Edit tour
Windows
Analysis Report
SecuriteInfo.com.W32.AIDetect.malware2.14840.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Telegram RAT
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses the Telegram API (likely for C&C communication)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Contains functionality to detect virtual machines (SLDT)
PE / OLE file has an invalid certificate
PE file contains more sections than normal
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- SecuriteInfo.com.W32.AIDetect.malware2.14840.exe (PID: 4988 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.14840.ex e" MD5: 8E65AA602E3462BDF442E120DE03C288) - CasPol.exe (PID: 7104 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. W32.AIDete ct.malware 2.14840.ex e" MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 8912 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Exfil Mode": "Telegram", "Chat id": "5340613581", "Chat URL": "https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendDocument"}
{"Payload URL": "https://drive.google.com/uc?export=download&id=1vUA76KuM-Po8Zfqr_hfMdqzy6bH2CSuv"}
{"C2 url": "https://api.telegram.org/bot5362707045:AAGBjkYF97cvI4xaEhJ1OrouiqS3umCPqqA/sendMessage"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
Click to see the 3 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Code function: | 9_2_20569BAC | |
Source: | Code function: | 9_2_2056A118 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00405C49 | |
Source: | Code function: | 1_2_00406873 | |
Source: | Code function: | 1_2_0040290B |
Networking |
---|
Source: | DNS query: |
Source: | URLs: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_004056DE |
Source: | Static PE information: |
Source: | Code function: | 1_2_0040352D |
Source: | Code function: | 1_2_0040755C | |
Source: | Code function: | 1_2_00406D85 | |
Source: | Code function: | 1_2_6EC91BFF | |
Source: | Code function: | 1_2_02AB4FDB | |
Source: | Code function: | 1_2_02AA6AD3 | |
Source: | Code function: | 1_2_02AA6A3F | |
Source: | Code function: | 1_2_02AA8247 | |
Source: | Code function: | 1_2_02AA6BA3 | |
Source: | Code function: | 1_2_02AA83DF | |
Source: | Code function: | 1_2_02AAD09F | |
Source: | Code function: | 1_2_02AB48E5 | |
Source: | Code function: | 1_2_02AB787F | |
Source: | Code function: | 1_2_02AA8872 | |
Source: | Code function: | 1_2_02AA884F | |
Source: | Code function: | 1_2_02AA6993 | |
Source: | Code function: | 1_2_02AA81F3 | |
Source: | Code function: | 1_2_02AA692A | |
Source: | Code function: | 1_2_02AA4697 | |
Source: | Code function: | 1_2_02AA86DF | |
Source: | Code function: | 1_2_02AB5ED3 | |
Source: | Code function: | 1_2_02AA8617 | |
Source: | Code function: | 1_2_02AA973A | |
Source: | Code function: | 1_2_02AB4F39 | |
Source: | Code function: | 1_2_02AA6762 | |
Source: | Code function: | 1_2_02AA9777 | |
Source: | Code function: | 1_2_02AA84A3 | |
Source: | Code function: | 1_2_02AB54B7 | |
Source: | Code function: | 1_2_02AB44F1 | |
Source: | Code function: | 1_2_02AB5C69 | |
Source: | Code function: | 1_2_02AA8553 | |
Source: | Code function: | 9_2_00B3CCC0 | |
Source: | Code function: | 9_2_00B33C40 | |
Source: | Code function: | 9_2_00B32EF0 | |
Source: | Code function: | 9_2_00B3EA28 | |
Source: | Code function: | 9_2_00B3E262 | |
Source: | Code function: | 9_2_00B363D0 | |
Source: | Code function: | 9_2_1D369890 | |
Source: | Code function: | 9_2_1D36A160 | |
Source: | Code function: | 9_2_1D369548 | |
Source: | Code function: | 9_2_2052F03F | |
Source: | Code function: | 9_2_2052B8D8 | |
Source: | Code function: | 9_2_2052B493 | |
Source: | Code function: | 9_2_205258B8 | |
Source: | Code function: | 9_2_20528755 | |
Source: | Code function: | 9_2_20521B60 | |
Source: | Code function: | 9_2_205212B0 | |
Source: | Code function: | 9_2_20560040 | |
Source: | Code function: | 9_2_20566078 | |
Source: | Code function: | 9_2_205671B0 | |
Source: | Code function: | 9_2_2056DA18 |
Source: | Code function: |
Source: | Code function: | 1_2_02AB6EDF | |
Source: | Code function: | 1_2_02AB4FDB | |
Source: | Code function: | 1_2_02AB7420 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040352D |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_004021AA |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_0040498A |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_6EC930EE | |
Source: | Code function: | 1_2_02AA6AAA | |
Source: | Code function: | 1_2_02AA92AA | |
Source: | Code function: | 1_2_02AA5AAE | |
Source: | Code function: | 1_2_02AA9AA2 | |
Source: | Code function: | 1_2_02AA72A6 | |
Source: | Code function: | 1_2_02AA5ABA | |
Source: | Code function: | 1_2_02AA82BE | |
Source: | Code function: | 1_2_02AA72B2 | |
Source: | Code function: | 1_2_02AA6AB6 | |
Source: | Code function: | 1_2_02AA92B6 | |
Source: | Code function: | 1_2_02AA9A8A | |
Source: | Code function: | 1_2_02AA7282 | |
Source: | Code function: | 1_2_02AA9A96 | |
Source: | Code function: | 1_2_02AA82EE | |
Source: | Code function: | 1_2_02AA9AEE | |
Source: | Code function: | 1_2_02AA82E2 | |
Source: | Code function: | 1_2_02AA9AE2 | |
Source: | Code function: | 1_2_02AA92E6 | |
Source: | Code function: | 1_2_02AA82FA | |
Source: | Code function: | 1_2_02AA9AFA | |
Source: | Code function: | 1_2_02AA92FE | |
Source: | Code function: | 1_2_02AA92F2 | |
Source: | Code function: | 1_2_02AA82CA | |
Source: | Code function: | 1_2_02AA9ACA | |
Source: | Code function: | 1_2_02AA6ACE | |
Source: | Code function: | 1_2_02AA92CE | |
Source: | Code function: | 1_2_02AA6AC2 | |
Source: | Code function: | 1_2_02AA92C2 | |
Source: | Code function: | 1_2_02AA5AC6 | |
Source: | Code function: | 1_2_02AA92DA |
Source: | Static PE information: |
Source: | Code function: | 1_2_6EC91BFF |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 1_2_02AA9A5D |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Code function: | 9_2_1D360C40 |
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_00405C49 | |
Source: | Code function: | 1_2_00406873 | |
Source: | Code function: | 1_2_0040290B |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_1-8321 | ||
Source: | API call chain: | graph_1-8477 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Code function: | 1_2_6EC91BFF |
Source: | Code function: | 1_2_02AA9A5D |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_02AB4B1D | |
Source: | Code function: | 1_2_02AAD09F | |
Source: | Code function: | 1_2_02AA81F3 | |
Source: | Code function: | 1_2_02AB4178 | |
Source: | Code function: | 1_2_02AB5ED3 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 9_2_00B3C170 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_0040352D |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Web Service | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Deobfuscate/Decode Files or Information | 1 Credentials in Registry | 117 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 111 Process Injection | 2 Obfuscated Files or Information | Security Account Manager | 431 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 21 Encrypted Channel | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Timestomp | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 3 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 DLL Side-Loading | LSA Secrets | 351 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 114 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 351 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
9% | Virustotal | Browse | ||
7% | ReversingLabs |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs | |||
3% | Metadefender | Browse | ||
0% | ReversingLabs | |||
0% | Metadefender | Browse | ||
0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.185.142 | true | false | high | |
api.telegram.org | 149.154.167.220 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.225 | true | false | high | |
doc-00-0k-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
149.154.167.220 | api.telegram.org | United Kingdom | 62041 | TELEGRAMRU | false | |
142.250.185.142 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.185.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 634233 |
Start date and time: 25/05/202218:57:17 | 2022-05-25 18:57:17 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 23 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/7@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 51.105.236.244, 51.124.57.242
- Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, client.wns.windows.com, wdcpalt.microsoft.com, wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, wdcp.microsoft.com, arc.msn.com, wd-prod-cp.trafficmanager.net, wd-prod-cp-eu-west-3-fe.westeurope.cloudapp.azure.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
18:59:56 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
149.154.167.220 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
api.telegram.org | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TELEGRAMRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\System.Globalization.dll | Get hash | malicious | Browse | ||
C:\Users\user\AppData\Local\Temp\libpixbufloader-bmp.dll | Get hash | malicious | Browse | ||
C:\Users\user\AppData\Local\Temp\nsu4A9F.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164539 |
Entropy (8bit): | 7.412817745684699 |
Encrypted: | false |
SSDEEP: | 3072:NOAO6U0WsWvNLiTKrpf0VurfkHo2LYd0vT2jz0SJCnLt:NOAO6nWsWv8mrpKub6vTm0SJCt |
MD5: | 873C6A10D7FC2AC0B86742B69A1C1439 |
SHA1: | D68AB3D5AC51D9929DB03FEBB446826446E49640 |
SHA-256: | 6B52216656616495A8ECB92553E9A91D0A0F213DF2F4588A994C9F2542649D5D |
SHA-512: | C69D38574155ED04B80F05992A150FD6DE5A26C8E289B20929AB043FE25E741FBD327136D6BEF51D906EF6D25676A422E7E59B2C02CB0E261D774A2E8549780C |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14952 |
Entropy (8bit): | 6.576305662067815 |
Encrypted: | false |
SSDEEP: | 384:B7nQxA2lRLWdRZRA0RHWqlm/uPHRN7+I+X3LlqM:BnQxh0vAuzlaMZq |
MD5: | 0925DD700F36F57E07A183E17BB5FB38 |
SHA1: | 9F82120AC1E2180EE72502E1748552E561955718 |
SHA-256: | DF039D2B69DE6ECF73B83088EF69D1BB00423BFB37246AEB17BAB9ECAE4B41DC |
SHA-512: | EF0BEBA3F2081AA75811E470F668932FC26FAA590792ADE4C182159FD9AD8EAF15207E615656340AE1973C1D1B8F0C6C5F096D9CE9D86634A854B868BA6EE157 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 671 |
Entropy (8bit): | 4.5532438860480635 |
Encrypted: | false |
SSDEEP: | 12:TMHdPnnl/nu3tlnrOVNkoQUfv3WlzEHV5MqkybgbbOk0m2uMyy1TawWlM:2dPnnxu3tlrkn3d15qyRk0m2byy1zN |
MD5: | E42AEFBB96BD09646E214087DB0F5214 |
SHA1: | 372996F6719F9ABB450BDE07788B634CF6B5B850 |
SHA-256: | C50EB85125B880FC460F171930DC3BE08E911D015A4CF5515B48BAE71FE74C95 |
SHA-512: | 8BBDC25E6B0619ADA4F07AE21C452C4848C912ACFCA04052234F71143C6745087F8CB90A480F562FDF8FC754CAAE44872B1C9CCD527B86531C3988A6CF3C137B |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24693 |
Entropy (8bit): | 5.3758369862094195 |
Encrypted: | false |
SSDEEP: | 384:Lgzt9vfDs+UH7rtF2Xu3d/FzZphz8GJPJOsHtXXXXXXXXXXXXXXmyatIvwrKOAMM:Lgt9vbctcXu3BFpAGJPJ/H8y0Dbx2 |
MD5: | E3B0FE154060A55B0163C61017032D34 |
SHA1: | 00B3217C02B7436E14DC5138C51D43CD55408F2C |
SHA-256: | A39234BC4EA6DBAC3AF8DF80DABF71A6391E26B360EFA8E5300C48045E0745BB |
SHA-512: | 0A860B02788FDC85467D73278AF7C4D470683A2562D2834F738EF7BC587004914E23BDE66967EB237D330D4090D21A596435501CFBCCF0DBE822088AE7C8EFC1 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36680 |
Entropy (8bit): | 6.252458662670119 |
Encrypted: | false |
SSDEEP: | 768:oZ7h6GETAVEi++Q2SvvT6VzAqq4ZqECsIgpyu:oZ7DG3x2S2VzAqqDQ |
MD5: | C19BC1A54B8EA1FD0241B4A8827851B8 |
SHA1: | 5F3B45C5F073D3583C6D70765D7B392554D4431C |
SHA-256: | 6DB75FDC6CBB380EE2644AE09F57378C761568B10912DB6BAA069F0FBF482F1A |
SHA-512: | 03F88F279B2E778BF68A34BF45E0E6D8DDA48D0E7B0077E953F3BAC6F169628A20786A9A9E2B1CA2E3E588D989CC9971336EA5B526058BCF535FBA0837A4720E |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.646655359857421 |
TrID: |
|
File name: | SecuriteInfo.com.W32.AIDetect.malware2.14840.exe |
File size: | 297808 |
MD5: | 8e65aa602e3462bdf442e120de03c288 |
SHA1: | 521e883c2f2b1887607a0b52ca80fb31b75e90bb |
SHA256: | 629eec3e42ca187bc062a9619a1d5425489d3fed51617f5327db19dac678bf55 |
SHA512: | ebb374f383b52435f57c01f1fdab81e6abf4d399c39adf020eca5712287bd24641e14d616073e789ed8f26ecae71898c15b9c60f88b1b6ec60547a0d7de22030 |
SSDEEP: | 6144:RbE/HUVlmkD65OAO6nWsWv8mrpKuapH8UBu45Wb8yjKXYIle4XOK:RbrF25OXwW/VpNslT5cyYX2 |
TLSH: | 3254E11E3611C4A9F88583716B369B0B19EF785321A2150737B1B7B8AB347D3CE0E9D9 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 8803969c49c2c3c0 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Signature Valid: | false |
Signature Issuer: | CN="Reclassifies7 ISAFKLER Skytlernes1 Nontransmittance7 ", O=Platinblond2, L=Fontrailles, S=Occitanie, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 7C5EE4A7489EB52BFCC1D14A73BFAE45 |
Thumbprint SHA-1: | 6D03ED65E8B7EC2E4C3DE4C8BB847D189FD77CC1 |
Thumbprint SHA-256: | DD5B57301EC1C191E330DBA4448D84429D79DE37A8842CB212D60B164E88C565 |
Serial: | 9B2D91B94F13AFE4 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007F307CC0756Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007F307CC0753Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x73000 | 0x139c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x46fa0 | 0x1bb0 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.666126179245 | data | 6.45839821493 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.439275568182 | data | 5.02410928126 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210409 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.ndata | 0x36000 | 0x3d000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x73000 | 0x139c8 | 0x13a00 | False | 0.570635947452 | data | 6.54860764627 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x73358 | 0x8592 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x7b8f0 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 1056964863 | English | United States |
RT_ICON | 0x7fb18 | 0x25a8 | data | English | United States |
RT_ICON | 0x820c0 | 0x1a68 | data | English | United States |
RT_ICON | 0x83b28 | 0x10a8 | data | English | United States |
RT_ICON | 0x84bd0 | 0x988 | data | English | United States |
RT_ICON | 0x85558 | 0x6b8 | data | English | United States |
RT_ICON | 0x85c10 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x86078 | 0x100 | data | English | United States |
RT_DIALOG | 0x86178 | 0x11c | data | English | United States |
RT_DIALOG | 0x86298 | 0xc4 | data | English | United States |
RT_DIALOG | 0x86360 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x863c0 | 0x76 | data | English | United States |
RT_VERSION | 0x86438 | 0x250 | data | English | United States |
RT_MANIFEST | 0x86688 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Description | Data |
---|---|
LegalCopyright | EROTOMA |
FileVersion | 21.30.5 |
CompanyName | Academica |
LegalTrademarks | deadmarshese |
Comments | UNLI |
ProductName | Proce |
FileDescription | Tierenagoniz77 |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 25, 2022 18:59:52.268250942 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.268340111 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.268588066 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.287506104 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.287565947 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.337505102 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.337652922 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.337694883 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.340498924 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.340790987 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.458904028 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.458956003 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.459588051 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.459892035 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.465871096 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.506551981 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.841450930 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.841628075 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.841701984 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.841856003 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.841892004 CEST | 443 | 49762 | 142.250.185.142 | 192.168.11.20 |
May 25, 2022 18:59:52.841942072 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.841995001 CEST | 49762 | 443 | 192.168.11.20 | 142.250.185.142 |
May 25, 2022 18:59:52.966130972 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:52.966207981 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:52.966342926 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:52.966875076 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:52.966929913 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.018569946 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.018820047 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.020560980 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.020911932 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.024835110 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.024852037 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.025201082 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.025391102 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.025716066 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.066528082 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.252772093 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.253040075 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.253485918 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.253870010 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.254061937 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.254373074 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.255336046 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.255552053 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.255589962 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.255798101 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.256059885 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.256310940 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.256357908 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.256556988 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.260224104 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.260421991 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.260513067 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.260751009 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.260798931 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.260832071 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.261136055 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.261183023 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.261497021 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.261545897 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.261786938 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.261940956 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.262098074 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.262136936 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.262310982 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.262451887 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.262600899 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.262651920 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.262799025 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.263072014 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.263217926 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.263250113 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.263437033 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.263811111 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.263963938 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.263999939 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.264177084 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.264471054 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.264617920 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.264653921 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.264826059 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.264848948 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.265028954 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.265327930 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.265618086 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.265667915 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.265695095 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.265959024 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.265991926 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.266280890 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.266372919 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.266613960 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.266644001 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.266866922 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.266928911 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.266957998 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.267059088 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.267133951 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.267158985 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.267307997 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.267348051 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.267610073 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.267659903 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.267920971 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.267959118 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.268126965 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.268168926 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.268318892 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.268352985 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.268507004 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.268640995 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.268802881 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.268842936 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.268992901 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269031048 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.269186020 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.269222975 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269247055 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.269340038 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269387960 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269505024 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.269651890 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269682884 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.269864082 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.269903898 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270052910 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.270085096 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270215034 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.270246983 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270263910 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270510912 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.270545006 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270684004 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.270728111 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.270870924 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.270900965 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.271044016 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.271071911 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.271222115 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.271251917 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.271466017 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.271476030 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.271502972 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.271681070 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.271779060 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.271801949 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272032022 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.272068977 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272279024 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272320032 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.272342920 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272448063 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.272547007 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.272583008 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272753000 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.272789001 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.272806883 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273005009 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273092985 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273119926 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273266077 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273291111 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273309946 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273410082 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273433924 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273489952 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273654938 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273694992 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.273843050 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.273879051 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274030924 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.274055004 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274072886 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274202108 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.274235010 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274383068 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.274411917 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274563074 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.274595022 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274770021 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.274811029 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.274966955 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275003910 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275208950 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275244951 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275266886 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275407076 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275437117 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275588036 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275629997 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275777102 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275815964 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.275966883 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.275998116 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276015043 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276212931 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.276232004 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.276252985 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276396990 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.276437044 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276640892 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276695013 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.276732922 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.276792049 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.277009964 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.277029037 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277046919 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277190924 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.277215004 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.277232885 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277532101 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.277580976 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277596951 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277930975 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.277992010 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.278028011 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.278300047 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.278331995 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.278354883 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.278484106 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.278515100 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.278711081 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.278770924 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.278935909 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.278964996 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279115915 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279143095 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279350042 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279391050 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279547930 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279575109 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279727936 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279743910 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279762030 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.279871941 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279897928 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.279943943 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280087948 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.280133009 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280303955 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.280333042 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280484915 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.280524969 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280702114 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.280721903 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280740023 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.280879021 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.280909061 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.281059980 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.281122923 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.281266928 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.281311989 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.281455994 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.281486034 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.281672955 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.281709909 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.281887054 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.281907082 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282051086 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282082081 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282299995 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282330036 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282494068 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282522917 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282704115 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282726049 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282752037 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.282841921 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282921076 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.282948017 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283227921 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.283267021 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283302069 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283560038 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283689976 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283724070 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.283747911 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.283884048 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.283912897 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284166098 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284238100 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.284275055 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284490108 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284579992 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.284617901 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284704924 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.284817934 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284837961 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.284857988 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.284975052 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285006046 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285218000 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285250902 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285398006 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285417080 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285434008 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285581112 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285603046 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285621881 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285765886 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285798073 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.285955906 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.285995007 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286159992 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286180019 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286201000 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286314964 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286330938 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286364079 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286514044 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286547899 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286726952 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286748886 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.286895037 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.286933899 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287122965 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287136078 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.287163973 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287287951 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.287319899 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287468910 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.287501097 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287674904 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.287688971 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287786007 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287842989 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.287866116 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.287945032 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288047075 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288078070 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288099051 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288192987 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288278103 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288285971 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288300991 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288410902 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288470030 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288500071 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288521051 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288686037 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288714886 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288808107 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288841963 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.288862944 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.288990974 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.289115906 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.289144039 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 18:59:53.289216042 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.289372921 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.289434910 CEST | 49763 | 443 | 192.168.11.20 | 142.250.185.225 |
May 25, 2022 18:59:53.289455891 CEST | 443 | 49763 | 142.250.185.225 | 192.168.11.20 |
May 25, 2022 19:00:06.931080103 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:06.931127071 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:06.931363106 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:06.934257984 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:06.934309959 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:06.995611906 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:06.995870113 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:06.997627020 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:06.997644901 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:06.997952938 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:07.020359993 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:07.046423912 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:07.047446966 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:07.090641975 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:07.349984884 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:07.350208998 CEST | 443 | 49769 | 149.154.167.220 | 192.168.11.20 |
May 25, 2022 19:00:07.350409031 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
May 25, 2022 19:00:07.352962017 CEST | 49769 | 443 | 192.168.11.20 | 149.154.167.220 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 25, 2022 18:59:52.246884108 CEST | 63230 | 53 | 192.168.11.20 | 1.1.1.1 |
May 25, 2022 18:59:52.255198956 CEST | 53 | 63230 | 1.1.1.1 | 192.168.11.20 |
May 25, 2022 18:59:52.941478968 CEST | 62596 | 53 | 192.168.11.20 | 1.1.1.1 |
May 25, 2022 18:59:52.963706970 CEST | 53 | 62596 | 1.1.1.1 | 192.168.11.20 |
May 25, 2022 19:00:06.914524078 CEST | 53973 | 53 | 192.168.11.20 | 1.1.1.1 |
May 25, 2022 19:00:06.923712015 CEST | 53 | 53973 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
May 25, 2022 18:59:52.246884108 CEST | 192.168.11.20 | 1.1.1.1 | 0x3700 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 18:59:52.941478968 CEST | 192.168.11.20 | 1.1.1.1 | 0x6318 | Standard query (0) | A (IP address) | IN (0x0001) | |
May 25, 2022 19:00:06.914524078 CEST | 192.168.11.20 | 1.1.1.1 | 0xe228 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 25, 2022 18:59:52.255198956 CEST | 1.1.1.1 | 192.168.11.20 | 0x3700 | No error (0) | 142.250.185.142 | A (IP address) | IN (0x0001) | ||
May 25, 2022 18:59:52.963706970 CEST | 1.1.1.1 | 192.168.11.20 | 0x6318 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
May 25, 2022 18:59:52.963706970 CEST | 1.1.1.1 | 192.168.11.20 | 0x6318 | No error (0) | 142.250.185.225 | A (IP address) | IN (0x0001) | ||
May 25, 2022 19:00:06.923712015 CEST | 1.1.1.1 | 192.168.11.20 | 0xe228 | No error (0) | 149.154.167.220 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49762 | 142.250.185.142 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-25 16:59:52 UTC | 0 | OUT | |
2022-05-25 16:59:52 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49763 | 142.250.185.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-05-25 16:59:53 UTC | 1 | OUT | |
2022-05-25 16:59:53 UTC | 1 | IN |