Edit tour
Windows
Analysis Report
REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe
Overview
General Information
Detection
GuLoader, Lokibot
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected Lokibot
Antivirus detection for URL or domain
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Machine Learning detection for sample
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
One or more processes crash
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe (PID: 4112 cmdline:
C:\Users\u ser\Deskto p\REQUEST FOR OFFER 30-12-2022 #U00b7pdf. exe MD5: B9F70F4146B846179FA182AC868D0C15) - REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe (PID: 7568 cmdline:
C:\Users\u ser\Deskto p\REQUEST FOR OFFER 30-12-2022 #U00b7pdf. exe MD5: B9F70F4146B846179FA182AC868D0C15) - WerFault.exe (PID: 1144 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 568 -s 198 0 MD5: 40A149513D721F096DDF50C04DA2F01F)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Lokibot_1 | Yara detected Lokibot | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
Timestamp: | 192.168.11.20157.245.36.2749838802021641 11/30/22-00:31:37.333969 |
SID: | 2021641 |
Source Port: | 49838 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20157.245.36.2749838802024317 11/30/22-00:31:37.333969 |
SID: | 2024317 |
Source Port: | 49838 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 192.168.11.20157.245.36.2749838802024312 11/30/22-00:31:37.333969 |
SID: | 2024312 |
Source Port: | 49838 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: |
Source: | Avira URL Cloud: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00406555 | |
Source: | Code function: | 2_2_0040287E | |
Source: | Code function: | 2_2_00405A03 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_004054B0 |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 2_2_0040344A |
Source: | Code function: | 2_2_004068DA | |
Source: | Code function: | 2_2_00404CED | |
Source: | Code function: | 2_2_032ECB42 | |
Source: | Code function: | 2_2_032D6122 | |
Source: | Code function: | 2_2_032D5B37 | |
Source: | Code function: | 2_2_032D7306 | |
Source: | Code function: | 2_2_032D5944 | |
Source: | Code function: | 2_2_032EF95D | |
Source: | Code function: | 2_2_032D17BD | |
Source: | Code function: | 2_2_032D61DB | |
Source: | Code function: | 2_2_032D3DD6 | |
Source: | Code function: | 2_2_032D6221 | |
Source: | Code function: | 2_2_032D7430 | |
Source: | Code function: | 2_2_032D7607 | |
Source: | Code function: | 2_2_032D5C06 | |
Source: | Code function: | 2_2_032D5E16 | |
Source: | Code function: | 2_2_032D727E | |
Source: | Code function: | 2_2_032D587A | |
Source: | Code function: | 2_2_032D5A43 | |
Source: | Code function: | 2_2_032EE6AB | |
Source: | Code function: | 2_2_032D58A1 | |
Source: | Code function: | 2_2_032D6C8B | |
Source: | Code function: | 2_2_032EC892 | |
Source: | Code function: | 2_2_032D74FA | |
Source: | Code function: | 2_2_032DA6F5 | |
Source: | Code function: | 2_2_032D6CCB | |
Source: | Code function: | 2_2_032ECCDC | |
Source: | Code function: | 5_2_0168101C |
Source: | Code function: | 2_2_032F07A4 | |
Source: | Code function: | 2_2_032F1813 | |
Source: | Code function: | 5_2_0168157A |
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_0040344A |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 2_2_00402104 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 2_2_00404771 |
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_10002E0E | |
Source: | Code function: | 2_2_032D0732 | |
Source: | Code function: | 2_2_032D4DD6 | |
Source: | Code function: | 2_2_032D4705 |
Source: | Code function: | 2_2_10001B18 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 2_2_032D6F6D |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_00406555 | |
Source: | Code function: | 2_2_0040287E | |
Source: | Code function: | 2_2_00405A03 |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_2-6401 | ||
Source: | API call chain: | graph_2-6557 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_10001B18 |
Source: | Code function: | 2_2_032D6F6D |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_032EF95D | |
Source: | Code function: | 2_2_032D58A1 | |
Source: | Code function: | 2_2_032DA6F5 | |
Source: | Code function: | 2_2_032EDAC1 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_032D9D4A |
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_0040344A |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 Windows Service | 1 Access Token Manipulation | 1 Masquerading | 2 OS Credential Dumping | 121 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | 1 DLL Side-Loading | 1 Windows Service | 11 Virtualization/Sandbox Evasion | 1 Credentials in Registry | 11 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 11 Process Injection | 1 Access Token Manipulation | Security Account Manager | 1 Process Discovery | SMB/Windows Admin Shares | 2 Data from Local System | Automated Exfiltration | 3 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 1 DLL Side-Loading | 11 Process Injection | NTDS | 2 File and Directory Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 14 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Obfuscated Files or Information | LSA Secrets | 6 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 DLL Side-Loading | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | |||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
2% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
100% | Avira URL Cloud | malware | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.185.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.185.161 | true | false | high | |
doc-0g-8k-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.185.161 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
157.245.36.27 | unknown | United States | 14061 | DIGITALOCEAN-ASNUS | true | |
142.250.185.238 | drive.google.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 756301 |
Start date and time: | 2022-11-30 00:29:09 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 7m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@4/6@2/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, ctldl.windowsupdate.com, wdcp.microsoft.com
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
157.245.36.27 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsq493.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Folkedansens\Suffigere\Glaucophane\AsOpenFile.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 38632 |
Entropy (8bit): | 5.840976252158136 |
Encrypted: | false |
SSDEEP: | 768:tba0g4rhVUkxIIaPrd6cMCP1diTLmz1BeeKH2X98VwhH:HPUkxIIaPrsCPXK6z1Bee3+k |
MD5: | ED609F8F09DE8AAA4F8CFF0285E0420A |
SHA1: | A7ADE9EB5BD4BAEFAB796C1D6EA92417F1396135 |
SHA-256: | 2488796ACE769813C729198CFD9E3C9D0A512168301D387BE569F2557C683821 |
SHA-512: | 32F080433C121FE1970BBB82911024A389E43B8B6BA059931FF0F3AFA4096BE79660C6DC9C1E027C21692D320F95896B0211C9FA0997AEC30F7A373382443FF2 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29309 |
Entropy (8bit): | 7.9930541941014255 |
Encrypted: | true |
SSDEEP: | 768:E49NB/CsjPddY0nfj1fIXSgH0uO7wt1WayrQ0bThetG:nlCsxfVIXHH2wOfKG |
MD5: | 849FDC040AA117FC8B8AC03C745C690D |
SHA1: | 831EE9C0B27F05069A323940A7C581CA21C9BE68 |
SHA-256: | 3C6382D1FD4C832B2BBD7CDD2508DDAA80BF40D17732C8B17C31D70CED631A79 |
SHA-512: | A5F45B85DAD9FD26B7B111F402467D33B92E01F9C13CD4C2932FA53617746C246393BFEF020DAEE78F4C4515BABA2B50461DA761607CD97A200B3E2206BB08A6 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 141909 |
Entropy (8bit): | 7.124693631306355 |
Encrypted: | false |
SSDEEP: | 3072:COxlLD2mpgf8pOxNjQzNUflgAG63+OAyam6kxnv:COxlmcg5EzuNG6MyaJSv |
MD5: | 0A951AA33DE8994CBE161F0E07F169B8 |
SHA1: | 38033C58EEFF600D22A068F1A7F599646BDFDD1E |
SHA-256: | 4A98204499C5BA9F9518D6A7EF078A5A5F0B82173919E9A5D41179172BD28F60 |
SHA-512: | F9BE445FDBD89EB0F5CACBB325D89E89755906F1DADE3A7E32593E4ADFCBFF2C8927350226BB8FD0238B4F8F72377F757ADCDAFE20C7FA2FF41C4A14814D8A27 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11776 |
Entropy (8bit): | 5.656065698421856 |
Encrypted: | false |
SSDEEP: | 192:eY24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol+Sl:E8QIl975eXqlWBrz7YLOl+ |
MD5: | 17ED1C86BD67E78ADE4712BE48A7D2BD |
SHA1: | 1CC9FE86D6D6030B4DAE45ECDDCE5907991C01A0 |
SHA-256: | BD046E6497B304E4EA4AB102CAB2B1F94CE09BDE0EEBBA4C59942A732679E4EB |
SHA-512: | 0CBED521E7D6D1F85977B3F7D3CA7AC34E1B5495B69FD8C7BFA1A846BAF53B0ECD06FE1AD02A3599082FFACAF8C71A3BB4E32DEC05F8E24859D736B828092CD5 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3425316567-2969588382-3778222414-1001\1b1d0082738e9f9011266f86ab9723d2_11389406-0377-47ed-98c7-d564e683c6eb
Download File
Process: | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 47 |
Entropy (8bit): | 1.1262763721961973 |
Encrypted: | false |
SSDEEP: | 3:/lSllIEXln:AWE1 |
MD5: | D69FB7CE74DAC48982B69816C3772E4E |
SHA1: | B1C04CDB2567DC2B50D903B0E1D0D3211191E065 |
SHA-256: | 8CC6CA5CA4D0FA03842A60D90A6141F0B8D64969E830FC899DBA60ACB4905396 |
SHA-512: | 7E4EC58DA8335E43A4542E0F6E05FA2D15393E83634BE973AA3E758A870577BA0BA136F6E831907C4B30D587B8E6EEAFA2A4B8142F49714101BA50ECC294DDB0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.875386203366202 |
TrID: |
|
File name: | REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
File size: | 194987 |
MD5: | b9f70f4146b846179fa182ac868d0c15 |
SHA1: | 97cb5de0e0cc2f53cd73552f9d5b4381ab5a5907 |
SHA256: | ff235029990af0449ce8f82c5546dfe37170d5e27ce1a22b0a43965a980344be |
SHA512: | 2cc45205394074ddf9a5481a81b89582d84d42a34023329e06cf589c455c2fef144905362b5d1001e26026480d490304b6ac96526ab32f5344b1706d98ceff48 |
SSDEEP: | 3072:MRD+3q3NxPTNuY/bQZFler2MUPaSa1y8XKdV06k55ohchNqV3AzlbEnJZGqItyWJ:mwq3NpNSFleCMUPVaidHXMNqwlInJ0q8 |
TLSH: | A714125533E0C523CAF202702DBB652F9EE9A642E262FF131360AF9D7D56307864C356 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L...8.MX.................b...*......J4............@ |
Icon Hash: | b2a88c96b2ca6a72 |
Entrypoint: | 0x40344a |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x584DCA38 [Sun Dec 11 21:50:48 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 4ea4df5d94204fc550be1874e1b77ea7 |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A230h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080B4h] |
call dword ptr [004080B0h] |
cmp ax, 00000006h |
je 00007FED94512513h |
push ebx |
call 00007FED9451566Ch |
cmp eax, ebx |
je 00007FED94512509h |
push 00000C00h |
call eax |
mov esi, 004082B8h |
push esi |
call 00007FED945155E6h |
push esi |
call dword ptr [0040815Ch] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007FED945124ECh |
push ebp |
push 00000009h |
call 00007FED9451563Eh |
push 00000007h |
call 00007FED94515637h |
mov dword ptr [0042A244h], eax |
call dword ptr [0040803Ch] |
push ebx |
call dword ptr [004082A4h] |
mov dword ptr [0042A2F8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 004216E8h |
call dword ptr [00408188h] |
push 0040A384h |
push 00429240h |
call 00007FED94515220h |
call dword ptr [004080ACh] |
mov ebp, 00435000h |
push eax |
push ebp |
call 00007FED9451520Eh |
push ebx |
call dword ptr [00408174h] |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x69000 | 0xb48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x61f1 | 0x6200 | False | 0.6656967474489796 | data | 6.477074763411717 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x13a4 | 0x1400 | False | 0.4529296875 | data | 5.163001655755973 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x20338 | 0x600 | False | 0.501953125 | data | 3.9745558434885093 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2b000 | 0x3e000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x69000 | 0xb48 | 0xc00 | False | 0.4228515625 | data | 4.372183800985918 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x691c0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States |
RT_DIALOG | 0x694a8 | 0x100 | data | English | United States |
RT_DIALOG | 0x695a8 | 0x11c | data | English | United States |
RT_DIALOG | 0x696c8 | 0xc4 | data | English | United States |
RT_DIALOG | 0x69790 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x697f0 | 0x14 | data | English | United States |
RT_MANIFEST | 0x69808 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, CreateFileW, GetFileSize, MoveFileW, SetFileAttributesW, GetModuleFileNameW, CopyFileW, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, WaitForSingleObject, GetCurrentProcess, CompareFileTime, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GetDiskFreeSpaceW, lstrlenW, lstrcpynW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.20157.245.36.2749838802021641 11/30/22-00:31:37.333969 | TCP | 2021641 | ET TROJAN LokiBot User-Agent (Charon/Inferno) | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
192.168.11.20157.245.36.2749838802024317 11/30/22-00:31:37.333969 | TCP | 2024317 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M2 | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
192.168.11.20157.245.36.2749838802024312 11/30/22-00:31:37.333969 | TCP | 2024312 | ET TROJAN LokiBot Application/Credential Data Exfiltration Detected M1 | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2022 00:31:35.123769999 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.123786926 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.124044895 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.137362957 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.137372017 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.172802925 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.173031092 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.173213005 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.173417091 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.173674107 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.302972078 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.304261923 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.304462910 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.308245897 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.348491907 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.606657982 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.606863022 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.606874943 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.607048035 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.608479023 CET | 49836 | 443 | 192.168.11.20 | 142.250.185.238 |
Nov 30, 2022 00:31:35.608555079 CET | 443 | 49836 | 142.250.185.238 | 192.168.11.20 |
Nov 30, 2022 00:31:35.794887066 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.794929981 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.795146942 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.795490026 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.795507908 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.858731031 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.858937979 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.859126091 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.860200882 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.860357046 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.860357046 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.864449978 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.864485025 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.864960909 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:35.865122080 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.865542889 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:35.912424088 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.193646908 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.193851948 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.194185972 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.194263935 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.194359064 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.194547892 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.195283890 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.195485115 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.195549965 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.195982933 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.196171045 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.196225882 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.196439028 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.198167086 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.198345900 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.198385954 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.198849916 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.201076031 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.201406956 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.203979969 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.204233885 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.204291105 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.204576015 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.204622984 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.204778910 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.204869986 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.204936028 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.204979897 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.205188990 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.205256939 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.205456018 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.205496073 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.205528975 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.205698967 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.205699921 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.206115007 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.206336021 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.206392050 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.206670046 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.206896067 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.207021952 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.207073927 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.207273006 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.207426071 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.207664013 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.207719088 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.207990885 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.208270073 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.208506107 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.208565950 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.208812952 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.209053993 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.209290028 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.209343910 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.209602118 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.209661961 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.209861040 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.209897995 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.210105896 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.210390091 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.210585117 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.210622072 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.210923910 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.210963011 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.211199999 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.211230993 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.211417913 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.211746931 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.211963892 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.212017059 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.212210894 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.212599039 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.212840080 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.212894917 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.213157892 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.213177919 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.213217974 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.213407040 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.213645935 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.213856936 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.214068890 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.214111090 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.214304924 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.214612007 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.214812994 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.214857101 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.215100050 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.215135098 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.215338945 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.215442896 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.215483904 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.215501070 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.215676069 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.215718985 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.215864897 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.215892076 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.216243982 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.216270924 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.216516018 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.216604948 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.216650009 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.216890097 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.216890097 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.216916084 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.216944933 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.217200041 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.217251062 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.217489958 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.217519045 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.217708111 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.217742920 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.217941046 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.217978954 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.218020916 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.218152046 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.218403101 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.218441010 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.218830109 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.218856096 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219201088 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.219232082 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219470978 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219590902 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.219630957 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219743967 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219850063 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.219897032 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.219964981 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220211029 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220220089 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.220257998 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.220407963 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220407963 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220494986 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.220705032 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220746040 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.220937967 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.220964909 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.221157074 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.221198082 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.221234083 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.221376896 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.221378088 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.221431017 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.221668005 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.221705914 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.221975088 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.222007036 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.222043037 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.222368956 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.222398043 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.222559929 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.222567081 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.222598076 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.222784996 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.222785950 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.222824097 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.223032951 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.223064899 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.223227024 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.223251104 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.223398924 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.223432064 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.223516941 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:36.223571062 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.223787069 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.228694916 CET | 49837 | 443 | 192.168.11.20 | 142.250.185.161 |
Nov 30, 2022 00:31:36.228755951 CET | 443 | 49837 | 142.250.185.161 | 192.168.11.20 |
Nov 30, 2022 00:31:37.308829069 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:37.332094908 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:37.332345009 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:37.333969116 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:37.356173992 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:37.356368065 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:37.378530979 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.067742109 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.067996979 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.075294018 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075453043 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075481892 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075496912 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075512886 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075527906 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075540066 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075556040 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075562000 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.075572968 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.075704098 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.075875998 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.075875998 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.075897932 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.090306044 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.090418100 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.090445995 CET | 80 | 49838 | 157.245.36.27 | 192.168.11.20 |
Nov 30, 2022 00:31:38.090475082 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Nov 30, 2022 00:31:38.090578079 CET | 49838 | 80 | 192.168.11.20 | 157.245.36.27 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 30, 2022 00:31:35.102749109 CET | 49240 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 30, 2022 00:31:35.111932993 CET | 53 | 49240 | 1.1.1.1 | 192.168.11.20 |
Nov 30, 2022 00:31:35.755490065 CET | 53919 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 30, 2022 00:31:35.793382883 CET | 53 | 53919 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 30, 2022 00:31:35.102749109 CET | 192.168.11.20 | 1.1.1.1 | 0x6df6 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 30, 2022 00:31:35.755490065 CET | 192.168.11.20 | 1.1.1.1 | 0x3147 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 30, 2022 00:31:35.111932993 CET | 1.1.1.1 | 192.168.11.20 | 0x6df6 | No error (0) | 142.250.185.238 | A (IP address) | IN (0x0001) | false | ||
Nov 30, 2022 00:31:35.793382883 CET | 1.1.1.1 | 192.168.11.20 | 0x3147 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 30, 2022 00:31:35.793382883 CET | 1.1.1.1 | 192.168.11.20 | 0x3147 | No error (0) | 142.250.185.161 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49836 | 142.250.185.238 | 443 | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49837 | 142.250.185.161 | 443 | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.11.20 | 49838 | 157.245.36.27 | 80 | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Nov 30, 2022 00:31:37.333969116 CET | 232 | OUT | |
Nov 30, 2022 00:31:37.356368065 CET | 233 | OUT | |
Nov 30, 2022 00:31:38.067742109 CET | 233 | IN | |
Nov 30, 2022 00:31:38.075294018 CET | 235 | IN | |
Nov 30, 2022 00:31:38.075453043 CET | 236 | IN | |
Nov 30, 2022 00:31:38.075481892 CET | 237 | IN | |
Nov 30, 2022 00:31:38.075496912 CET | 238 | IN | |
Nov 30, 2022 00:31:38.075512886 CET | 240 | IN | |
Nov 30, 2022 00:31:38.075527906 CET | 241 | IN | |
Nov 30, 2022 00:31:38.075540066 CET | 241 | IN | |
Nov 30, 2022 00:31:38.075556040 CET | 243 | IN | |
Nov 30, 2022 00:31:38.075572968 CET | 244 | IN | |
Nov 30, 2022 00:31:38.090418100 CET | 246 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49836 | 142.250.185.238 | 443 | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-29 23:31:35 UTC | 0 | OUT | |
2022-11-29 23:31:35 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49837 | 142.250.185.161 | 443 | C:\Users\user\Desktop\REQUEST FOR OFFER 30-12-2022#U00b7pdf.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-29 23:31:35 UTC | 1 | OUT | |
2022-11-29 23:31:36 UTC | 2 | IN |