 01.12.2021 |
Start time: | 19:08:05 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 55s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Transferencia_29_11_2021 17.03.39.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.rans.troj.spyw.evad.winEXE@4/1@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:10:37 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.111.89.226 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
WEBSUPPORT-SRO-SK-ASSK | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.216110090959714 |
TrID: |
|
File name: | Transferencia_29_11_2021 17.03.39.exe |
File size: | 152688 |
MD5: | a70cf8fdf5c68e414bad4494a44f272a |
SHA1: | 4a974930db625492a8aa3f046759db6f3f057129 |
SHA256: | dd7883497ba8fc4a8fac606d4f3cec70b6d42c0017e320f9becb071d899c6c30 |
SHA512: | 7279f30ac01665f31e4dd4ff11fb85954d9109953e1d3b041971cba8973e6b640eca8794223a5be3762d1911889ba12fc8b84c952b49f002f98f1e79ba6eb273 |
SSDEEP: | 1536:4JE6l7m717UopmGeFgk1hG6dvlWOCQe1FpVfBRnOmk:KE6l7mh/UFgk1hG6GOC/lf2mk |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....7.K.....................0............... ....@................ |
File Icon |
---|
Icon Hash: | 20047c7c70f0e004 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401888 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4B9437E6 [Sun Mar 7 23:33:58 2010 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b209c8634733456633136bfedc71877a |
Authenticode Signature |
---|
Signature Valid: | false |
Signature Issuer: | E=ansvarslsere@Episcotister1.BON, CN=INDDRIVNING, OU=sporuloid, O=atomkraftvrks, L=Capsheaf, S=Appointed, C=CD |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 29DB6066933764E6DBF96BB776031AF3 |
Thumbprint SHA-1: | 7F5DF2711E99DDB2A16381EF8330D115FB1C72B2 |
Thumbprint SHA-256: | B038217303FB0C77E03FB5D245BB31AF36E8932DBBB944A0599B9F5ECB20D07C |
Serial: | 00 |
Entrypoint Preview |
---|
Instruction |
---|
push 004019CCh |
call 00007F124C94C325h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [88474D5Dh], dh |
dec edx |
mov byte ptr [6CC034C0h], al |
jnle 00007F124C94C32Fh |
push cs |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
push ebp |
dec esi |
inc edx |
dec edi |
dec esp |
inc esp |
inc ebp |
dec esi |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
add byte ptr [edx-7BDFC270h], bh |
jmp 00007F124C94C361h |
dec ebp |
cmp byte ptr [ebx-29h], FFFFFFE3h |
je 00007F124C94C389h |
pop ebp |
adc esp, dword ptr [ebx-3Dh] |
xchg eax, esi |
mov bh, dl |
mov al, byte ptr [E3B79F4Fh] |
or cl, byte ptr [edx+ebp*4+4F3A977Ah] |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
pop eax |
add byte ptr [eax], al |
add byte ptr [ebx+00h], dl |
add byte ptr [eax], al |
add byte ptr [edi], al |
add byte ptr [edx+79h], ah |
jc 00007F124C94C3ADh |
outsb |
add byte ptr [41001001h], cl |
jnc 0000C39Eh |
jnc 00007F124C94C39Ch |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x213d4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x960 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x24000 | 0x1470 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x234 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20ac4 | 0x21000 | False | 0.366751006155 | data | 5.29953521895 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x122c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x960 | 0x1000 | False | 0.175048828125 | data | 2.0387904916 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x24830 | 0x130 | data | ||
RT_ICON | 0x24548 | 0x2e8 | data | ||
RT_ICON | 0x24420 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x243f0 | 0x30 | data | ||
RT_VERSION | 0x24150 | 0x2a0 | data | Chinese | Taiwan |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaR8FixI4, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaVarMove, __vbaStrI4, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, __vbaLenVar, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaVarTstLt, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaAryConstruct2, __vbaVarTstEq, __vbaObjVar, _adj_fpatan, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaVarCat, _CIlog, __vbaFileOpen, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaInStrB, __vbaVarDup, __vbaVarTstGe, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaR8IntI4, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | Union |
InternalName | outrunner |
FileVersion | 4.00 |
CompanyName | Union |
LegalTrademarks | Union |
ProductName | Union |
ProductVersion | 4.00 |
FileDescription | Union |
OriginalFilename | outrunner.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 1, 2021 19:10:26.233319998 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.233407974 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.233653069 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.251113892 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.251173019 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.306022882 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.306325912 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.308559895 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.308835983 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.438261032 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.438328981 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.439003944 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.439232111 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.442595005 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.483902931 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.780750990 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.780905008 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.780946970 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.781088114 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.781126976 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.781240940 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.781276941 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.781411886 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.781469107 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.781610012 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.786427021 CET | 49810 | 443 | 192.168.11.20 | 142.250.185.78 |
Dec 1, 2021 19:10:26.786504030 CET | 443 | 49810 | 142.250.185.78 | 192.168.11.20 |
Dec 1, 2021 19:10:26.912821054 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.912864923 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:26.913135052 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.913451910 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.913490057 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:26.949390888 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:26.949527025 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.949532032 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.949573994 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.950048923 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:26.950207949 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.950212955 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.953821898 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.953953981 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:26.954102993 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.954454899 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:26.995893002 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.295030117 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.295214891 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.295423031 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.295551062 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.295595884 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.295634031 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.295783043 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.295826912 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.295840979 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.296335936 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.296586990 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.297116041 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.297965050 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.299897909 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.300190926 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.302145004 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.302350998 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.302398920 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.302583933 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.305573940 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.305763006 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.305805922 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.305965900 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306003094 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306160927 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306173086 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306199074 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306325912 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306349993 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306368113 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306512117 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306721926 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306838989 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306906939 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.306948900 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.306988001 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.307128906 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.307693005 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.307846069 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.307900906 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.308145046 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.308193922 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.308415890 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.308631897 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.308794975 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.308851004 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.308893919 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.308984995 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.309123039 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.309475899 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.309640884 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.309644938 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.309694052 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.309891939 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.310313940 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.310473919 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.310481071 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.310520887 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.310681105 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.310717106 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.311126947 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.311291933 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.311292887 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.311340094 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.311501026 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.312819004 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313009024 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313060999 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.313114882 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313169956 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.313237906 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313267946 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.313308954 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313402891 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.313457966 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.313486099 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.313762903 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316212893 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316378117 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316386938 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316437960 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316536903 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316589117 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316621065 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316726923 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316767931 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316803932 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316885948 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316909075 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.316956997 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.316988945 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.317106009 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.317147017 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.317435980 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.317641020 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.317642927 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.317692995 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.317831039 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.317867041 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.317892075 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.318042040 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.318290949 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.318453074 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.318474054 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.318495989 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.318695068 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.318743944 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.318938017 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.319224119 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.319425106 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.319477081 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.319623947 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.319678068 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.319730997 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.319827080 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.319861889 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.320533991 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.320734978 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.320775032 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.320980072 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321017981 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321069956 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321178913 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321238995 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321288109 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321315050 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321461916 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321485996 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321511030 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321696997 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321724892 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.321962118 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.321990967 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322211981 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.322222948 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322242022 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322431087 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.322477102 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322731018 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.322767019 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322804928 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.322875977 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.322953939 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.322977066 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.323146105 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.323177099 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.323415041 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.323446035 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.323684931 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.323873997 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.323896885 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.323911905 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.323940992 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324069977 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.324131012 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324233055 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.324340105 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324512005 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.324536085 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324737072 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.324768066 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324876070 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.324927092 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.324955940 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.325069904 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.325088024 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.325103045 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.325251102 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.326814890 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327018023 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327066898 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327224970 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327251911 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327301979 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327373981 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327452898 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327475071 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327665091 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327666998 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327699900 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.327825069 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327853918 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.327881098 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328116894 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328123093 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.328156948 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328274012 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.328321934 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.328342915 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328536034 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.328557968 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328850985 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.328855038 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.328882933 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329066038 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329086065 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329226971 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329248905 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329407930 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329438925 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329464912 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329598904 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329621077 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329657078 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329804897 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329833984 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.329974890 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.329994917 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330137968 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.330161095 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330317020 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.330343008 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330372095 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330497026 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.330574989 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330730915 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.330753088 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.330893993 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.330914021 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331067085 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331104994 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331130028 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331262112 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331276894 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331293106 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331482887 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331496000 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331518888 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331640005 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331654072 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331667900 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331814051 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.331840038 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.331990957 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332015038 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332161903 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332174063 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332197905 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332321882 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332398891 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332417011 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332432032 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332571983 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332581043 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332591057 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332740068 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332743883 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332758904 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332879066 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332890034 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332907915 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.332927942 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.332940102 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333084106 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333086967 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333102942 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333240032 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333252907 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333393097 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333420038 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333434105 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333535910 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333549023 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333671093 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333688021 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333751917 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333753109 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333767891 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333825111 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333933115 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.333950996 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.333964109 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334100962 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334147930 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334162951 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334238052 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334319115 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334331989 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334508896 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334516048 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334533930 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334707975 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334722996 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334886074 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.334897995 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.334912062 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335031033 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335046053 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335113049 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335128069 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335247993 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335262060 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335345984 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335355997 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335366011 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335473061 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335489988 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335587978 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335594893 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335611105 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335635900 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335751057 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335763931 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335776091 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335926056 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.335957050 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.335978031 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336066961 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336070061 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336113930 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336129904 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336191893 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336206913 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336240053 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336258888 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336287975 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336297035 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336337090 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336435080 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336497068 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336520910 CET | 443 | 49811 | 142.250.185.97 | 192.168.11.20 |
Dec 1, 2021 19:10:27.336524963 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:10:27.336623907 CET | 49811 | 443 | 192.168.11.20 | 142.250.185.97 |
Dec 1, 2021 19:12:02.349112988 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.370971918 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.371129990 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.532605886 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.533047915 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.555299044 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.555516005 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.579087973 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.581842899 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.609457016 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.609519958 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.609569073 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.609601021 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.609791040 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.609847069 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.610941887 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.613818884 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.636099100 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.677953005 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.747499943 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.769589901 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.770600080 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.792973042 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.793421984 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.821939945 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.822565079 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.844960928 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.845463991 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.906896114 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.973288059 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:02.973676920 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:02.996062040 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:03.037215948 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:03.059843063 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:03.059889078 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:03.059936047 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:03.059984922 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:12:03.081957102 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:03.082000017 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:03.082022905 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:03.082045078 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:04.799392939 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:12:04.849292040 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:13:04.872915983 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:13:04.873254061 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:13:42.234354973 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:13:42.258070946 CET | 587 | 49839 | 185.111.89.226 | 192.168.11.20 |
Dec 1, 2021 19:13:42.258305073 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
Dec 1, 2021 19:13:42.258697987 CET | 49839 | 587 | 192.168.11.20 | 185.111.89.226 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 1, 2021 19:10:26.212265968 CET | 58238 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 19:10:26.221477032 CET | 53 | 58238 | 1.1.1.1 | 192.168.11.20 |
Dec 1, 2021 19:10:26.868185043 CET | 59829 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 19:10:26.911423922 CET | 53 | 59829 | 1.1.1.1 | 192.168.11.20 |
Dec 1, 2021 19:12:02.195431948 CET | 55110 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 1, 2021 19:12:02.303282022 CET | 53 | 55110 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 1, 2021 19:10:26.212265968 CET | 192.168.11.20 | 1.1.1.1 | 0xba6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 1, 2021 19:10:26.868185043 CET | 192.168.11.20 | 1.1.1.1 | 0x7351 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 1, 2021 19:12:02.195431948 CET | 192.168.11.20 | 1.1.1.1 | 0xe5b4 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 1, 2021 19:10:26.221477032 CET | 1.1.1.1 | 192.168.11.20 | 0xba6 | No error (0) | 142.250.185.78 | A (IP address) | IN (0x0001) | ||
Dec 1, 2021 19:10:26.911423922 CET | 1.1.1.1 | 192.168.11.20 | 0x7351 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 1, 2021 19:10:26.911423922 CET | 1.1.1.1 | 192.168.11.20 | 0x7351 | No error (0) | 142.250.185.97 | A (IP address) | IN (0x0001) | ||
Dec 1, 2021 19:12:02.303282022 CET | 1.1.1.1 | 192.168.11.20 | 0xe5b4 | No error (0) | csavarcsapagyexpress.hu | CNAME (Canonical name) | IN (0x0001) | ||
Dec 1, 2021 19:12:02.303282022 CET | 1.1.1.1 | 192.168.11.20 | 0xe5b4 | No error (0) | 185.111.89.226 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49810 | 142.250.185.78 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-01 18:10:26 UTC | 0 | OUT | |
2021-12-01 18:10:26 UTC | 0 | IN | |
2021-12-01 18:10:26 UTC | 1 | IN | |
2021-12-01 18:10:26 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49811 | 142.250.185.97 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-01 18:10:26 UTC | 2 | OUT | |
2021-12-01 18:10:27 UTC | 2 | IN |