Edit tour
Windows
Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.8516.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Telegram RAT
Yara detected AgentTesla
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses the Telegram API (likely for C&C communication)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- SecuriteInfo.com.W32.AIDetect.malware2.8516.exe (PID: 384 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.8516.exe " MD5: 90E91D605FB261FA827093074C0D7178) - CasPol.exe (PID: 6092 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.8516.exe " MD5: 914F728C04D3EDDD5FBA59420E74E56B) - CasPol.exe (PID: 1668 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.8516.exe " MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 2624 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Exfil Mode": "Telegram", "Chat id": "5340613581", "Chat URL": "https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendDocument"}
{"Payload URL": "https://drive.google.com/uc?export=download&id=1o9xcx-d3Bxjd3qTkG604DI9J3fWxwqqB"}
{"C2 url": "https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendMessage"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 3 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 4_2_2098A120 | |
Source: | Code function: | 4_2_2098A118 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00405C49 | |
Source: | Code function: | 1_2_00406873 | |
Source: | Code function: | 1_2_0040290B |
Networking |
---|
Source: | DNS query: |
Source: | URLs: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_004056DE |
Source: | Static PE information: |
Source: | Code function: | 1_2_0040352D |
Source: | Code function: | 1_2_0040755C | |
Source: | Code function: | 1_2_00406D85 | |
Source: | Code function: | 1_2_71751BFF | |
Source: | Code function: | 1_2_02A164A5 | |
Source: | Code function: | 1_2_02A15C99 | |
Source: | Code function: | 1_2_02A2366D | |
Source: | Code function: | 1_2_02A173FA | |
Source: | Code function: | 1_2_02A155C1 | |
Source: | Code function: | 1_2_02A24F24 | |
Source: | Code function: | 1_2_02A254A6 | |
Source: | Code function: | 1_2_02A186A5 | |
Source: | Code function: | 1_2_02A19A80 | |
Source: | Code function: | 1_2_02A18C91 | |
Source: | Code function: | 1_2_02A18C97 | |
Source: | Code function: | 1_2_02A1A0ED | |
Source: | Code function: | 1_2_02A20EF4 | |
Source: | Code function: | 1_2_02A1A2C3 | |
Source: | Code function: | 1_2_02A19AD4 | |
Source: | Code function: | 1_2_02A174DA | |
Source: | Code function: | 1_2_02A1D4DC | |
Source: | Code function: | 1_2_02A2483A | |
Source: | Code function: | 1_2_02A18238 | |
Source: | Code function: | 1_2_02A1A03D | |
Source: | Code function: | 1_2_02A1A207 | |
Source: | Code function: | 1_2_02A1480F | |
Source: | Code function: | 1_2_02A21010 | |
Source: | Code function: | 1_2_02A1A41D | |
Source: | Code function: | 1_2_02A17C64 | |
Source: | Code function: | 1_2_02A1946F | |
Source: | Code function: | 1_2_02A1A473 | |
Source: | Code function: | 1_2_02A1A07C | |
Source: | Code function: | 1_2_02A19A49 | |
Source: | Code function: | 1_2_02A1885D | |
Source: | Code function: | 1_2_02A25BA4 | |
Source: | Code function: | 1_2_02A25FB7 | |
Source: | Code function: | 1_2_02A193B9 | |
Source: | Code function: | 1_2_02A1CD83 | |
Source: | Code function: | 1_2_02A1DB87 | |
Source: | Code function: | 1_2_02A1A38F | |
Source: | Code function: | 1_2_02A18B93 | |
Source: | Code function: | 1_2_02A1A19B | |
Source: | Code function: | 1_2_02A147E3 | |
Source: | Code function: | 1_2_02A189E5 | |
Source: | Code function: | 1_2_02A18BF7 | |
Source: | Code function: | 1_2_02A199C9 | |
Source: | Code function: | 1_2_02A187DD | |
Source: | Code function: | 1_2_02A1A528 | |
Source: | Code function: | 1_2_02A18B2D | |
Source: | Code function: | 1_2_02A24301 | |
Source: | Code function: | 1_2_02A25904 | |
Source: | Code function: | 1_2_02A1A50E | |
Source: | Code function: | 1_2_02A18715 | |
Source: | Code function: | 1_2_02A1896D | |
Source: | Code function: | 1_2_02A28153 | |
Source: | Code function: | 1_2_02A17756 | |
Source: | Code function: | 4_2_1D826B62 | |
Source: | Code function: | 4_2_1D82A160 | |
Source: | Code function: | 4_2_1D829890 | |
Source: | Code function: | 4_2_1D829548 | |
Source: | Code function: | 4_2_20980040 | |
Source: | Code function: | 4_2_20986078 | |
Source: | Code function: | 4_2_2098DA18 | |
Source: | Code function: | 4_2_20985E58 | |
Source: | Code function: | 4_2_20987250 | |
Source: | Code function: | 4_2_209ECD08 | |
Source: | Code function: | 4_2_209E1070 | |
Source: | Code function: | 4_2_209EDFF4 |
Source: | Code function: |
Source: | Code function: | 1_2_02A274BD | |
Source: | Code function: | 1_2_02A26F81 | |
Source: | Code function: | 1_2_02A24F24 |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040352D |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_004021AA |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_0040498A |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_717530EE | |
Source: | Code function: | 1_2_02A1AAE8 | |
Source: | Code function: | 1_2_02A14D48 | |
Source: | Code function: | 1_2_02A1B63F | |
Source: | Code function: | 1_2_02A1B262 | |
Source: | Code function: | 1_2_02A14D48 | |
Source: | Code function: | 1_2_02A16328 | |
Source: | Code function: | 1_2_02A158A7 | |
Source: | Code function: | 1_2_02A14D48 | |
Source: | Code function: | 1_2_02A15F54 | |
Source: | Code function: | 4_2_01113DD9 | |
Source: | Code function: | 4_2_01113DFB |
Source: | Code function: | 1_2_71751BFF |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 1_2_02A198A0 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00405C49 | |
Source: | Code function: | 1_2_00406873 | |
Source: | Code function: | 1_2_0040290B |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_1-12401 | ||
Source: | API call chain: | graph_1-12244 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_71751BFF |
Source: | Code function: | 1_2_02A198A0 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_02A186A5 | |
Source: | Code function: | 1_2_02A24AAA | |
Source: | Code function: | 1_2_02A1D4DC | |
Source: | Code function: | 1_2_02A20E4B | |
Source: | Code function: | 1_2_02A241B0 | |
Source: | Code function: | 1_2_02A25FB7 | |
Source: | Code function: | 1_2_02A1CD83 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_00405C49 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040352D |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Web Service | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Credentials in Registry | 117 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 111 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 331 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 21 Encrypted Channel | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 3 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 241 Virtualization/Sandbox Evasion | LSA Secrets | 241 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 114 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Access Token Manipulation | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 111 Process Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
7% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Metadefender | Browse | ||
0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 216.58.212.142 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.33 | true | false | high | |
doc-04-bk-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
216.58.212.142 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 625379 |
Start date and time: 12/05/202217:05:34 | 2022-05-12 17:05:34 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 25s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.W32.AIDetect.malware2.8516.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/4@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 51.105.236.244
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
17:08:11 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
api.telegram.org | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsz5764.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164654 |
Entropy (8bit): | 7.328477148984372 |
Encrypted: | false |
SSDEEP: | 3072:0OjNBC83H7WOOnQkvcWeC4tQMrbfGPmSIiWj1KYOcvH:0OjjCmH7bOnQkvczC4tjGOSIii1pOc/ |
MD5: | 4F4AB714DFE3298940A65606E9D71F3D |
SHA1: | ACAA9B62D1E2245695F551374C3B529AF49D378D |
SHA-256: | B9E09B4CE4FD0A5A9AF776CD64CDAD0C1B06FDA01B479E93B9B202B9F2927F4B |
SHA-512: | 921B8C6651FABFA684E911A83439AC43D389F451B07430FF3F98CCD4E7616251C9835B1666039E506B7DABC0FE53EA388B7E0E42FE94D90E70690423838E987E |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 876 |
Entropy (8bit): | 2.973407432553269 |
Encrypted: | false |
SSDEEP: | 12:8gl0URsXUCV/tz+7RafgKDNwpZlEg/rNJkKAh4t2YCBTo8:84+raRMgKKXy45HALJT |
MD5: | 7D6897C6C92B6D01EE66251C99676F53 |
SHA1: | B6FB27DA4E0570E15E6F0649F3BB51BCE7513333 |
SHA-256: | B7C61310744BC6551E039639E78490EA1C0C39EDE8D501B7F558FF77AE531DB2 |
SHA-512: | 974FAD1FF6D3150830EA036DC7FEDF514ECC5E9CC200D59311C7FD547F52FD2DACEB4D9CC22A9E9DF1DF8392A8E36499EF309193CE169643B705BB728650DDFC |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.8516.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.554007831073136 |
TrID: |
|
File name: | SecuriteInfo.com.W32.AIDetect.malware2.8516.exe |
File size: | 253128 |
MD5: | 90e91d605fb261fa827093074c0d7178 |
SHA1: | 1737b52ca846659954692ac55235addf749e405b |
SHA256: | 4700f996868b461bae3a5b57efcd8719169d0c9acb400fa77d6a36787b37b0e1 |
SHA512: | e637de93126346d108bd7d7dbda163d2dd492be4645d6bd7e9f7d6af63de094d4839581009ea55b3387aaec8b74311d86f17332246d42e7418eba4b243a3d6cd |
SSDEEP: | 6144:qbE/HUKlmkDdr0OjjCmH7FOnQkvWqYlKPwjH25:qboFJHuc7FivWqNPwj25 |
TLSH: | C234D01E3661C0EAF88883751B3A9B0B2A9FBC07138219573771B7785B352D3D91E9D8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 8803969c49c2c3c0 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Signature Valid: | false |
Signature Issuer: | CN="gedske Bladring2 Germinates4 ", O=overcull, L=Sucy-en-Brie, S=ÃŽle-de-France, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | D0ACA7F1FD1382B9C35DFC16B627DDFD |
Thumbprint SHA-1: | BDE2B99E0FDE745B68290E3A60150DFA90A8EE08 |
Thumbprint SHA-256: | EFD99FBE0F355D7F5157F6E6BC35D3ABB4549B7B947F6131A6F6EAFE73957876 |
Serial: | 4F99C01EF8C999C6 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F06EC98AE6Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F06EC98AE3Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x68000 | 0x139f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x3d650 | 0x678 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x36000 | 0x32000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x68000 | 0x139f8 | 0x13a00 | False | 0.570984275478 | data | 6.55035103954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x68358 | 0x8592 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x708f0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 1056964863 | English | United States |
RT_ICON | 0x74b18 | 0x25a8 | data | English | United States |
RT_ICON | 0x770c0 | 0x1a68 | data | English | United States |
RT_ICON | 0x78b28 | 0x10a8 | data | English | United States |
RT_ICON | 0x79bd0 | 0x988 | data | English | United States |
RT_ICON | 0x7a558 | 0x6b8 | data | English | United States |
RT_ICON | 0x7ac10 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x7b078 | 0x100 | data | English | United States |
RT_DIALOG | 0x7b178 | 0x11c | data | English | United States |
RT_DIALOG | 0x7b298 | 0xc4 | data | English | United States |
RT_DIALOG | 0x7b360 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x7b3c0 | 0x76 | data | English | United States |
RT_VERSION | 0x7b438 | 0x280 | data | English | United States |
RT_MANIFEST | 0x7b6b8 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | Schenklensc |
FileVersion | 24.1.20 |
CompanyName | Lipoclasisbi233 |
LegalTrademarks | Theophilanthro36 |
Comments | Noteform |
ProductName | Beignetdeje162 |
FileDescription | Guatemalan |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2022 17:08:06.985682964 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:06.985697031 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:06.985865116 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.000713110 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.000720978 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.052258968 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.052530050 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.055279970 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.055516005 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.173767090 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.173855066 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.174623013 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.174813986 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.179724932 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.222650051 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.555120945 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.555285931 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.555357933 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.555440903 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.556870937 CEST | 49750 | 443 | 192.168.11.20 | 216.58.212.142 |
May 12, 2022 17:08:07.556922913 CEST | 443 | 49750 | 216.58.212.142 | 192.168.11.20 |
May 12, 2022 17:08:07.729964972 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.730045080 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.730211973 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.730851889 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.730914116 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.783987999 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.784248114 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.785986900 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.786232948 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.792088985 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.792126894 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.792494059 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.792654991 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.792931080 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.834543943 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.994059086 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.994314909 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.994376898 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.994415998 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.994653940 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.994882107 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.995098114 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.996326923 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.996593952 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.996649981 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.996895075 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.996951103 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.997155905 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:07.997199059 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:07.997450113 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.001679897 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.001920938 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.001945019 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.001979113 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.002129078 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.002161026 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.002183914 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.002355099 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.002687931 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.002943039 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.002999067 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.003235102 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.003407955 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.003659964 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.003715992 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.003926992 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.004195929 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.004405975 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.004451990 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.004652977 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.004772902 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.005026102 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.005067110 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.005208969 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.005376101 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.005584002 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.005623102 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.005816936 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.005971909 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.006176949 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.006216049 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.006413937 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.006438971 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.006684065 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.007102966 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.007311106 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.007359982 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.007590055 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.007638931 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.007838011 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.007927895 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.008131981 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.008173943 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.008371115 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.008405924 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.008605003 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.008657932 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.008683920 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.008878946 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.008908033 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.008933067 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.009078026 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.009109020 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.009265900 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.009315968 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.009545088 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.009582996 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.009763956 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.009814978 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.010122061 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.010170937 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.010380030 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.010499954 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.010535955 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.010560989 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.010735035 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.010791063 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.010972977 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.011013031 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.011214972 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.011311054 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.011346102 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.011363029 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.011543036 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.011588097 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.011778116 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.011801958 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.011823893 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012069941 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012093067 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.012115955 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012291908 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.012326956 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012604952 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012672901 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.012701988 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.012845039 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013024092 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013056040 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.013262987 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013302088 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.013461113 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.013598919 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013617992 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.013636112 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.013645887 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013873100 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.013914108 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014131069 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014152050 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014173031 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014379978 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014427900 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014447927 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014647007 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014662981 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014691114 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.014821053 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014842987 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.014861107 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015106916 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015153885 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.015178919 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015348911 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.015377045 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.015397072 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015585899 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015691996 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.015727043 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.015734911 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.015902042 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016011953 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016043901 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016051054 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016185999 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016215086 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016231060 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016380072 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016408920 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016500950 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016742945 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016805887 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016843081 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.016974926 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.016999960 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017019033 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017298937 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017333031 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017355919 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017553091 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017591953 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017750978 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017777920 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017795086 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.017936945 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017961025 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.017978907 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.018222094 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.018326998 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.018363953 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.018373013 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.018556118 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.018588066 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.018609047 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.018785954 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.018815041 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.018841982 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019069910 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019103050 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019124031 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019263029 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019284010 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019303083 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019522905 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019632101 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019665003 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019671917 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019834995 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019952059 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.019984007 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.019992113 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.020143032 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.020306110 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.020349026 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.020359039 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.020559072 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.020688057 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.020705938 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.020720005 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.020737886 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.020987034 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.021001101 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021012068 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021037102 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.021192074 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021224022 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.021385908 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021425009 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.021656990 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021684885 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.021830082 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.021856070 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022008896 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022038937 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022182941 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022213936 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022412062 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022449970 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022739887 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022768021 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022793055 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.022947073 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022964954 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.022994041 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.023169994 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.023199081 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.023361921 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.023391008 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.023627043 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.023699999 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.023737907 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.023935080 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.023960114 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.023977995 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.024163008 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.024318933 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.024349928 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.024358034 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.024606943 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.024636984 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.024658918 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.024825096 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.024863958 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025132895 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025150061 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.025171995 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025311947 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.025332928 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.025363922 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025536060 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.025578022 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025782108 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025888920 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.025927067 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.025938034 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026106119 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.026241064 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026274920 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.026283026 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026566029 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.026626110 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026663065 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.026783943 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026812077 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.026839018 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027045012 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027154922 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.027189016 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027196884 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.027379036 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027460098 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.027498007 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027618885 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.027647972 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.027671099 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027852058 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.027971983 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028004885 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028012037 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028165102 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028201103 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028223991 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028393984 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028424025 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028445959 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028599024 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028633118 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028776884 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.028812885 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028831005 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.028997898 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.029028893 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.029055119 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029247999 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029261112 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.029294014 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029524088 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.029558897 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029707909 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029894114 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.029934883 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.029943943 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030122042 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.030211926 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030249119 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.030397892 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030422926 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030441999 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.030611038 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030643940 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.030670881 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.030807018 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.030852079 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031003952 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031018019 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031030893 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031213045 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031239986 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031248093 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031263113 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031327009 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031451941 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031471014 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031650066 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031686068 CEST | 443 | 49751 | 142.250.186.33 | 192.168.11.20 |
May 12, 2022 17:08:08.031691074 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:08.031821966 CEST | 49751 | 443 | 192.168.11.20 | 142.250.186.33 |
May 12, 2022 17:08:21.296771049 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.296853065 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.297009945 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.300067902 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.300128937 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.351430893 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.351794004 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.354172945 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.354181051 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.354370117 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.370811939 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.414474964 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.477791071 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.478823900 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.478832006 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.781013966 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.781189919 CEST | 443 | 49753 | 149.154.167.220 | 192.168.11.20 |
May 12, 2022 17:08:21.781439066 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
May 12, 2022 17:08:21.783957005 CEST | 49753 | 443 | 192.168.11.20 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 12, 2022 17:08:06.964818954 CEST | 51882 | 53 | 192.168.11.20 | 1.1.1.1 |
May 12, 2022 17:08:06.972877979 CEST | 53 | 51882 | 1.1.1.1 | 192.168.11.20 |
May 12, 2022 17:08:07.681979895 CEST | 50071 | 53 | 192.168.11.20 | 1.1.1.1 |
May 12, 2022 17:08:07.727734089 CEST | 53 | 50071 | 1.1.1.1 | 192.168.11.20 |
May 12, 2022 17:08:21.281043053 CEST | 57911 | 53 | 192.168.11.20 | 1.1.1.1 |
May 12, 2022 17:08:21.289874077 CEST | 53 | 57911 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 12, 2022 17:08:06.964818954 CEST | 192.168.11.20 | 1.1.1.1 | 0x59c7 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2022 17:08:07.681979895 CEST | 192.168.11.20 | 1.1.1.1 | 0xf6b5 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 12, 2022 17:08:21.281043053 CEST | 192.168.11.20 | 1.1.1.1 | 0xf8e8 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 12, 2022 17:08:06.972877979 CEST | 1.1.1.1 | 192.168.11.20 | 0x59c7 | No error (0) | 216.58.212.142 | A (IP address) | IN (0x0001) | ||
May 12, 2022 17:08:07.727734089 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b5 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
May 12, 2022 17:08:07.727734089 CEST | 1.1.1.1 | 192.168.11.20 | 0xf6b5 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | ||
May 12, 2022 17:08:21.289874077 CEST | 1.1.1.1 | 192.168.11.20 | 0xf8e8 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49750 | 216.58.212.142 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-12 15:08:07 UTC | 0 | OUT | |
2022-05-12 15:08:07 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49751 | 142.250.186.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-12 15:08:07 UTC | 1 | OUT | |
2022-05-12 15:08:07 UTC | 1 | IN |