Edit tour
Windows
Analysis Report
pago del 20.01.2022.PDF______________________________________.exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- pago del 20.01.2022.PDF______________________________________.exe (PID: 7000 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: 4A3D98A8485779447C637CAF1CCAD892) - CasPol.exe (PID: 760 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 4000 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 6884 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 6852 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 6872 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 6840 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - CasPol.exe (PID: 6828 cmdline:
"C:\Users\ user\Deskt op\pago de l 20.01.20 22.PDF____ __________ __________ __________ ____.exe" MD5: F866FC1C2E928779C7119353C3091F0C) - conhost.exe (PID: 6968 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
{"Payload URL": "https://drive.google.com/uc?export=downl"}
{"Exfil Mode": "SMTP", "SMTP Info": "droidyandex@centraldefiltros.clicui4cu2@@mail.centraldefiltros.cldroidyandexreports@centraldefiltros.cl"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
LokiBot_Dropper_Packed_R11_Feb18 | Auto-generated rule - file scan copy.pdf.r11 | Florian Roth |
| |
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
Click to see the 2 entries |
⊘No Sigma rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 0_2_00411CB2 | |
Source: | Code function: | 0_2_00411002 | |
Source: | Code function: | 17_2_011BE5B1 | |
Source: | Code function: | 17_2_1DF546A0 | |
Source: | Code function: | 17_2_1DF54690 | |
Source: | Code function: | 17_2_1DF54630 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | Metadefender: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Window detected: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 0_2_00412C6E | |
Source: | Code function: | 0_2_00412D77 | |
Source: | Code function: | 0_2_004141C5 | |
Source: | Code function: | 0_2_00412989 | |
Source: | Code function: | 0_2_00412771 | |
Source: | Code function: | 0_2_004027E5 | |
Source: | Code function: | 0_2_004123EA | |
Source: | Code function: | 0_2_0233069E | |
Source: | Code function: | 0_2_0233328C | |
Source: | Code function: | 0_2_02331933 | |
Source: | Code function: | 0_2_02332929 | |
Source: | Code function: | 0_2_02335575 | |
Source: | Code function: | 0_2_023345C6 | |
Source: | Code function: | 17_2_1DF57760 |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | Path Interception | 112 Process Injection | 1 Disable or Modify Tools | OS Credential Dumping | 411 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 331 Virtualization/Sandbox Evasion | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 112 Process Injection | Security Account Manager | 331 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Obfuscated Files or Information | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 113 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 114 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | Virustotal | Browse | ||
24% | Metadefender | Browse | ||
64% | ReversingLabs | Win32.Trojan.AgentTesla |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 216.58.205.78 | true | false | high | |
googlehosted.l.googleusercontent.com | 216.58.198.33 | true | false | high | |
doc-00-6k-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
216.58.198.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
216.58.205.78 | drive.google.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 558278 |
Start date: | 23.01.2022 |
Start time: | 09:58:17 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pago del 20.01.2022.PDF______________________________________.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winEXE@16/1@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.4.86
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
Time | Type | Description |
---|---|---|
10:00:05 | API Interceptor |
⊘No context
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Process: | C:\Users\user\Desktop\pago del 20.01.2022.PDF______________________________________.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 49152 |
Entropy (8bit): | 5.035543586378022 |
Encrypted: | false |
SSDEEP: | 768:F5mdjxOWaG/KFWSBiGVzG8e83MRJUg/3ZRIIIIIIIIIIIIII:FEtxOtDtBb9+Jp/3ZRIIIIIIIIIIIIII |
MD5: | 84512088E95A81B41D2FF68D0AE6DDE4 |
SHA1: | 5F6EAABC8823AF8FFF10F5C27D17EA599FE5B6CE |
SHA-256: | 942B25782584C3F0C2FB08B4F3461248EAC7A7709673609B2083A86DD561D8E7 |
SHA-512: | ED06A5CC161B7D8F9502AB3B74842B104126532F7829B10076301DC54D5D8E6E82B32D4E452B6140B1CCA7AA4256E888BE6D630EADC9F5273EE5A4D552D48777 |
Malicious: | false |
Reputation: | low |
Preview: |
File type: | |
Entropy (8bit): | 5.820365390015966 |
TrID: |
|
File name: | pago del 20.01.2022.PDF______________________________________.exe |
File size: | 218216 |
MD5: | 4a3d98a8485779447c637caf1ccad892 |
SHA1: | 972e617044f41500d54c0a9bc9304094fac5f1b4 |
SHA256: | ab9d325dda36e6f2f7f74aa65c067a67d24b6247271b27d997520593b7105d7d |
SHA512: | 40de4659a252626352a0fe42ce4bf25b3914bc660a4e5c38ba821665721a00f8a222512914a86e39a24621b568b1fbd340d1f0b63f731889daf22a875602aa20 |
SSDEEP: | 3072:RIg+JpfZRIIIIIIIIIIIIIIFypPUZoSP4uj3dZRIIIIIIIIIIIIIIy+JpfIl:ugMhJCSP4iT0MQl |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........M...#...#...#.&.-...#...*...#.......#.Rich..#.........PE..L......a.................`...................p....@................ |
Icon Hash: | 001000b2b230d0f0 |
Entrypoint: | 0x401510 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x61EB05A4 [Fri Jan 21 19:12:36 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 076daaa528b1117cda2045bea4524014 |
Signature Valid: | false |
Signature Issuer: | E=BATTERER@unhoping.PAA, CN=Weenong7, OU=misplays, O=Informationsmedarbejder5, L=BAL, S=VIRKNINGSLSE, C=SJ |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 1467D1C1E6DD4034DFDBE58A23B8FC35 |
Thumbprint SHA-1: | 1AC6D9779E9942A75B1E60A4BD5D45A71DBDED15 |
Thumbprint SHA-256: | 3FD5B59E60075347EA5F82B01C8C65BE10162134A329C5C71EDB89DC602A7D9C |
Serial: | 00 |
Instruction |
---|
push 0040CEB8h |
call 00007F4F48A215A3h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add ch, bl |
std |
inc ecx |
add al, FFFFFFE9h |
call 00007F4F815CCF00h |
sbb bh, ah |
push ss |
call far 0000h : 000000D7h |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [edx+00h], al |
push es |
push eax |
add dword ptr [ecx], 50h |
jc 00007F4F48A21617h |
insb |
jne 00007F4F48A21620h |
arpl word ptr [eax+36h], bp |
add byte ptr [eax], al |
add byte ptr [ebx+ebp+000002FCh], bl |
add byte ptr [eax], al |
dec esp |
xor dword ptr [eax], eax |
sbb al, DBh |
push edx |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x25cb4 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x29000 | 0xb638 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x34000 | 0x1468 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x198 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x252d4 | 0x26000 | False | 0.491217362253 | data | 6.04657240247 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x27000 | 0x178c | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x29000 | 0xb638 | 0xc000 | False | 0.451110839844 | data | 5.04272884383 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x33351 | 0x12e7 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x32ce9 | 0x668 | data | ||
RT_ICON | 0x32a01 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x328d9 | 0x128 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x30c25 | 0x1cb4 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x2fd7d | 0xea8 | data | ||
RT_ICON | 0x2f4d5 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | ||
RT_ICON | 0x2ef6d | 0x568 | GLS_BINARY_LSB_FIRST | ||
RT_ICON | 0x2d0ce | 0x1e9f | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | ||
RT_ICON | 0x2ab26 | 0x25a8 | data | ||
RT_ICON | 0x29a7e | 0x10a8 | data | ||
RT_ICON | 0x29616 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_GROUP_ICON | 0x29568 | 0xae | data | ||
RT_VERSION | 0x29300 | 0x268 | MS Windows COFF Motorola 68000 object file | Chinese | Taiwan |
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaVarTstGt, _CIcos, _adj_fptan, __vbaHresultCheck, __vbaStrI4, __vbaVarMove, __vbaFreeVar, __vbaStrVarMove, __vbaLenBstr, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, __vbaStrErrVarCopy, _adj_fprem1, __vbaHresultCheckObj, __vbaLenBstrB, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaVarTstLt, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaObjVar, _adj_fpatan, __vbaLateIdCallLd, __vbaStrR8, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaUI1I4, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, __vbaUbound, _CIlog, __vbaErrorOverflow, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaI4Var, __vbaVarDup, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Description | Data |
---|---|
Translation | 0x0404 0x04b0 |
LegalCopyright | Catapult Fas |
InternalName | DYPPEDES |
FileVersion | 1.00 |
CompanyName | Catapult Fas |
ProductName | Catapult Fas |
ProductVersion | 1.00 |
OriginalFilename | DYPPEDES.exe |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
Chinese | Taiwan |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 23, 2022 09:59:53.824846983 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:53.824908018 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:53.824995041 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:53.857383966 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:53.857436895 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:53.927762985 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:53.927876949 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:53.929217100 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:53.929311037 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.294559956 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.294617891 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.295152903 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.295238018 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.297903061 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.341873884 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.723521948 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.723632097 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.723675966 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.723715067 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.723761082 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.723784924 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.732975960 CET | 49746 | 443 | 192.168.2.3 | 216.58.205.78 |
Jan 23, 2022 09:59:54.733021021 CET | 443 | 49746 | 216.58.205.78 | 192.168.2.3 |
Jan 23, 2022 09:59:54.793998003 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.794054985 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.794147968 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.794636965 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.794666052 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.868819952 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.868921041 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.869729042 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.869818926 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.965996027 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.966034889 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.966553926 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:54.966857910 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:54.967690945 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.009879112 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.338079929 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.338176966 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.340176105 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.340253115 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.341516972 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.341629982 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.344453096 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.344521999 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.344540119 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.344707012 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.348711014 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.348788977 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.355279922 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.355530024 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.360398054 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.360697985 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.360714912 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.360773087 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.360898018 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.360951900 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.360965967 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.361035109 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.362353086 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.362462044 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.362474918 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.362591028 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.363816977 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.363945007 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.363957882 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.364097118 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.365291119 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.365358114 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.365371943 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.365427017 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.366784096 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.366841078 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.366852999 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.367032051 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.368228912 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.368449926 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.368463993 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.368763924 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.369733095 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.370676041 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.370687962 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.370783091 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.371222019 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.371284962 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.371296883 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.372416019 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.372648001 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.372715950 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.372728109 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.372879028 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.374130964 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.374193907 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.374207973 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.374293089 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.375741959 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.376666069 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.376677990 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.376733065 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.377042055 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.377105951 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.377116919 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.377170086 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.378590107 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.378658056 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.378671885 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.378801107 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.379978895 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.381447077 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.381510019 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.381517887 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.381534100 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.381589890 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.382616997 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.382867098 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.382879019 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.382980108 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.383708954 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.383817911 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.383940935 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.383954048 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.383965969 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.384264946 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.384711981 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.385709047 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.385770082 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.385772943 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.385788918 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.385842085 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.386624098 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.386703014 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.386717081 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.387522936 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.387576103 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.387593031 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.387608051 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.387650013 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.388386965 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.388530016 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.388541937 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.388617992 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.389368057 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.389463902 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.389476061 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.389534950 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.390203953 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.390275002 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.390286922 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.390368938 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.391124964 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.391202927 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.391215086 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.391674042 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.392057896 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.392126083 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.392137051 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.392970085 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.393038034 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.393048048 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.393369913 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.393887043 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.394071102 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.394082069 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.394192934 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.394779921 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.394850016 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.394862890 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.395137072 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.395673037 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.395776987 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.395782948 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.395797968 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.395853996 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.396552086 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.396621943 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.396634102 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.396888971 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.397476912 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.398411036 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.398488045 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.398507118 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.398521900 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.398575068 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.399224043 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.399291039 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.399302959 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.399393082 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.400119066 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.400219917 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.400232077 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.400341988 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.400934935 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.401005983 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.401016951 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.401817083 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.401890993 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.401901960 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.402628899 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.402825117 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.402837992 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.402937889 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.403393030 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.403558016 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.403570890 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.403644085 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.404256105 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.404311895 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.404324055 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.404372931 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.404649973 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.404732943 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.404745102 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.404814959 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.404827118 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.404937029 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.405371904 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.405442953 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.405453920 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.405510902 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.405520916 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.405539036 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.405592918 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.406192064 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.406259060 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.406275034 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.406352997 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.406364918 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.406420946 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.406912088 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.407008886 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.407075882 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.407087088 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.407668114 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.407742023 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.407754898 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.408183098 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.408243895 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.408252001 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.408263922 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.408320904 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.408838987 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.408905029 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.408919096 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.409430981 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.409442902 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.409709930 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.409769058 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.409765959 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.409786940 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.409838915 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.410299063 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.410379887 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.410392046 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.410444021 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.410454988 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.410571098 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.410583973 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.410638094 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.411271095 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.411407948 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.411422968 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.411452055 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.411514997 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.411529064 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.411638021 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.412218094 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.412379026 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.412435055 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.412436962 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.412455082 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.412507057 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.413083076 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413183928 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413249016 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.413264036 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413801908 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413873911 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.413886070 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413903952 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.413959026 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.413971901 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414616108 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414685011 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.414695024 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414757967 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414813995 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.414818048 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414834976 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.414885998 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.415456057 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.415535927 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.415549040 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.415631056 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.415697098 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.415708065 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.415841103 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.416312933 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.416377068 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.416393042 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.416507959 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.416882992 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.416896105 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.417032003 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.417124987 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.417186975 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.417213917 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.417309999 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.417351961 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.417368889 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.417380095 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.417421103 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.417907000 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418035984 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418093920 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418128014 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.418139935 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418162107 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.418210983 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.418728113 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418840885 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418900967 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418910027 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.418922901 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.418977022 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.419503927 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.419608116 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.419667959 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.419672012 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.419702053 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.419770956 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.420047998 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.420121908 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.420150042 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.420247078 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.420303106 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.420366049 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.420384884 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.420397043 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.420442104 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.420981884 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.421091080 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.421118021 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.421196938 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.421222925 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.421247959 CET | 443 | 49748 | 216.58.198.33 | 192.168.2.3 |
Jan 23, 2022 09:59:55.421260118 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Jan 23, 2022 09:59:55.421328068 CET | 49748 | 443 | 192.168.2.3 | 216.58.198.33 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 23, 2022 09:59:53.782345057 CET | 54154 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2022 09:59:53.807755947 CET | 53 | 54154 | 8.8.8.8 | 192.168.2.3 |
Jan 23, 2022 09:59:54.764600039 CET | 53910 | 53 | 192.168.2.3 | 8.8.8.8 |
Jan 23, 2022 09:59:54.791976929 CET | 53 | 53910 | 8.8.8.8 | 192.168.2.3 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 23, 2022 09:59:53.782345057 CET | 192.168.2.3 | 8.8.8.8 | 0xd97e | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 23, 2022 09:59:54.764600039 CET | 192.168.2.3 | 8.8.8.8 | 0xc6c3 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 23, 2022 09:59:53.807755947 CET | 8.8.8.8 | 192.168.2.3 | 0xd97e | No error (0) | 216.58.205.78 | A (IP address) | IN (0x0001) | ||
Jan 23, 2022 09:59:54.791976929 CET | 8.8.8.8 | 192.168.2.3 | 0xc6c3 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Jan 23, 2022 09:59:54.791976929 CET | 8.8.8.8 | 192.168.2.3 | 0xc6c3 | No error (0) | 216.58.198.33 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49746 | 216.58.205.78 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-01-23 08:59:54 UTC | 0 | OUT | |
2022-01-23 08:59:54 UTC | 0 | IN | |
2022-01-23 08:59:54 UTC | 1 | IN | |
2022-01-23 08:59:54 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.3 | 49748 | 216.58.198.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-01-23 08:59:54 UTC | 2 | OUT | |
2022-01-23 08:59:55 UTC | 2 | IN |