Play interactive tourEdit tour
Windows Analysis Report FACTURAS.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "gulnaz@furteksdokuma.com.tr@Gulnaz159753mail.furteksdokuma.com.trsarahmorg434@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=downlD'"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 6_2_00B21130 | |
Source: | Code function: | 6_2_00B24320 | |
Source: | Code function: | 6_2_00B23A50 | |
Source: | Code function: | 6_2_00B23708 | |
Source: | Code function: | 6_2_1DED5E08 | |
Source: | Code function: | 6_2_1DED46C4 | |
Source: | Code function: | 6_2_1DED6AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 1_2_0040509D | |
Source: | Code function: | 1_2_0040755D | |
Source: | Code function: | 1_2_00407181 | |
Source: | Code function: | 1_2_0040755D | |
Source: | Code function: | 1_2_004085B9 | |
Source: | Code function: | 1_2_00406249 | |
Source: | Code function: | 1_2_004072E9 | |
Source: | Code function: | 1_2_004042FD | |
Source: | Code function: | 1_2_00409745 | |
Source: | Code function: | 1_2_00408422 | |
Source: | Code function: | 1_2_023247E4 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Binary or memory string: |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Masquerading1 | OS Credential Dumping | Security Software Discovery431 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel11 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion341 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection112 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol113 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information1 | LSA Secrets | System Information Discovery114 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
41% | Virustotal | Browse | ||
38% | Metadefender | Browse | ||
58% | ReversingLabs | Win32.Trojan.GuLoader |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.181.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.181.225 | true | false | high | |
doc-0g-7s-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.181.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 539521 |
Start date: | 14.12.2021 |
Start time: | 13:39:59 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | FACTURAS.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@6/2@2/2 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
13:42:46 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
No context |
---|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\FACTURAS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4 |
Entropy (8bit): | 0.8112781244591328 |
Encrypted: | false |
SSDEEP: | 3:1ln:v |
MD5: | 34F45818F16D1BBB62BA5874B8814CC7 |
SHA1: | A454CA483B4A66B83826D061BE2859DD79FF0D6C |
SHA-256: | DC765660B06EE03DD16FD7CA5B957E8C805161AC2C4AF28C5A100AB2AB432CA1 |
SHA-512: | 65711C8D556639DDFC14CE292B2415F3A2824D003AF1A530093B8E0B70B695E6C639694B7B90C6750B1129566D9A3784ED274667988D4B227DB2AC9B6CF7548B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\Desktop\FACTURAS.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.365570111635911 |
Encrypted: | false |
SSDEEP: | 48:rCXH5P26XpZKfAujEnkmHE+dJ+//iaBnF6UmkM:EHrZedAnjHrMyaL61 |
MD5: | E5AAF1474D5E7489F86A267B928DE425 |
SHA1: | 8DAC741F82956D6111A5B442442E095DC4FC3299 |
SHA-256: | DBBEF5EC504CF458770890AF07448ABF835345029D078D4BA36CBF431F86314E |
SHA-512: | B9AE66432026ADF7FE691F6E95292C6299CFE37FDC27760AD8DB5464386663A0398E53A770B0C8CCFDD734A8162064FF2D01093197A3BEC7356E9933EC344961 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.04128986675064 |
TrID: |
|
File name: | FACTURAS.exe |
File size: | 147456 |
MD5: | 2332fdde9344114749db5496eef5f5f9 |
SHA1: | 303c40dd112294dc012836be48eb38e8af056432 |
SHA256: | 0e693b9dcb4ccb3e64cb61396447dd4e3871234b4af80c2d57e4fbc9b6268a61 |
SHA512: | 7b3d94fb5e12a09f1b417e8042cbb0abe394a1d577a466cd2394e9aa0068ab276d5da25edf742660edb8bd01611f4680c982d6f14373d80e2896d34a887379c1 |
SSDEEP: | 1536:nVas/8YOk4FOHBbmpBpQr9nV43XExeM0Jw52P3u1D6CqljbW:Is/8YJ4kRmpBpqVC090JS63hN |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L....e`V.....................0............... ....@................ |
File Icon |
---|
Icon Hash: | 0cceececceece400 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x401698 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x566065B6 [Thu Dec 3 15:54:30 2015 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 98b6dd560a57b8960045d82e7d77c431 |
Entrypoint Preview |
---|
Instruction |
---|
push 004020ACh |
call 00007F158C92F833h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
cmp byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
js 00007F158C92F838h |
rcl byte ptr [ecx-65h], cl |
fsubr dword ptr [edx] |
dec eax |
cmpsd |
mov ebp, 0FAA5268h |
pop eax |
stc |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add dword ptr [eax], eax |
add byte ptr [eax], al |
inc edx |
popfd |
aam 00h |
das |
mov al, byte ptr [69676445h] |
jc 00007F158C92F874h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add byte ptr [ebx], dl |
pop esi |
push es |
sal byte ptr [ebx-76h], cl |
inc ebp |
lodsb |
pop esp |
pop esi |
jmp 00007F158C92F814h |
pop ebp |
mov bh, 60h |
xor eax, 0FA504B7h |
mov ebp, eax |
inc ebx |
xchg eax, edi |
xor edi, dword ptr [DAF603FAh] |
outsd |
cmp cl, byte ptr [edi-53h] |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
adc cl, byte ptr [ecx] |
add byte ptr [eax], al |
or eax, 00000009h |
push es |
add byte ptr [ecx+65h], bl |
jc 00007F158C92F8ADh |
jnc 00007F158C92F873h |
add byte ptr [67000801h], cl |
jc 00007F158C92F8A3h |
insb |
imul ebp, dword ptr [esi+65h], 00011900h |
inc edx |
add byte ptr [ebx], ah |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x20fb4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0xc6c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x208 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20638 | 0x21000 | False | 0.363976680871 | data | 5.21775436592 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1238 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0xc6c | 0x1000 | False | 0.484130859375 | data | 4.2105621782 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x243c4 | 0x8a8 | data | ||
RT_GROUP_ICON | 0x243b0 | 0x14 | data | ||
RT_VERSION | 0x240f0 | 0x2c0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, __vbaPut3, _adj_fdiv_m64, __vbaFpCDblR8, _adj_fprem1, __vbaStrCat, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaOnError, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFPFix, __vbaFpR8, _CIsin, __vbaChkstk, __vbaFileClose, EVENT_SINK_AddRef, __vbaStrCmp, __vbaGet3, __vbaVarTstEq, __vbaObjVar, __vbaI2I4, DllFunctionCall, _adj_fpatan, __vbaStrR8, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, __vbaVarCat, _CIlog, __vbaErrorOverflow, __vbaFileOpen, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | MURAL |
InternalName | SERVICEKONTRAKTS |
FileVersion | 1.00 |
CompanyName | MURAL |
LegalTrademarks | MURAL |
ProductName | MURAL |
ProductVersion | 1.00 |
FileDescription | MURAL |
OriginalFilename | SERVICEKONTRAKTS.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 13:42:35.224447966 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.224529028 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.224703074 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.241461039 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.241523027 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.293607950 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.293849945 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.295785904 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.296009064 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.414314032 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.414377928 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.415005922 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.415148020 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.418461084 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.459894896 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.899518967 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.899679899 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.899720907 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.899864912 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.899904013 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.900017023 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.900043011 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.900115013 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:35.900150061 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.900222063 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.905185938 CET | 49803 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 14, 2021 13:42:35.905246973 CET | 443 | 49803 | 142.250.181.238 | 192.168.11.20 |
Dec 14, 2021 13:42:36.025352001 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.025448084 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.025712013 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.026026011 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.026072025 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.079577923 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.079775095 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.081629038 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.081883907 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.081904888 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.090877056 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.090897083 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.091212988 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.091348886 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.091677904 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.135879993 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.330442905 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.330631018 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.330672979 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.330781937 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.330967903 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.330996990 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331208944 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.331346989 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.331429005 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331458092 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331468105 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331487894 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.331631899 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331746101 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.331957102 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.332343102 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.335028887 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.335326910 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.338335991 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.338599920 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.338660002 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.338917971 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.341437101 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.341651917 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.341695070 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.341867924 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.341896057 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.341922045 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.342075109 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.342221022 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.342263937 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.342294931 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.342417002 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.342519045 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.342726946 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.342876911 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.342912912 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.343166113 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.343225956 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.343477011 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.343570948 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.343770027 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.343843937 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.343879938 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.344022036 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.344065905 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.344356060 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.344547987 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.344583035 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.344604015 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.344882011 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.345283031 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.345488071 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.345523119 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.345827103 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.345886946 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.346096992 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.346298933 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.346506119 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.346533060 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.346559048 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.346787930 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.347306013 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.347511053 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.347522974 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.347560883 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.347743988 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.349196911 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.349359035 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.349401951 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.349682093 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.349734068 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.349931955 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.349966049 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.350121021 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.350162029 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.350188971 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.350434065 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.352415085 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.352591991 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.352606058 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.352638006 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.352792978 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.352832079 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.352855921 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.352982044 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.353122950 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.353173018 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.353183031 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.353429079 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.353632927 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.353817940 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.353832960 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.353856087 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.354118109 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.354371071 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.354561090 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.354595900 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.354763985 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.354811907 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.355104923 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.355119944 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.355146885 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.355310917 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.355523109 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.355572939 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.355585098 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.355802059 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.356046915 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356221914 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356235027 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.356262922 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356462955 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.356494904 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356707096 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.356734991 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356888056 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356981039 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.356998920 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.357019901 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.357176065 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.357188940 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.357712030 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.357898951 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.357913017 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.357945919 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.358088970 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.358123064 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.358304977 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.358655930 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.358830929 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.358863115 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.358892918 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359045029 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359246016 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.359285116 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359291077 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.359463930 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.359496117 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359628916 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359726906 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359899044 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.359931946 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.359940052 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.360033989 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.360199928 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.360408068 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.360572100 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.360632896 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.360646963 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.360690117 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.360893011 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.360913038 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.361218929 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.361376047 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.361458063 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.361499071 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.361536026 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.361555099 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.361668110 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.361916065 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.362246990 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.362402916 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.362452984 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.362474918 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.362636089 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.362651110 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.362701893 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.362925053 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.362951040 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.363370895 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.363508940 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.363590002 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.363676071 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.363723993 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.363769054 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.363780975 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.363897085 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.363923073 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364044905 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364088058 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364109039 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364114046 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364289999 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364315987 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364473104 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364504099 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364514112 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364556074 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364583015 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364747047 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364794016 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.364809990 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.364985943 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.365273952 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.365442991 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.365458965 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.365477085 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.365619898 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.365638971 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.365659952 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.365930080 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.365945101 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366111994 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.366216898 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366394043 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366432905 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.366450071 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366548061 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366609097 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.366617918 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.366627932 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366650105 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.366785049 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.366997004 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367007971 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367038012 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367192984 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367321968 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367330074 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367357969 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367366076 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367503881 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367573023 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367618084 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367645025 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367650986 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367721081 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.367851973 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.367871046 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368042946 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368058920 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368063927 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368261099 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368289948 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368432045 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368458986 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368587017 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368643999 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368662119 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368740082 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.368741035 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.368843079 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369026899 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369033098 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369035006 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369055986 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369074106 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369254112 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369363070 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369384050 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369411945 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369514942 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369604111 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369617939 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.369667053 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.369858980 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370038033 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370065928 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370234013 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370249987 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370340109 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370412111 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370424986 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370445013 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370598078 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370616913 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370621920 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370646954 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370803118 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.370816946 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.370883942 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371006966 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371023893 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371030092 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371180058 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371191978 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371346951 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371350050 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371381998 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371393919 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371408939 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371489048 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371627092 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371649027 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371669054 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371788979 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371798038 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371974945 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.371977091 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.371995926 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.372287035 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.372328997 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.372370005 CET | 443 | 49804 | 142.250.181.225 | 192.168.11.20 |
Dec 14, 2021 13:42:36.372376919 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
Dec 14, 2021 13:42:36.372591019 CET | 49804 | 443 | 192.168.11.20 | 142.250.181.225 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 14, 2021 13:42:35.205521107 CET | 61072 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 14, 2021 13:42:35.215145111 CET | 53 | 61072 | 1.1.1.1 | 192.168.11.20 |
Dec 14, 2021 13:42:35.964066029 CET | 63435 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 14, 2021 13:42:36.023989916 CET | 53 | 63435 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 14, 2021 13:42:35.205521107 CET | 192.168.11.20 | 1.1.1.1 | 0x6702 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 14, 2021 13:42:35.964066029 CET | 192.168.11.20 | 1.1.1.1 | 0x3705 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 14, 2021 13:42:35.215145111 CET | 1.1.1.1 | 192.168.11.20 | 0x6702 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | ||
Dec 14, 2021 13:42:36.023989916 CET | 1.1.1.1 | 192.168.11.20 | 0x3705 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 14, 2021 13:42:36.023989916 CET | 1.1.1.1 | 192.168.11.20 | 0x3705 | No error (0) | 142.250.181.225 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49803 | 142.250.181.238 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 12:42:35 UTC | 0 | OUT | |
2021-12-14 12:42:35 UTC | 0 | IN | |
2021-12-14 12:42:35 UTC | 1 | IN | |
2021-12-14 12:42:35 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49804 | 142.250.181.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-14 12:42:36 UTC | 2 | OUT | |
2021-12-14 12:42:36 UTC | 2 | IN |