Edit tour
Windows
Analysis Report
6culQoI97a.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected AgentTesla
Antivirus detection for URL or domain
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- 6culQoI97a.exe (PID: 9084 cmdline:
C:\Users\u ser\Deskto p\6culQoI9 7a.exe MD5: D9AA122B8C39444799E60EABBAB69502) - CasPol.exe (PID: 2424 cmdline:
C:\Users\u ser\Deskto p\6culQoI9 7a.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 2776 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
{"Exfil Mode": "FTP", "FTP Info": "ftp://ftp.gettoner.com.mx/droid@gettoner.com.mxfedxunited543@"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
MALWARE_Win_AgentTeslaV3 | AgentTeslaV3 infostealer payload | ditekSHen |
| |
Click to see the 3 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Avira URL Cloud: | ||
Source: | Avira URL Cloud: |
Source: | Malware Configuration Extractor: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00406448 | |
Source: | Code function: | 2_2_0040589C | |
Source: | Code function: | 2_2_004027A1 |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | Code function: | 2_2_00405339 |
System Summary |
---|
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Code function: | 2_2_00403325 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 2_2_73DD1A98 | |
Source: | Code function: | 2_2_02EDEC82 | |
Source: | Code function: | 2_2_02EE02EE | |
Source: | Code function: | 2_2_02EC76FF | |
Source: | Code function: | 2_2_02ECB2CF | |
Source: | Code function: | 2_2_02EC72DB | |
Source: | Code function: | 2_2_02EC76BA | |
Source: | Code function: | 2_2_02ECBE84 | |
Source: | Code function: | 2_2_02EC6E7B | |
Source: | Code function: | 2_2_02EC824F | |
Source: | Code function: | 2_2_02EC6E46 | |
Source: | Code function: | 2_2_02EDEE46 | |
Source: | Code function: | 2_2_02EC6E47 | |
Source: | Code function: | 2_2_02ECBA0D | |
Source: | Code function: | 2_2_02ECB3F8 | |
Source: | Code function: | 2_2_02ECB7CA | |
Source: | Code function: | 2_2_02EC73A9 | |
Source: | Code function: | 2_2_02EC6FA3 | |
Source: | Code function: | 2_2_02EC73BD | |
Source: | Code function: | 2_2_02EE3FBA | |
Source: | Code function: | 2_2_02EE137C | |
Source: | Code function: | 2_2_02EE0B71 | |
Source: | Code function: | 2_2_02EC8B4B | |
Source: | Code function: | 2_2_02EE433C | |
Source: | Code function: | 2_2_02ECB4E3 | |
Source: | Code function: | 2_2_02EC70C8 | |
Source: | Code function: | 2_2_02EC88D9 | |
Source: | Code function: | 2_2_02EC8841 | |
Source: | Code function: | 2_2_02ED2824 | |
Source: | Code function: | 2_2_02EC7801 | |
Source: | Code function: | 2_2_02EC35EB | |
Source: | Code function: | 2_2_02EC71EB | |
Source: | Code function: | 2_2_02EC89FD | |
Source: | Code function: | 2_2_02EC85F3 | |
Source: | Code function: | 2_2_02ECA9A0 | |
Source: | Code function: | 2_2_02ECB1B5 | |
Source: | Code function: | 2_2_02EC359E | |
Source: | Code function: | 2_2_02EE0997 | |
Source: | Code function: | 2_2_02ECB17E | |
Source: | Code function: | 2_2_02EE1D76 | |
Source: | Code function: | 2_2_02ECBD71 | |
Source: | Code function: | 2_2_02ECBD09 | |
Source: | Code function: | 9_2_011DDD83 | |
Source: | Code function: | 9_2_011DE1D0 | |
Source: | Code function: | 9_2_011DB025 | |
Source: | Code function: | 9_2_011D83E0 | |
Source: | Code function: | 9_2_011D4928 | |
Source: | Code function: | 9_2_011DA0D0 | |
Source: | Code function: | 9_2_011D1BD8 | |
Source: | Code function: | 9_2_0124C510 | |
Source: | Code function: | 9_2_01244168 | |
Source: | Code function: | 9_2_012455E8 | |
Source: | Code function: | 9_2_0124D8F8 | |
Source: | Code function: | 9_2_01246790 | |
Source: | Code function: | 9_2_012496F0 | |
Source: | Code function: | 9_2_01243179 | |
Source: | Code function: | 9_2_012425E8 | |
Source: | Code function: | 9_2_012437B0 | |
Source: | Code function: | 9_2_1D445D08 | |
Source: | Code function: | 9_2_1D444EF0 | |
Source: | Code function: | 9_2_1D4469D0 | |
Source: | Code function: | 9_2_1D444374 | |
Source: | Code function: | 9_2_1D445C41 | |
Source: | Code function: | 9_2_1D4469F1 | |
Source: | Code function: | 9_2_1F88BE70 | |
Source: | Code function: | 9_2_1F884320 | |
Source: | Code function: | 9_2_1F88B110 | |
Source: | Code function: | 9_2_1F881130 | |
Source: | Code function: | 9_2_1F883708 | |
Source: | Code function: | 9_2_1F883A50 |
Source: | Code function: | 2_2_02EE3AF0 | |
Source: | Code function: | 2_2_02EE2B7C |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00403325 |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 2_2_0040216B |
Source: | File read: | Jump to behavior |
Source: | Code function: | 2_2_004045EA |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_73DD2F8E | |
Source: | Code function: | 2_2_02EC51B9 | |
Source: | Code function: | 2_2_02EC9AEF | |
Source: | Code function: | 2_2_02EC5766 | |
Source: | Code function: | 2_2_02EC3B4F | |
Source: | Code function: | 2_2_02ECC673 | |
Source: | Code function: | 2_2_02EC4BFE | |
Source: | Code function: | 2_2_02EC3FB4 | |
Source: | Code function: | 2_2_02EC51B9 | |
Source: | Code function: | 2_2_02EC24D7 | |
Source: | Code function: | 2_2_02EC1460 | |
Source: | Code function: | 2_2_02EC51B9 | |
Source: | Code function: | 2_2_02EC4D45 | |
Source: | Code function: | 2_2_02ECC247 | |
Source: | Code function: | 9_2_01241431 | |
Source: | Code function: | 9_2_1D444C7F |
Source: | Code function: | 2_2_73DD1A98 |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Code function: | 2_2_02EC81AD |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_00406448 | |
Source: | Code function: | 2_2_0040589C | |
Source: | Code function: | 2_2_004027A1 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_2-7441 | ||
Source: | API call chain: | graph_2-7446 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_73DD1A98 |
Source: | Code function: | 2_2_02EC81AD |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_02EC6E46 | |
Source: | Code function: | 2_2_02EC6E47 | |
Source: | Code function: | 2_2_02ECBA0D | |
Source: | Code function: | 2_2_02ECBA0D | |
Source: | Code function: | 2_2_02ECBBF7 | |
Source: | Code function: | 2_2_02ECB7CA | |
Source: | Code function: | 2_2_02ECA44C | |
Source: | Code function: | 2_2_02ECB84D | |
Source: | Code function: | 2_2_02ECB80E | |
Source: | Code function: | 2_2_02EDFDE9 | |
Source: | Code function: | 2_2_02ECB960 | |
Source: | Code function: | 2_2_02ECB17E | |
Source: | Code function: | 2_2_02EE1D76 | |
Source: | Code function: | 2_2_02ECC936 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_02EDFE03 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00403325 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Access Token Manipulation | 11 Masquerading | 1 OS Credential Dumping | 331 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 1 Process Discovery | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 241 Virtualization/Sandbox Evasion | Security Account Manager | 241 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | 1 Data from Local System | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 111 Process Injection | LSA Secrets | 2 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Obfuscated Files or Information | Cached Domain Credentials | 117 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
73% | ReversingLabs | Win32.Trojan.Woreflint | ||
57% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
195.178.120.24 | unknown | unknown | 31564 | HEXAGLOBE-ASFR | false |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 755473 |
Start date and time: | 2022-11-28 19:15:02 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 6culQoI97a.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/4@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 40.77.2.164
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, slscr.update.microsoft.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wdcp.microsoft.com, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ris.api.iris.microsoft.com, wdcpalt.microsoft.com, fe3.delivery.mp.microsoft.com, login.live.com, glb.cws.prod.dcat.dsp.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
195.178.120.24 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HEXAGLOBE-ASFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nspCBC.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bracker\Feberkosten\Lavkonjunkturen.pro
Download File
Process: | C:\Users\user\Desktop\6culQoI97a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 151484 |
Entropy (8bit): | 6.722739524237379 |
Encrypted: | false |
SSDEEP: | 3072:i/XcPN2AMaEryngg6xwigaQTpHJVoBMQ/fV:ikUUhnfJrZzcMQ/fV |
MD5: | 7D35914613D5AE2EE21358270112B5F2 |
SHA1: | ED7CBBBBC35EBCA9F221B1E22927BF2845B54807 |
SHA-256: | DF9AA833D7E0B7455D5112DF644234B735D4F8C4E2A1527148E655DE16DA4BA3 |
SHA-512: | 29F422C4B45EE72141D040EA7682A6D4C90858EA42F2FF461A6301B90195F5DF6F79B5F364B55D61A327EE1E5BAAE26F317E42B3965EDBD1ED42EF7F4FCB7793 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bracker\Feberkosten\Pollen47\Disvoice\Grabbers145.Scu187
Download File
Process: | C:\Users\user\Desktop\6culQoI97a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42820 |
Entropy (8bit): | 3.999720795205128 |
Encrypted: | false |
SSDEEP: | 768:Y8gLgZjz0mqZY9XVZ3z0Aqa2ogrBpnu2L9l6+EfD5u6IZ46hj0HJPn1W4:LgLgNuYBrA75oIpu2Rl6+20v46QF17 |
MD5: | 63EE366B70BC4507D462A94DD9C637BA |
SHA1: | E0E3D34620C83C47F0590BD059AE2066D7F26FE7 |
SHA-256: | D032E1E9FA29373C0D811D0ED484D69F64DF02C0353DC2B7B4F2D08C44094F8A |
SHA-512: | 096C8D578842BE10D2B5D88DF5B130EE3D352190158CBF893DC2AC106D2DF6A91BFA17A92F5F48D3EC952A83DB785A05076AC340015832E5EF4D08D5E584EF00 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Bracker\Feberkosten\Urationelt\call-missed-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\6culQoI97a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1626 |
Entropy (8bit): | 5.039495966615547 |
Encrypted: | false |
SSDEEP: | 24:t42w+Fdw6OyKbRAecFxVrGMalOY3bYnfS/YH6AAHD1gyKbRAecFxVrGMaFC:fONtAecFmMiScmNtAecFmMmC |
MD5: | CCC1083D634E112EBE2FAD8D1809FEB7 |
SHA1: | AFBBB71D1B029B7FBE45E09C7217945A2668D262 |
SHA-256: | 3D961823A04BAC2FF8748D7624AF7D06B10B3D2566AA93540ADB1FC46F6FA6CF |
SHA-512: | 3962F71527D2B662D5B9EACA2AF12AE414F01497871F3E818D86A9DF03DC9C08F1A9873265F70745857D65ADA87E623E523BEB80B51CCA99E820C459757B96D2 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\6culQoI97a.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.854450882766351 |
Encrypted: | false |
SSDEEP: | 192:jPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4I:u7VpNo8gmOyRsVc4 |
MD5: | 34442E1E0C2870341DF55E1B7B3CCCDC |
SHA1: | 99B2FA21AEAD4B6CCD8FF2F6D3D3453A51D9C70C |
SHA-256: | 269D232712C86983336BADB40B9E55E80052D8389ED095EBF9214964D43B6BB1 |
SHA-512: | 4A8C57FB12997438B488B862F3FC9DC0F236E07BB47B2BCE6053DCB03AC7AD171842F02AC749F02DDA4719C681D186330524CD2953D33CB50854844E74B33D51 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
File type: | |
Entropy (8bit): | 6.777623756268328 |
TrID: |
|
File name: | 6culQoI97a.exe |
File size: | 334430 |
MD5: | d9aa122b8c39444799e60eabbab69502 |
SHA1: | 0175baf7a240c2050571a6df273a892e8b192d81 |
SHA256: | 317b5db72d7c43ab63caffa88412395a1b010d24f234eb1b7eeabc92105db143 |
SHA512: | 4ba7e997ffad2ce396faa08d8be8cd6b7073e37828b347fad1ca3f1112d257ecd235c7df9d3d6c78e6b9f96ce878c5fbe2d2a70f7428648f1d2aa14aba7f5d38 |
SSDEEP: | 6144:0x/MQs/IvHdjSzIH1qrb+WECj3wc0ibE0+Ix:wxAIVu8VWb+WEY3LbEt6 |
TLSH: | 7964F1253F64DC27C2A906708EF3D329D6F9D9406E634717BB8177ACBD31780B91A18A |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!.@.@...@...@../O...@...@..L@../O...@...c...@..+F...@..Rich.@..........PE..L......`.................d....9.....%3............@ |
Icon Hash: | 6070dee2bab2c43c |
Entrypoint: | 0x403325 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x60FC909C [Sat Jul 24 22:13:48 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | ced282d9b261d1462772017fe2f6972b |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080B8h] |
call dword ptr [004080BCh] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [007A2F6Ch], eax |
je 00007F1928426BF3h |
push ebx |
call 00007F1928429D56h |
cmp eax, ebx |
je 00007F1928426BE9h |
push 00000C00h |
call eax |
mov esi, 004082A0h |
push esi |
call 00007F1928429CD2h |
push esi |
call dword ptr [004080CCh] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007F1928426BCDh |
push 0000000Bh |
call 00007F1928429D2Ah |
push 00000009h |
call 00007F1928429D23h |
push 00000007h |
mov dword ptr [007A2F64h], eax |
call 00007F1928429D17h |
cmp eax, ebx |
je 00007F1928426BF1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F1928426BE9h |
or byte ptr [007A2F6Fh], 00000040h |
push ebp |
call dword ptr [00408038h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [007A3038h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 0079E528h |
call dword ptr [0040816Ch] |
push 0040A188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8438 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3c7000 | 0x28868 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x29c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6230 | 0x6400 | False | 0.6699609375 | data | 6.441889952551939 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1274 | 0x1400 | False | 0.4337890625 | data | 5.061067348371254 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x399078 | 0x600 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x3a4000 | 0x23000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3c7000 | 0x28868 | 0x28a00 | False | 0.5296875 | data | 5.194338163153121 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x3c73b8 | 0x368 | Device independent bitmap graphic, 96 x 16 x 4, image size 768 | English | United States |
RT_ICON | 0x3c7720 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States |
RT_ICON | 0x3d7f48 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States |
RT_ICON | 0x3e13f0 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States |
RT_ICON | 0x3e6878 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States |
RT_ICON | 0x3eaaa0 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x3ed048 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x3ee0f0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
RT_ICON | 0x3eea78 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_DIALOG | 0x3eeee0 | 0x144 | data | English | United States |
RT_DIALOG | 0x3ef028 | 0x13c | data | English | United States |
RT_DIALOG | 0x3ef168 | 0x100 | data | English | United States |
RT_DIALOG | 0x3ef268 | 0x11c | data | English | United States |
RT_DIALOG | 0x3ef388 | 0xc4 | data | English | United States |
RT_DIALOG | 0x3ef450 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x3ef4b0 | 0x76 | data | English | United States |
RT_MANIFEST | 0x3ef528 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA |
SHELL32.dll | SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA |
ole32.dll | IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, GetSysColor, SetCursor, GetWindowLongA, SetClassLongA, SetWindowPos, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersion, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 28, 2022 19:17:55.642931938 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.664489031 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.664750099 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.665221930 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.689093113 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.689237118 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.689269066 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.689399958 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.689481974 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.689491034 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.689673901 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.689831972 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710146904 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710237026 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710330009 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710347891 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710536003 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710566044 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710622072 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710679054 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710736990 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710743904 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710745096 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710819960 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710875988 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.710905075 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.710954905 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.711077929 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.711078882 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.711078882 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.711244106 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.730001926 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730169058 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.730307102 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730503082 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.730556965 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730690002 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730750084 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730757952 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.730832100 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730886936 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730938911 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.730969906 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.731014013 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.731070042 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.731143951 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.731143951 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.731143951 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.731308937 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.731524944 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.749439001 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.749536037 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.749670029 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.749779940 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.750530958 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750623941 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750693083 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750700951 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.750775099 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750829935 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750869036 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.750869036 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.750917912 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.750972033 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.751025915 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.751038074 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.751085043 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.751257896 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.751257896 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.769414902 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.769510031 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.769594908 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.769753933 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.770581007 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.770675898 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.770745039 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.770770073 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.770836115 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.770891905 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.770940065 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.770940065 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.770978928 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.771038055 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.771094084 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.771106958 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.771280050 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.771281004 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.771450996 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.789984941 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.790081024 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.790366888 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.791635990 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.791731119 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.791790009 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.791840076 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.791876078 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.791887045 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.791954994 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.792010069 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.792057037 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.792082071 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.792139053 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.792227983 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.792228937 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.792274952 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.792447090 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.809812069 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.809906006 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.810075998 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.810237885 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811075926 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811167955 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811239004 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811305046 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811361074 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811415911 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811435938 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811435938 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811436892 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811604023 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811743021 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811773062 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.811830997 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.811945915 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.812155008 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.829314947 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.829457998 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.829564095 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.829726934 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.831075907 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831233025 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831248999 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.831404924 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831460953 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.831562042 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831574917 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.831697941 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831831932 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.831895113 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.831895113 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.832029104 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.832129002 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.832187891 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.832298994 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.832465887 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.849873066 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.850011110 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.850095987 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.850384951 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.852560043 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.852649927 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.852708101 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.852766037 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.852776051 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.852941036 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.852978945 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.853024960 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.853080988 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.853135109 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.853152037 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.853324890 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.853326082 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.870234013 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.870320082 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.870445967 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.870608091 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.872349024 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.872494936 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.872622967 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.872634888 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.872776031 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.872791052 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.872791052 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.872936010 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.873059034 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.873162985 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.873178005 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.873178005 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.873337984 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.873353004 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.873512030 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.873512030 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.889467955 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.889585972 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.889719009 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.889837027 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.892385960 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.892554045 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.892595053 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.892740965 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.892752886 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.892896891 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.892916918 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893034935 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.893091917 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893202066 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.893271923 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.893301964 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893352985 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.893409967 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.893476009 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893476009 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893646002 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.893646955 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.908957958 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.909111977 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.909346104 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.909346104 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.912461042 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.912594080 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.912673950 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.912761927 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.912843943 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.912918091 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913013935 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913026094 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913059950 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913180113 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913230896 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913328886 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913403988 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913470984 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913551092 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.913788080 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913788080 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.913957119 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.928389072 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.928447962 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.928483009 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.928565025 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.928863049 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.932421923 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932512999 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932543039 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932692051 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932727098 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932754993 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932780981 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932807922 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.932833910 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.932833910 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.932833910 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.932859898 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.933048964 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.933048964 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.933171988 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.948378086 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.948441029 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.948570967 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.948647022 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.948700905 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.948874950 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.951955080 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.951998949 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952027082 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952053070 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952157021 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.952209949 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952241898 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952267885 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952295065 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952353001 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.952377081 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.952377081 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.952377081 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.952548981 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.952718973 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.968147993 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.968209982 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.968266964 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.968312979 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.968522072 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.968522072 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.971694946 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.971735001 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.971762896 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.971924067 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.971959114 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.971985102 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.972011089 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.972037077 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.972055912 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.972080946 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.972233057 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.972233057 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.972233057 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.972397089 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.987550974 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.987600088 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.987628937 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.987654924 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.987719059 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.987848043 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.987848043 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.988015890 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.990890980 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991003990 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991076946 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991101980 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991158962 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991251945 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991251945 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991272926 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991331100 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991384983 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991425991 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991437912 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991463900 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991492987 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:55.991636992 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991636992 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:55.991805077 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:56.008855104 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:56.008959055 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:56.009015083 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:56.009069920 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:56.009119987 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:17:56.009215117 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:56.009215117 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:56.009215117 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:17:56.009377956 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:19:45.614684105 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
Nov 28, 2022 19:19:45.633721113 CET | 80 | 49810 | 195.178.120.24 | 192.168.11.20 |
Nov 28, 2022 19:19:45.633886099 CET | 49810 | 80 | 192.168.11.20 | 195.178.120.24 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49810 | 195.178.120.24 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 28, 2022 19:17:55.665221930 CET | 10473 | OUT | |
Nov 28, 2022 19:17:55.689093113 CET | 10474 | IN | |
Nov 28, 2022 19:17:55.689237118 CET | 10476 | IN | |
Nov 28, 2022 19:17:55.689399958 CET | 10477 | IN | |
Nov 28, 2022 19:17:55.689481974 CET | 10478 | IN | |
Nov 28, 2022 19:17:55.710146904 CET | 10480 | IN | |
Nov 28, 2022 19:17:55.710237026 CET | 10481 | IN | |
Nov 28, 2022 19:17:55.710330009 CET | 10482 | IN |