Edit tour
Windows
Analysis Report
SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Drops certificate files (DER)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file contains strange resources
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Contains functionality to detect virtual machines (SLDT)
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe (PID: 8772 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 8928.31999 .exe" MD5: 6164A2F75A0C585D3256FAECAC344573) - CasPol.exe (PID: 3216 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 8928.31999 .exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B) - CasPol.exe (PID: 4372 cmdline:
"C:\Users\ user\Deskt op\Securit eInfo.com. Gen.Varian t.Nemesis. 8928.31999 .exe" MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 3160 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Exfil Mode": "SMTP", "SMTP Info": "gonzalez@gonzalezestalote.comGonzalezBeba35mail.gonzalezestalote.comslims4417@gmail.com"}
{"Payload URL": "https://drive.google.com/uc?export=download&id=1Pd9u4MvCgkvBmkO27OGhmEo8sWZCKhPL_n"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
Click to see the 1 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | URLs: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_004056DE |
Source: | File created: | Jump to dropped file |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040352D |
Source: | Code function: | 0_2_0040755C | |
Source: | Code function: | 0_2_00406D85 | |
Source: | Code function: | 0_2_70B21BFF | |
Source: | Code function: | 0_2_02AD3ECE | |
Source: | Code function: | 0_2_02AD2572 | |
Source: | Code function: | 0_2_02AC5A80 | |
Source: | Code function: | 0_2_02AC72FC | |
Source: | Code function: | 0_2_02AC7609 | |
Source: | Code function: | 0_2_02AC6A1D | |
Source: | Code function: | 0_2_02AC5A6B | |
Source: | Code function: | 0_2_02AD4B87 | |
Source: | Code function: | 0_2_02AD4F37 | |
Source: | Code function: | 0_2_02AC7769 | |
Source: | Code function: | 0_2_02AC7342 | |
Source: | Code function: | 0_2_02AC6358 | |
Source: | Code function: | 0_2_02AD4CA0 | |
Source: | Code function: | 0_2_02AC74FA | |
Source: | Code function: | 0_2_02AC7405 | |
Source: | Code function: | 0_2_02AC75E7 | |
Source: | Code function: | 0_2_02AC75C6 | |
Source: | Code function: | 0_2_02ACB16D | |
Source: | Code function: | 4_2_012AF950 | |
Source: | Code function: | 4_2_012A2A98 | |
Source: | Code function: | 4_2_012AB5E8 | |
Source: | Code function: | 4_2_012A37D8 | |
Source: | Code function: | 4_2_012A7076 | |
Source: | Code function: | 4_2_012ADE31 | |
Source: | Code function: | 4_2_012ADED8 | |
Source: | Code function: | 4_2_1DA1A160 | |
Source: | Code function: | 4_2_1DA19890 | |
Source: | Code function: | 4_2_1DA19548 | |
Source: | Code function: | 4_2_20ACEC30 | |
Source: | Code function: | 4_2_20ACD3D8 | |
Source: | Code function: | 4_2_20AC1610 | |
Source: | Code function: | 4_2_20AD0040 | |
Source: | Code function: | 4_2_20ADE140 | |
Source: | Code function: | 4_2_20AD5648 | |
Source: | Code function: | 4_2_20ADBB80 | |
Source: | Code function: | 4_2_20AD33D0 | |
Source: | Code function: | 4_2_20ADBF30 | |
Source: | Code function: | 4_2_21295860 | |
Source: | Code function: | 4_2_21290BA0 | |
Source: | Code function: | 4_2_21290B91 |
Source: | Code function: | 0_2_02AD3ECE | |
Source: | Code function: | 0_2_02AD6648 | |
Source: | Code function: | 0_2_02AD5FDA |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0040352D |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 0_2_004021AA |
Source: | File read: | Jump to behavior |
Source: | Code function: | 0_2_0040498A |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 0_2_70B230EE | |
Source: | Code function: | 0_2_02AC7EAD | |
Source: | Code function: | 0_2_02AC7EAD | |
Source: | Code function: | 0_2_02AC53D5 | |
Source: | Code function: | 0_2_02AC2120 | |
Source: | Code function: | 0_2_02AC2120 | |
Source: | Code function: | 4_2_012A27C9 | |
Source: | Code function: | 4_2_012A84C1 | |
Source: | Code function: | 4_2_1DA15E83 | |
Source: | Code function: | 4_2_20AD7199 |
Source: | Code function: | 0_2_70B21BFF |
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 0_2_02AC02BF |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | Code function: | 4_2_1DA10C40 |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 0_2_00405C49 | |
Source: | Code function: | 0_2_00406873 | |
Source: | Code function: | 0_2_0040290B |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_0-9483 | ||
Source: | API call chain: | graph_0-9487 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 0_2_70B21BFF |
Source: | Code function: | 0_2_02AC02BF |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 0_2_02AD3A08 | |
Source: | Code function: | 0_2_02AD4F37 | |
Source: | Code function: | 0_2_02ACB16D |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 4_2_20AD8B90 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 0_2_0040352D |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 2 OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 1 Obfuscated Files or Information | 1 Credentials in Registry | 117 System Information Discovery | Remote Desktop Protocol | 2 Data from Local System | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 111 Process Injection | 1 DLL Side-Loading | Security Account Manager | 331 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 1 Non-Standard Port | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 Registry Run Keys / Startup Folder | 1 Masquerading | NTDS | 1 Process Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 251 Virtualization/Sandbox Evasion | LSA Secrets | 251 Virtualization/Sandbox Evasion | SSH | Keylogging | Data Transfer Size Limits | 123 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Access Token Manipulation | Cached Domain Credentials | 1 Application Window Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 111 Process Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | ReversingLabs | Win32.Trojan.Nemesis |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | Metadefender | Browse | ||
0% | ReversingLabs |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.186.78 | true | false | high | |
gonzalezestalote.com | 185.101.224.45 | true | false |
| unknown |
googlehosted.l.googleusercontent.com | 142.250.185.225 | true | false | high | |
doc-0k-0s-docs.googleusercontent.com | unknown | unknown | false | high | |
x1.i.lencr.org | unknown | unknown | false |
| unknown |
mail.gonzalezestalote.com | unknown | unknown | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.186.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
185.101.224.45 | gonzalezestalote.com | Spain | 56732 | HOSTINET_ASES | false | |
142.250.185.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 35.0.0 Citrine |
Analysis ID: | 659406 |
Start date and time: 08/07/202205:58:16 | 2022-07-08 05:58:16 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/11@4/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): taskhostw.exe, MusNotification.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, MusNotificationUx.exe, BackgroundTransferHost.exe, WMIADAP.exe, SgrmBroker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.5.88, 20.82.19.171, 104.117.200.9, 209.197.3.8, 93.184.221.240
- Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, e8652.dscx.akamaiedge.net, slscr.update.microsoft.com, e-0009.e-msedge.net, arc.msn.com, wu.azureedge.net, login.live.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, img-prod-cms-rt-microsoft-com.akamaized.net, crl.root-x1.letsencrypt.org.edgekey.net, evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, client.wns.windows.com, fs.microsoft.com, wu.ec.azureedge.net, settings-win.data.microsoft.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, wd-prod-cp.trafficmanager.net, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, evoke-windowsservices-tas.msedge.net, wd-prod-cp-eu-west-2-fe.westeurope.cloudapp.azure.com, nexusrules.officeapps.live.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
06:00:59 | API Interceptor | |
06:01:42 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.101.224.45 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HOSTINET_ASES | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsiA9E6.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1391 |
Entropy (8bit): | 7.705940075877404 |
Encrypted: | false |
SSDEEP: | 24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1 |
MD5: | 0CD2F9E0DA1773E9ED864DA5E370E74E |
SHA1: | CABD2A79A1076A31F21D253635CB039D4329A5E8 |
SHA-256: | 96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6 |
SHA-512: | 3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61712 |
Entropy (8bit): | 7.995044632446497 |
Encrypted: | true |
SSDEEP: | 1536:gzjJiDImMsrjCtGLaexX/zL09mX/lZHIxs:gPJiDI/sr0Hexv/0S/zx |
MD5: | 589C442FC7A0C70DCA927115A700D41E |
SHA1: | 66A07DACE3AFBFD1AA07A47E6875BEAB62C4BB31 |
SHA-256: | 2E5CB72E9EB43BAAFB6C6BFCC573AAC92F49A8064C483F9D378A9E8E781A526A |
SHA-512: | 1B5FA79E52BE495C42CF49618441FB7012E28C02E7A08A91DA9213DB3AB810F0E83485BC1DD5F625A47D0BA7CFCDD5EA50ACC9A8DCEBB39F048C40F01E94155B |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 192 |
Entropy (8bit): | 2.773803200765873 |
Encrypted: | false |
SSDEEP: | 3:kkFklCsfJPtfllXlE/zMc9NtNNX8RolJuRdyo1dlUKlGXJlDdt:kKb+Q1bNMa8Rdy+UKcXP |
MD5: | 36554B91BD91AE6F9093AEC7135ABC63 |
SHA1: | 0D2045C9FA93862996A7447EF109E4A1E7782F06 |
SHA-256: | DD2032FEADEE236FD9DFE655F0D4F98DBBCB9E8D9429AAC1BF64E20A87E67395 |
SHA-512: | 9865FEFAF42F06F1E09B8D30D4CE18B4B131C88A6A7CF8F257F5838F83485DDDE6CE30E7CB02E18621FB2A14F898459E93DD1989BAAD3E2827DA52ECB95E518E |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Download File
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | modified |
Size (bytes): | 326 |
Entropy (8bit): | 3.1236216553575558 |
Encrypted: | false |
SSDEEP: | 6:kKm0+N+SkQlPlEGYRMY9z+4KlDA3RUeWlEZ21:u0NkPlE99SNxAhUeE1 |
MD5: | 1EEC5A770E5DE50B235105C9A7CBB230 |
SHA1: | 9AD713C57B559E061100C3CF37D5A8A95EA49173 |
SHA-256: | 1A6DD52EE40E30550E550D2B410B2F86DF9542C3FD9EE1FA86544C0B690B357B |
SHA-512: | 99450DB2D063FA3073735C1CB714C24E100E02A6B48A677EAC5F32EA0DB9CAB37A530156F9B763F4AB7BB46A5917A5EE3A608C4A71EEA53CDD6622D6378D0505 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 12288 |
Entropy (8bit): | 5.814115788739565 |
Encrypted: | false |
SSDEEP: | 192:Zjvco0qWTlt70m5Aj/lQ0sEWD/wtYbBHFNaDybC7y+XBz0QPi:FHQlt70mij/lQRv/9VMjzr |
MD5: | CFF85C549D536F651D4FB8387F1976F2 |
SHA1: | D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E |
SHA-256: | 8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8 |
SHA-512: | 531D6328DAF3B86D85556016D299798FA06FEFC81604185108A342D000E203094C8C12226A12BD6E1F89B0DB501FB66F827B610D460B933BD4AB936AC2FD8A88 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Folketingsvalget160\Tatou\Borgerdyderne\ArtDeco_brown_4.bmp
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5580 |
Entropy (8bit): | 7.8610675947118915 |
Encrypted: | false |
SSDEEP: | 96:BSTzREFQkzwePWleSvZpEZSrqrf4uFV8TgV9tJQkzdTEwAeMhqD7n0:oXRFuWlzvZpEZSurdGyse48Mk0 |
MD5: | 556BED5FAA7C3E26C56BC9FCFC529723 |
SHA1: | 0D446CB0DAD1D8388F9422DDA12A6ECF0C81EB2E |
SHA-256: | A78B823495E0768D15C0E73424969485188B135D62DAC511B8FE531AA70F282A |
SHA-512: | 4621DDC1BED6BA57776631B507783F410C14EAD87D9179D60A41E4E2504F7F1DF83C43EA49899E482151AC4C8940308E15CCDF371419AE8EB3EB538DEED9FC90 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Folketingsvalget160\Tatou\Borgerdyderne\BRUGERUDGAVERNES.Frd6
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 95398 |
Entropy (8bit): | 7.142865046210158 |
Encrypted: | false |
SSDEEP: | 1536:wTXy5OwFU5IzmvU6KCD411ASl2SRuPuDYpNpJrf7pDdp/L2d15ADB8+VNjiFg:wT0+5ISvpD411Z2SReuDWjdxC3Ad8+T |
MD5: | B3660ECDB5FC12143EA49E0C9AD5ED95 |
SHA1: | 757E5E938651F3FB1D17BD73E450A175211F75E0 |
SHA-256: | F3DDEF2100688EEE45D1BBDB7CF698CE2E232CCAA6A5BD764E3B21B3CA84A6D3 |
SHA-512: | CBF07D0DEF4D5D5AD3D462CA06475EB54A66468CEE956E01B8AF0DF843E486EBAD52C751A195B24F680AC8E451D62E1E401BE5333796E5169467C8CC11B20753 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Folketingsvalget160\Tatou\Borgerdyderne\FOLKESANGEREN\JACKROLLING\battery.png
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 308 |
Entropy (8bit): | 6.786347589283681 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPfh78KFJTKRqtJCKQtLVGhdNk2tbBEQtMtfp:6v/7XtzTQyJQKhdNNvESMtx |
MD5: | 3D7D690C25A5E0D9AEA089BDC6C381FD |
SHA1: | 466C54F12949AA0DF972D37FCAC03F51A59A7B6C |
SHA-256: | 39F75FEF09B32BFB96A2F2989F7E200D421A82480FE13F54CFCFE0F88D86F14D |
SHA-512: | 3A0382444F49029D4E25D83DCA58E57E99B2D541AE3863BE46776D6CCCD8A2E8DC20ED985B0F597E9BFC0B4E73FC42A02B3541A27B4AB4E92955F69DCF0D3FCA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Folketingsvalget160\Tatou\Borgerdyderne\FOLKESANGEREN\JACKROLLING\call-stop-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 238 |
Entropy (8bit): | 6.633113725010705 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysTQAt09hY3OT5K1kmQ/BS4GwsRE5fkt8up:6v/7NG9eM5KzQ/BSLvEdm8c |
MD5: | 4A59AABC67F76907B51FF2E4CCF26074 |
SHA1: | 451F062644DB800453D9CA0FBE0EE53C58AEBFF0 |
SHA-256: | 60F1A6D45B16A0F76F7E3BAA683D506F2B6DD021EA25C32EB6871DD4FC7B9E12 |
SHA-512: | 8728198DDB40BF76EC49DFF42242D82C518FD2568E37F011A3C6727595F5AF14E743749683AE5C96D783EE9CE91480EC40453F092F72988D718BA231E6D8FEEB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Folketingsvalget160\Tatou\Borgerdyderne\FOLKESANGEREN\JACKROLLING\folder-saved-search.png
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 622 |
Entropy (8bit): | 6.99329932907151 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0Z7HBwN1+swFIz8NqwnN14LBHFbSj50iFFp2fpws8A3L0OCV1uOk1:C0BqExqQ6BlsqiQhZrN041 |
MD5: | D801F277C4062AE10A011ADC20D4A6D7 |
SHA1: | 49C7426ACC24711EBAEF5FE5EBD220735F3AB91D |
SHA-256: | 0247A2133037B10E3EDD2AA85773AEFA06483CB76171675BC331A844C275F925 |
SHA-512: | E0753F8BC9B5D02E9ABFCA7088337CA8BE4ED3654071606EEA30BFBD6B82075B567886B9274BF744DC73D1F06A2BB1DB151B1A250922758511CEA4B365F0ADFC |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 5.570138438525555 |
TrID: |
|
File name: | SecuriteInfo.com.Gen.Variant.Nemesis.8928.31999.exe |
File size: | 471150 |
MD5: | 6164a2f75a0c585d3256faecac344573 |
SHA1: | 684171a971270ecef4e56293f7808e5989989d1d |
SHA256: | c5e737000bb35f513800bfa5a9efd5c43a5771f1ae77fe4d4284a25111d4f9c8 |
SHA512: | b2eb58fd7bee2542eb9c88165ab5246bdd247d146ca4db4a9d6adf703e436ddc2044612a0378e2e88fab1ed3b795d48a897b82c5716b447e2ff0a42be338fa4f |
SSDEEP: | 6144:xbE/HUd5+xj6TjiyAKV1QDU4CqAhoJeoeRScTlkMek3bh2eMPwjz/8nO8NOe:xbiRJWVODU4FKPdRSCTeof5zK |
TLSH: | 40A4BFA4BF9FBC82E5550E3492B0FA7811597C394E6F0913B6563F9E783214B9A2430F |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j......... |
Icon Hash: | 01787266eaabea61 |
Entrypoint: | 0x40352d |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 56a78d55f3f7af51443e58e0ce2fb5f6 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 000003F4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [ebp-14h], ebx |
mov dword ptr [ebp-04h], 0040A2E0h |
mov dword ptr [ebp-10h], ebx |
call dword ptr [004080CCh] |
mov esi, dword ptr [004080D0h] |
lea eax, dword ptr [ebp-00000140h] |
push eax |
mov dword ptr [ebp-0000012Ch], ebx |
mov dword ptr [ebp-2Ch], ebx |
mov dword ptr [ebp-28h], ebx |
mov dword ptr [ebp-00000140h], 0000011Ch |
call esi |
test eax, eax |
jne 00007FA81C98A45Ah |
lea eax, dword ptr [ebp-00000140h] |
mov dword ptr [ebp-00000140h], 00000114h |
push eax |
call esi |
mov ax, word ptr [ebp-0000012Ch] |
mov ecx, dword ptr [ebp-00000112h] |
sub ax, 00000053h |
add ecx, FFFFFFD0h |
neg ax |
sbb eax, eax |
mov byte ptr [ebp-26h], 00000004h |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-0000013Ch], 0Ah |
jnc 00007FA81C98A42Ah |
and word ptr [ebp-00000132h], 0000h |
mov eax, dword ptr [ebp-00000134h] |
movzx ecx, byte ptr [ebp-00000138h] |
mov dword ptr [00434FB8h], eax |
xor eax, eax |
mov ah, byte ptr [ebp-0000013Ch] |
movzx eax, ax |
or eax, ecx |
xor ecx, ecx |
mov ch, byte ptr [ebp-2Ch] |
movzx ecx, cx |
shl eax, 10h |
or eax, ecx |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xc0000 | 0x543c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6897 | 0x6a00 | False | 0.6661261792452831 | data | 6.458398214928006 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14a6 | 0x1600 | False | 0.4392755681818182 | data | 5.024109281264143 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2b018 | 0x600 | False | 0.521484375 | data | 4.15458210408643 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x36000 | 0x8a000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xc0000 | 0x543c8 | 0x54400 | False | 0.3847395446958457 | data | 4.4894638245550915 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xc05f8 | 0x42028 | dBase IV DBT, blocks size 0, block length 8192, next free block index 40, next free block 13824, next used block 0 | English | United States |
RT_ICON | 0x102620 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16896, next free block index 40, next free block 4294967295, next used block 4294967295 | English | United States |
RT_ICON | 0x106848 | 0x25a8 | data | English | United States |
RT_ICON | 0x108df0 | 0x1a68 | data | English | United States |
RT_ICON | 0x10a858 | 0x1628 | dBase IV DBT of \200.DBF, blocks size 0, block length 4096, next free block index 40, next free block 2988225716, next used block 3402812106 | English | United States |
RT_ICON | 0x10be80 | 0x10a8 | data | English | United States |
RT_ICON | 0x10cf28 | 0xea8 | data | English | United States |
RT_ICON | 0x10ddd0 | 0xba8 | data | English | United States |
RT_ICON | 0x10e978 | 0xa68 | dBase IV DBT of \200.DBF, blocks size 0, block length 2048, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x10f3e0 | 0x988 | data | English | United States |
RT_ICON | 0x10fd68 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 14455685, next used block 16228229 | English | United States |
RT_ICON | 0x110610 | 0x810 | data | English | United States |
RT_ICON | 0x110e20 | 0x6c8 | data | English | United States |
RT_ICON | 0x1114e8 | 0x690 | data | English | United States |
RT_ICON | 0x111b78 | 0x668 | data | English | United States |
RT_ICON | 0x1121e0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x112748 | 0x4c8 | data | English | United States |
RT_ICON | 0x112c10 | 0x468 | GLS_BINARY_LSB_FIRST | English | United States |
RT_ICON | 0x113078 | 0x2e8 | dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 483465, next used block 0 | English | United States |
RT_ICON | 0x113360 | 0x1e8 | data | English | United States |
RT_ICON | 0x113548 | 0x1c8 | data | English | United States |
RT_ICON | 0x113710 | 0x128 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x113838 | 0x100 | data | English | United States |
RT_DIALOG | 0x113938 | 0x11c | data | English | United States |
RT_DIALOG | 0x113a58 | 0xc4 | data | English | United States |
RT_DIALOG | 0x113b20 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x113b80 | 0x13a | data | English | United States |
RT_VERSION | 0x113cc0 | 0x3c4 | data | English | United States |
RT_MANIFEST | 0x114088 | 0x33e | XML 1.0 document, ASCII text, with very long lines, with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW |
SHELL32.dll | SHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW |
ole32.dll | OleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | GetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 8, 2022 06:01:37.203104973 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.203182936 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.203458071 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.228729963 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.228786945 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.267627001 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.267869949 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.268357038 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.268537045 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.369337082 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.369426012 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.370131016 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.370307922 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.374569893 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.418570995 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.956120014 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.956424952 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.956487894 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.956620932 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.956671000 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.956768036 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.956806898 CEST | 443 | 49737 | 142.250.186.78 | 192.168.11.20 |
Jul 8, 2022 06:01:37.956815958 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:37.956984043 CEST | 49737 | 443 | 192.168.11.20 | 142.250.186.78 |
Jul 8, 2022 06:01:38.069745064 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.069823980 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.069998026 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.070383072 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.070432901 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.105865002 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.106085062 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.106517076 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.106745958 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.110111952 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.110244989 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.110433102 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.110699892 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.154514074 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.370296001 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.370522022 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.371035099 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.371253014 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.371289968 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.371306896 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.372268915 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.372519016 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.372875929 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.373126030 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.373178959 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.373435020 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.373486042 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.373724937 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.373773098 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.374078035 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.380456924 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.380657911 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.380703926 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.380757093 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.381009102 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.381047964 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.381072998 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.381331921 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.381421089 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.381647110 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.381700039 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.381958961 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.382158995 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.382405043 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.382452011 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.382705927 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.382839918 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.383037090 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.383110046 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.383160114 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.383359909 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.383558035 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.383604050 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.383848906 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.383882046 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.384202003 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.384342909 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.384579897 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.384615898 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.384809017 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.385029078 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.385210037 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.385232925 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.385377884 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.385668039 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.385924101 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.385974884 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.386229992 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.386290073 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.386410952 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.386518955 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.386550903 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.386792898 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.386830091 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.387409925 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.387593985 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.387801886 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.387860060 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.387870073 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.388153076 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.388195992 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.388298035 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.388499022 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.388529062 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.388536930 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.388849974 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.389169931 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.389358997 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.389780998 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.389832020 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.390188932 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.390927076 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391146898 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391222954 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.391243935 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391284943 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391402960 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391705990 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.391745090 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.391971111 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.392050028 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.392173052 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.392353058 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.392381907 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.392390013 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.392659903 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.392936945 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.393136024 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.393178940 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.393220901 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.393352985 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.393526077 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.393548965 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.393882990 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.393914938 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.393942118 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394117117 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.394157887 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394169092 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.394184113 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394203901 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394412994 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.394629955 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394802094 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.394804001 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394840002 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.394993067 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.395378113 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.395565033 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.395656109 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.395771980 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.395807028 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.395817041 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.395941019 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.396136045 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.396204948 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.396393061 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.396399975 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.396428108 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.396624088 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.396646023 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.396862984 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.397118092 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.397301912 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.397402048 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.397556067 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.397579908 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.397588015 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.397749901 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.397927999 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.397943974 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.397969961 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.398137093 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.398168087 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.398175001 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.398188114 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.398426056 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.398920059 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399111986 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399115086 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.399178028 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399272919 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.399445057 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.399466038 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399693012 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.399727106 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399755955 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.399931908 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400012970 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400026083 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400047064 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400069952 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400182009 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400372982 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400465012 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400655031 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400686979 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400722980 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400825977 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.400918007 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400934935 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.400950909 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401108980 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.401304007 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.401365995 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401562929 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401654959 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.401664972 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401685953 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401820898 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.401840925 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.401992083 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.402019978 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.402026892 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.402180910 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.402441025 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.402697086 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.402719975 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.402765989 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.402920961 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403059006 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403074026 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403105021 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403112888 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403254986 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403331041 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403351068 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403361082 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403362036 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403388023 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403490067 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403544903 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403661013 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403692007 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403702974 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403726101 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.403852940 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.403878927 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404046059 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404071093 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404217958 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404264927 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404405117 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404429913 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404438019 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404450893 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404457092 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404652119 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404670000 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404680014 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.404732943 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.404953003 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405035973 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405051947 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405072927 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405122995 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405241013 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405297041 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405329943 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405421019 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405502081 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405514002 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405517101 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405539036 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405700922 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405716896 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405718088 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405726910 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405744076 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405894041 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405916929 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.405927896 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.405945063 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406111002 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406238079 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406265974 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406275988 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406289101 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406404972 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406585932 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406610966 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406656027 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406908035 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.406917095 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.406954050 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407083988 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407191038 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407288074 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407325983 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407339096 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407449961 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407485008 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407603979 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407634020 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407658100 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407798052 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407819033 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407833099 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.407855034 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.407874107 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408056021 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408144951 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408243895 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408353090 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.408385992 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408399105 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.408529997 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408554077 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408705950 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.408739090 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.408896923 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.408925056 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409046888 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409161091 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409179926 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.409208059 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409389019 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409550905 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.409589052 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409616947 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.409931898 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.409975052 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.410012007 CEST | 443 | 49738 | 142.250.185.225 | 192.168.11.20 |
Jul 8, 2022 06:01:38.410017014 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:38.410240889 CEST | 49738 | 443 | 192.168.11.20 | 142.250.185.225 |
Jul 8, 2022 06:01:51.365571022 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.396712065 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.396962881 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.433058023 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.433449030 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.464891911 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.465188980 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.500355959 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.503304005 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.544784069 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.544874907 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.544955015 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.545027018 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.554162025 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:51.585784912 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:51.639271975 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.648809910 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.680447102 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.686336040 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.718123913 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.718575954 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.754909992 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.755564928 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.786781073 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.787180901 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.828552961 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.828903913 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.860136032 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.904472113 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.931858063 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.931915045 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.931927919 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.931993961 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:01:53.963469028 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.963517904 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.963550091 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.963581085 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:53.983851910 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:01:54.029458046 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:03:31.226948977 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:03:31.260029078 CEST | 587 | 49749 | 185.101.224.45 | 192.168.11.20 |
Jul 8, 2022 06:03:31.260211945 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Jul 8, 2022 06:03:31.260593891 CEST | 49749 | 587 | 192.168.11.20 | 185.101.224.45 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jul 8, 2022 06:01:37.175949097 CEST | 63198 | 53 | 192.168.11.20 | 1.1.1.1 |
Jul 8, 2022 06:01:37.184885025 CEST | 53 | 63198 | 1.1.1.1 | 192.168.11.20 |
Jul 8, 2022 06:01:38.035819054 CEST | 54695 | 53 | 192.168.11.20 | 1.1.1.1 |
Jul 8, 2022 06:01:38.068016052 CEST | 53 | 54695 | 1.1.1.1 | 192.168.11.20 |
Jul 8, 2022 06:01:51.200717926 CEST | 65345 | 53 | 192.168.11.20 | 1.1.1.1 |
Jul 8, 2022 06:01:51.301168919 CEST | 53 | 65345 | 1.1.1.1 | 192.168.11.20 |
Jul 8, 2022 06:01:51.697470903 CEST | 61274 | 53 | 192.168.11.20 | 1.1.1.1 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jul 8, 2022 06:01:37.175949097 CEST | 192.168.11.20 | 1.1.1.1 | 0xd655 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 8, 2022 06:01:38.035819054 CEST | 192.168.11.20 | 1.1.1.1 | 0xdd96 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 8, 2022 06:01:51.200717926 CEST | 192.168.11.20 | 1.1.1.1 | 0xddfc | Standard query (0) | A (IP address) | IN (0x0001) | |
Jul 8, 2022 06:01:51.697470903 CEST | 192.168.11.20 | 1.1.1.1 | 0x760b | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jul 8, 2022 06:01:37.184885025 CEST | 1.1.1.1 | 192.168.11.20 | 0xd655 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | ||
Jul 8, 2022 06:01:38.068016052 CEST | 1.1.1.1 | 192.168.11.20 | 0xdd96 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 8, 2022 06:01:38.068016052 CEST | 1.1.1.1 | 192.168.11.20 | 0xdd96 | No error (0) | 142.250.185.225 | A (IP address) | IN (0x0001) | ||
Jul 8, 2022 06:01:51.301168919 CEST | 1.1.1.1 | 192.168.11.20 | 0xddfc | No error (0) | gonzalezestalote.com | CNAME (Canonical name) | IN (0x0001) | ||
Jul 8, 2022 06:01:51.301168919 CEST | 1.1.1.1 | 192.168.11.20 | 0xddfc | No error (0) | 185.101.224.45 | A (IP address) | IN (0x0001) | ||
Jul 8, 2022 06:01:51.706505060 CEST | 1.1.1.1 | 192.168.11.20 | 0x760b | No error (0) | crl.root-x1.letsencrypt.org.edgekey.net | CNAME (Canonical name) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49737 | 142.250.186.78 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-08 04:01:37 UTC | 0 | OUT | |
2022-07-08 04:01:37 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49738 | 142.250.185.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-07-08 04:01:38 UTC | 1 | OUT | |
2022-07-08 04:01:38 UTC | 2 | IN |