Play interactive tourEdit tour
Windows Analysis Report FACTURAS.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=downlD'"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 9_2_017F5088 | |
Source: | Code function: | 9_2_017F5868 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 1_2_03101476 | |
Source: | Code function: | 1_2_03103837 | |
Source: | Code function: | 9_2_01206988 | |
Source: | Code function: | 9_2_01200040 | |
Source: | Code function: | 9_2_01201420 | |
Source: | Code function: | 9_2_01244320 | |
Source: | Code function: | 9_2_01243A50 | |
Source: | Code function: | 9_2_0124BA50 | |
Source: | Code function: | 9_2_0124C7B0 | |
Source: | Code function: | 9_2_01243708 | |
Source: | Code function: | 9_2_014AA9CA | |
Source: | Code function: | 9_2_014A8490 | |
Source: | Code function: | 9_2_014A8F20 | |
Source: | Code function: | 9_2_014A1D28 | |
Source: | Code function: | 9_2_014A41D1 | |
Source: | Code function: | 9_2_014A3330 | |
Source: | Code function: | 9_2_014A6270 | |
Source: | Code function: | 9_2_017F2DA0 | |
Source: | Code function: | 9_2_017F1BD0 | |
Source: | Code function: | 9_2_017F7E60 | |
Source: | Code function: | 9_2_017FD2E0 | |
Source: | Code function: | 9_2_017FDED5 | |
Source: | Code function: | 9_2_017FA940 | |
Source: | Code function: | 9_2_017F2D00 | |
Source: | Code function: | 9_2_017FA9A0 | |
Source: | Code function: | 9_2_017F2E40 | |
Source: | Code function: | 9_2_01A850F8 | |
Source: | Code function: | 9_2_01A80040 | |
Source: | Code function: | 9_2_01A86C78 | |
Source: | Code function: | 9_2_01A86048 | |
Source: | Code function: | 9_2_01A8A420 | |
Source: | Code function: | 9_2_1E235E08 | |
Source: | Code function: | 9_2_1E2346C4 | |
Source: | Code function: | 9_2_1E236AF1 |
Source: | Code function: | 1_2_03101476 | |
Source: | Code function: | 1_2_03103837 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_0040509D | |
Source: | Code function: | 1_2_0040755D | |
Source: | Code function: | 1_2_00407181 | |
Source: | Code function: | 1_2_0040755D | |
Source: | Code function: | 1_2_004085B9 | |
Source: | Code function: | 1_2_00406249 | |
Source: | Code function: | 1_2_004072E9 | |
Source: | Code function: | 1_2_004042FD | |
Source: | Code function: | 1_2_00409745 | |
Source: | Code function: | 1_2_00408422 | |
Source: | Code function: | 1_2_03104ADB | |
Source: | Code function: | 1_2_031024E1 | |
Source: | Code function: | 9_2_01A83D51 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 9_2_01246950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
38% | Metadefender | Browse | ||
58% | ReversingLabs | Win32.Trojan.GuLoader |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.181.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.33 | true | false | high | |
furteksdokuma.com.tr | 116.202.203.61 | true | true |
| unknown |
doc-0g-7s-docs.googleusercontent.com | unknown | unknown | false | high | |
mail.furteksdokuma.com.tr | unknown | unknown | true |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
116.202.203.61 | furteksdokuma.com.tr | Germany | 24940 | HETZNER-ASDE | true | |
142.250.186.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 539419 |
Start date: | 14.12.2021 |
Start time: | 09:47:42 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | FACTURAS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 15 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/3@3/3 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
09:50:33 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
116.202.203.61 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HETZNER-ASDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\FACTURAS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:1ln:v |
MD5: | 34F45818F16D1BBB62BA5874B8814CC7 |
SHA1: | A454CA483B4A66B83826D061BE2859DD79FF0D6C |
SHA-256: | DC765660B06EE03DD16FD7CA5B957E8C805161AC2C4AF28C5A100AB2AB432CA1 |
SHA-512: | 65711C8D556639DDFC14CE292B2415F3A2824D003AF1A530093B8E0B70B695E6C639694B7B90C6750B1129566D9A3784ED274667988D4B227DB2AC9B6CF7548B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\FACTURAS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.365570111635911 |
Encrypted: | false |
SSDEEP: | 48:rCXH5P26XpZKfAujEnkmHE+dJ+//iaBnF6UmkM:EHrZedAnjHrMyaL61 |
MD5: | E5AAF1474D5E7489F86A267B928DE425 |
SHA1: | 8DAC741F82956D6111A5B442442E095DC4FC3299 |
SHA-256: | DBBEF5EC504CF458770890AF07448ABF835345029D078D4BA36CBF431F86314E |
SHA-512: | B9AE66432026ADF7FE691F6E95292C6299CFE37FDC27760AD8DB5464386663A0398E53A770B0C8CCFDD734A8162064FF2D01093197A3BEC7356E9933EC344961 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.04128986675064 |
TrID: |
|
File name: | FACTURAS.exe |
File size: | 147456 |
MD5: | 2332fdde9344114749db5496eef5f5f9 |
SHA1: | 303c40dd112294dc012836be48eb38e8af056432 |
SHA256: | 0e693b9dcb4ccb3e64cb61396447dd4e3871234b4af80c2d57e4fbc9b6268a61 |
SHA512: | 7b3d94fb5e12a09f1b417e8042cbb0abe394a1d577a466cd2394e9aa0068ab276d5da25edf742660edb8bd01611f4680c982d6f14373d80e2896d34a887379c1 |
SSDEEP: | 1536:nVas/8YOk4FOHBbmpBpQr9nV43XExeM0Jw52P3u1D6CqljbW:Is/8YJ4kRmpBpqVC090JS63hN |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....e`V.....................0............... ....@................ |
File Icon |
---|
Icon Hash: | 0cceececceece400 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401698 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x566065B6 [Thu Dec 3 15:54:30 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 98b6dd560a57b8960045d82e7d77c431 |
Entrypoint Preview |
---|
Instruction |
---|
push 004020ACh |
call 00007FBB0C3BC113h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
js 00007FBB0C3BC118h |
rcl byte ptr [ecx-65h], cl |
fsubr dword ptr [edx] |
dec eax |
cmpsd |
mov ebp, 0FAA5268h |
pop eax |
stc |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc edx |
popfd |
aam 00h |
das |
mov al, byte ptr [69676445h] |
jc 00007FBB0C3BC154h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add byte ptr [ebx], dl |
pop esi |
push es |
sal byte ptr [ebx-76h], cl |
inc ebp |
lodsb |
pop esp |
pop esi |
jmp 00007FBB0C3BC0F4h |
pop ebp |
mov bh, 60h |
xor eax, 0FA504B7h |
mov ebp, eax |
inc ebx |
xchg eax, edi |
xor edi, dword ptr [DAF603FAh] |
outsd |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
adc cl, byte ptr [ecx] |
add byte ptr [eax], al |
or eax, 00000009h |
push es |
add byte ptr [ecx+65h], bl |
jc 00007FBB0C3BC18Dh |
jnc 00007FBB0C3BC153h |
add byte ptr [67000801h], cl |
jc 00007FBB0C3BC183h |
insb |
imul ebp, dword ptr [esi+65h], 00011900h |
inc edx |
add byte ptr [ebx], ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x20fb4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0xc6c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x208 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20638 | 0x21000 | False | 0.363976680871 | data | 5.21775436592 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1238 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0xc6c | 0x1000 | False | 0.484130859375 | data | 4.2105621782 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x243c4 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x243b0 | 0x14 | data | ||
RT_VERSION | 0x240f0 | 0x2c0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, __vbaPut3, _adj_fdiv_m64, __vbaFpCDblR8, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | MURAL |
InternalName | SERVICEKONTRAKTS |
FileVersion | 1.00 |
CompanyName | MURAL |
LegalTrademarks | MURAL |
ProductName | MURAL |
ProductVersion | 1.00 |
FileDescription | MURAL |
OriginalFilename | SERVICEKONTRAKTS.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 09:50:22.344712019 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.344784021 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:22.344902992 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.362391949 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.362447977 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:22.399791002 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:22.399913073 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.399918079 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.400005102 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.400657892 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:22.400835991 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.520978928 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.521754026 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:22.521967888 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.525480032 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:22.567856073 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:23.100068092 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:23.100363016 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:23.100425005 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:23.100462914 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:23.100670099 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:23.161555052 CET | 49808 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 09:50:23.161626101 CET | 443 | 49808 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 09:50:23.286493063 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.286562920 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.286725998 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.287286997 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.287339926 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.339692116 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.339899063 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.342645884 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.342894077 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.347193956 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.347239971 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.347902060 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.348151922 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.348464012 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.391851902 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.612463951 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.612677097 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.612725019 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.613111973 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.613344908 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.613967896 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.614274979 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.615335941 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.615554094 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.615602016 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.615847111 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.617173910 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.617377996 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.619585991 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.619802952 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.623167038 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.623317003 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.623357058 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.623394012 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.623495102 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.623622894 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.623652935 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.623841047 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.624253035 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.624490023 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.624537945 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.624757051 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.625070095 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.625247002 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.625287056 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.625432014 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.625720978 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.625931025 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.625977039 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.626216888 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.626478910 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.626713037 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.626759052 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.626950026 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.627197027 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.627412081 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.627456903 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.627729893 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.628004074 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.628210068 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.628256083 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.628468990 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.628794909 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.628951073 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.628989935 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.629137993 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.629522085 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.629748106 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.629795074 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.630008936 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.630208969 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.630378962 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.630414009 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.630598068 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.630909920 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.631084919 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.631118059 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.631341934 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.631591082 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.631743908 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.631776094 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.632009983 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.632347107 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.632530928 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.632563114 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.632759094 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.632994890 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.633157015 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.633191109 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.633332014 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.633651018 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.633811951 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.633842945 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.633970022 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.634322882 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.634455919 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.634531975 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.634557962 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.634640932 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.634691000 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.635229111 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.635358095 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.635440111 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.635462046 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.635483027 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.635548115 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.635653019 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.635967970 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.636110067 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.636178970 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.636190891 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.636217117 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.636276007 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.636337042 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.637000084 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.637147903 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.637167931 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.637188911 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.637304068 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.637326002 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.637343884 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.637567997 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.638087988 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.638250113 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.638288021 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.638452053 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.638498068 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.638530970 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.638648033 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.638685942 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.639014006 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.639162064 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.639175892 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.639209986 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.639323950 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.639349937 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.639369011 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.639564037 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.639998913 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.640157938 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.640193939 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.640305996 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.640360117 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.640389919 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.640494108 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.640564919 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.640923023 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641083002 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641097069 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641125917 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641243935 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641263962 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641283035 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641428947 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641468048 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641642094 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641799927 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641942024 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.641956091 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.641979933 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.642101049 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.642122030 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.642139912 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.642306089 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.642697096 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.642846107 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.642858028 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.642884016 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.642982006 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643095016 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643121958 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.643286943 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643557072 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.643716097 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.643747091 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643769979 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.643862009 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643917084 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.643939018 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.644107103 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.644136906 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.644284010 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.644547939 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.644746065 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.644778967 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.644871950 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.644926071 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.644958973 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645080090 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645102978 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645119905 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645265102 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645409107 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645560026 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645596981 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645742893 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645760059 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645776033 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.645916939 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645937920 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.645955086 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646101952 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.646311998 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646460056 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646528959 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.646554947 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646617889 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.646667957 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.646687984 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646797895 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646869898 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.646905899 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.646950006 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647054911 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647102118 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647125006 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647203922 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647273064 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647294044 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647444963 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647473097 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647614956 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647639990 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647794962 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647829056 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.647870064 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.647948980 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648019075 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648036003 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648052931 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648190975 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648216009 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648230076 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648371935 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648390055 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648406982 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648514986 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648551941 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648571968 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648677111 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648718119 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648798943 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648812056 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648830891 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.648891926 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648955107 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648968935 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.648997068 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649188042 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649192095 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649218082 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649334908 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649353027 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649400949 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649542093 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649574995 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649713039 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649734974 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649820089 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649883986 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.649907112 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.649964094 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650032043 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650053978 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650072098 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650201082 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650234938 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650389910 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650418997 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650568008 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650634050 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650784969 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650806904 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650927067 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.650933981 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.650955915 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651053905 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651072025 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651088953 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651221991 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651232958 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651254892 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651369095 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651395082 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651550055 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651571035 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651588917 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651701927 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651721954 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651741028 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.651900053 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.651931047 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652060032 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652080059 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652098894 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652231932 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652256012 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652271032 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652389050 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652407885 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652424097 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652565002 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652590990 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652605057 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652728081 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652751923 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652906895 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.652924061 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.652940035 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653050900 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653098106 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653110027 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653124094 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653253078 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653276920 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653296947 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653412104 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653436899 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653578997 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653619051 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653642893 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653729916 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653773069 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653791904 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653898001 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.653960943 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.653985023 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654051065 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654129982 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654136896 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654155970 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654340982 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654381037 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654531002 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654567957 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654717922 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654737949 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654756069 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.654870987 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654917002 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.654939890 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655085087 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655109882 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655206919 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655255079 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655272961 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655327082 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655353069 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655405998 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655450106 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655463934 CET | 443 | 49810 | 142.250.186.33 | 192.168.11.20 |
Dec 14, 2021 09:50:23.655467987 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655498981 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:50:23.655599117 CET | 49810 | 443 | 192.168.11.20 | 142.250.186.33 |
Dec 14, 2021 09:51:59.212126970 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.224829912 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.225097895 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.256050110 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.256392956 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.269607067 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.269920111 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.287101984 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.289741993 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.315601110 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.315682888 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.315748930 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.315783024 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.315931082 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.315984964 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.318877935 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.321022987 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.334263086 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.379149914 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.435693026 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.448992014 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.450131893 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.464015961 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.464567900 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.494878054 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.495776892 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.509170055 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.509608030 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.554205894 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.554622889 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.567878962 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.613593102 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.631556988 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.631588936 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.631653070 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.631665945 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:51:59.644577980 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.644610882 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.644632101 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.644651890 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.650897026 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:51:59.691562891 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:53:38.966871977 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:53:38.983288050 CET | 587 | 49817 | 116.202.203.61 | 192.168.11.20 |
Dec 14, 2021 09:53:38.983661890 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
Dec 14, 2021 09:53:38.984078884 CET | 49817 | 587 | 192.168.11.20 | 116.202.203.61 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 09:50:22.324265003 CET | 54422 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 14, 2021 09:50:22.333733082 CET | 53 | 54422 | 1.1.1.1 | 192.168.11.20 |
Dec 14, 2021 09:50:23.258630037 CET | 52555 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 14, 2021 09:50:23.284970045 CET | 53 | 52555 | 1.1.1.1 | 192.168.11.20 |
Dec 14, 2021 09:51:58.932632923 CET | 64174 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 14, 2021 09:51:59.169941902 CET | 53 | 64174 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 14, 2021 09:50:22.324265003 CET | 192.168.11.20 | 1.1.1.1 | 0xcfce | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 09:50:23.258630037 CET | 192.168.11.20 | 1.1.1.1 | 0x2158 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 09:51:58.932632923 CET | 192.168.11.20 | 1.1.1.1 | 0x84b3 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 14, 2021 09:50:22.333733082 CET | 1.1.1.1 | 192.168.11.20 | 0xcfce | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 09:50:23.284970045 CET | 1.1.1.1 | 192.168.11.20 | 0x2158 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 09:50:23.284970045 CET | 1.1.1.1 | 192.168.11.20 | 0x2158 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 09:51:59.169941902 CET | 1.1.1.1 | 192.168.11.20 | 0x84b3 | No error (0) | furteksdokuma.com.tr | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 09:51:59.169941902 CET | 1.1.1.1 | 192.168.11.20 | 0x84b3 | No error (0) | 116.202.203.61 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49808 | 142.250.181.238 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 08:50:22 UTC | 0 | OUT | |
2021-12-14 08:50:23 UTC | 0 | IN | |
2021-12-14 08:50:23 UTC | 1 | IN | |
2021-12-14 08:50:23 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49810 | 142.250.186.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 08:50:23 UTC | 2 | OUT | |
2021-12-14 08:50:23 UTC | 2 | IN |