Edit tour
Windows
Analysis Report
Royalistic.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Installs a global keyboard hook
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
May check the online IP address of the machine
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
Creates a window with clipboard capturing capabilities
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- Royalistic.exe (PID: 5084 cmdline:
C:\Users\u ser\Deskto p\Royalist ic.exe MD5: D14335F61C99A9B8A2D5E87CDF83CDD0) - CasPol.exe (PID: 2280 cmdline:
C:\Users\u ser\Deskto p\Royalist ic.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B) - CasPol.exe (PID: 7428 cmdline:
C:\Users\u ser\Deskto p\Royalist ic.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 564 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2. |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
Click to see the 1 entries |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 5_2_3968C488 | |
Source: | Code function: | 5_2_3968C9D8 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 1_2_00405A19 | |
Source: | Code function: | 1_2_004065CE | |
Source: | Code function: | 1_2_004027AA |
Networking |
---|
Source: | DNS query: | ||
Source: | DNS query: | ||
Source: | DNS query: |
Source: | JA3 fingerprint: | ||
Source: | JA3 fingerprint: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Windows user hook set: | Jump to behavior |
Source: | Window created: | Jump to behavior |
Source: | Code function: | 1_2_004054B6 |
Source: | Static PE information: |
Source: | Code function: | 1_2_004033B3 |
Source: | Code function: | 1_2_0040727F | |
Source: | Code function: | 1_2_00406AA8 | |
Source: | Code function: | 1_2_707D2288 | |
Source: | Code function: | 5_2_00974930 | |
Source: | Code function: | 5_2_00970040 | |
Source: | Code function: | 5_2_00973968 | |
Source: | Code function: | 5_2_00976F18 | |
Source: | Code function: | 5_2_00970700 | |
Source: | Code function: | 5_2_361A4148 | |
Source: | Code function: | 5_2_361A4D60 | |
Source: | Code function: | 5_2_361A4490 | |
Source: | Code function: | 5_2_361AD305 | |
Source: | Code function: | 5_2_361A1D73 | |
Source: | Code function: | 5_2_3968DB50 | |
Source: | Code function: | 5_2_39684A00 | |
Source: | Code function: | 5_2_39680040 | |
Source: | Code function: | 5_2_396845E0 | |
Source: | Code function: | 5_2_3968DF18 | |
Source: | Code function: | 5_2_396831D1 | |
Source: | Code function: | 5_2_39683270 | |
Source: | Code function: | 5_2_396845D0 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_004033B3 |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_00402173 |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_00404766 |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File written: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_04723FD2 | |
Source: | Code function: | 1_2_047242B2 | |
Source: | Code function: | 1_2_04724775 | |
Source: | Code function: | 1_2_04724C08 | |
Source: | Code function: | 1_2_04723FD2 | |
Source: | Code function: | 5_2_00C242B2 | |
Source: | Code function: | 5_2_00C23FD2 | |
Source: | Code function: | 5_2_00C24C08 | |
Source: | Code function: | 5_2_00C23FD2 | |
Source: | Code function: | 5_2_00C24775 | |
Source: | Code function: | 5_2_361ABB21 |
Source: | Code function: | 1_2_707D2288 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 1_2_00405A19 | |
Source: | Code function: | 1_2_004065CE | |
Source: | Code function: | 1_2_004027AA |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | API call chain: | graph_1-5088 | ||
Source: | API call chain: | graph_1-5095 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_707D2288 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_004033B3 |
Stealing of Sensitive Information |
---|
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 3 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 Obfuscated Files or Information | 11 Input Capture | 116 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 21 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 111 Process Injection | 1 Timestomp | 1 Credentials in Registry | 311 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 DLL Side-Loading | NTDS | 231 Virtualization/Sandbox Evasion | Distributed Component Object Model | 11 Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Masquerading | LSA Secrets | 1 Application Window Discovery | SSH | 2 Clipboard Data | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 231 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 System Network Configuration Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Access Token Manipulation | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 111 Process Injection | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
51% | Virustotal | Browse | ||
26% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File |
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
api4.ipify.org | 64.185.227.155 | true | false | high | |
drive.google.com | 142.250.184.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.184.225 | true | false | high | |
doc-08-50-docs.googleusercontent.com | unknown | unknown | false | high | |
api.ipify.org | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high | ||
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.184.225 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
142.250.184.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
64.185.227.155 | api4.ipify.org | United States | 18450 | WEBNXUS | false |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828570 |
Start date and time: | 2023-03-17 10:47:39 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 16m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | Royalistic.exe |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@6/16@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, tile-service.weather.microsoft.com, wdcp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
64.185.227.155 | Get hash | malicious | Targeted Ransomware | Browse |
| |
Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Ficker Stealer, RHADAMANTHYS, Rusty Stealer | Browse |
| ||
Get hash | malicious | Targeted Ransomware, TrojanRansom | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
| ||
Get hash | malicious | Ficker Stealer, Rusty Stealer | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
api4.ipify.org | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
WEBNXUS | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
3b5074b1b5d032e5620f69f9f700ff0e | Get hash | malicious | AgentTesla | Browse |
| |
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Vector Stealer, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Xmrig | Browse |
| ||
Get hash | malicious | AgentTesla, zgRAT | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Aurora, RedLine | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Amadey, Djvu, Fabookie, SmokeLoader | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Lokibot | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Djvu, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, HTMLPhisher, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | BluStealer, ThunderFox Stealer, a310Logger | Browse |
| ||
Get hash | malicious | Amadey, Djvu, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Grandcrab, Gandcrab | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Qbot | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nslE084.tmp\System.dll | Get hash | malicious | AgentTesla, GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse |
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 6.024446974480565 |
Encrypted: | false |
SSDEEP: | 192:Vm9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j |
MD5: | E23600029D1B09BDB1D422FB4E46F5A6 |
SHA1: | 5D64A2F6A257A98A689A3DB9A087A0FD5F180096 |
SHA-256: | 7342B73593B3AA1B15E3731BFB1AFD1961802A5C66343BAC9A2C737EE94F4E38 |
SHA-512: | C971F513142633CE0E6EC6A04C754A286DA8016563DAB368C3FAC83AEF81FA3E9DF1003C4B63D00A46351A9D18EAA7AE7645CAEF172E5E1D6E29123AB864E7AC |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 263441 |
Entropy (8bit): | 7.470128360205037 |
Encrypted: | false |
SSDEEP: | 6144:gW2L2lxw6CfR2hGhddAkBtTCNwQn4Sp5U2JvkCmLO6ta4Rh40FdmxMDoOz:gMHw9SGh1D6ndCtLO6s4R2eOMTz |
MD5: | ED053E4B81682B3CEF98A00C188F9191 |
SHA1: | 7824184CA7B4588B9665CF5D6ECDF3E6A20820C7 |
SHA-256: | 64A7608273D8284E67F338F8B77230B0EF14C342747CE6C3F8792F567BC99498 |
SHA-512: | 51C4089DE4328B5C37B759CF98FCDE4838C67413CF0F0EE8EB1D9CD6BB129A41C686BEC3DD424B553725C84787671FAE3F9E037C436E8D7D5B8F28F7D42CBE7D |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Affaldsproblem\x-office-spreadsheet.png
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 546 |
Entropy (8bit): | 6.786347340342328 |
Encrypted: | false |
SSDEEP: | 12:6v/7X0ZKjCVdCyXM8OYSd/AuKoOjTOH6BMLHEMA:C0oCDMUaAutUTQ60HED |
MD5: | D4AEA6CA7A8B03C62C36FF2AEBE20C6C |
SHA1: | F0BB798B40E4CA170ECFBD72161EF7796B58B444 |
SHA-256: | EC1222609F69FE70F55C1817535B0138A295EB7C71CCC443D7B3ACAA44537B5B |
SHA-512: | 9912AC7388A0138E809D8E25F4EE90B5952D8B4063969A79BCEB2C5E8A312878897BEF56FF3BBB0185A815262C343984D9C3113B5B5C2D0069716891110A0DFD |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-core-processthreads-l1-1-1.dll
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 19208 |
Entropy (8bit): | 7.005927948691754 |
Encrypted: | false |
SSDEEP: | 384:dtUDfIeFrW1hWC5OZkum0GftpBjVzm3Sx56lgCoha6LDF:dteFuJoVijz1HB |
MD5: | D699333637DB92D319661286DF7CC39E |
SHA1: | 0BFFB9ED366853E7019452644D26E8E8F236241B |
SHA-256: | FE760614903E6D46A1BE508DCCB65CF6929D792A1DB2C365FC937F2A8A240504 |
SHA-512: | 6FA9FF0E45F803FAF3EB9908E810A492F6F971CB96D58C06F408980AB40CBA138B52D853AA0E3C68474053690DFAFA1817F4B4C8FB728D613696B6C516FA0F51 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\api-ms-win-crt-stdio-l1-1-0.dll
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 24328 |
Entropy (8bit): | 6.867867660778997 |
Encrypted: | false |
SSDEEP: | 384:/ZpFVhHW1hWxgYBm0GftpBjMm3SNlndaYhpn3p:boEVi6DBp |
MD5: | D5166AB3034F0E1AA679BFA1907E5844 |
SHA1: | 851DD640CB34177C43B5F47B218A686C09FA6B4C |
SHA-256: | 7BCAB4CA00FB1F85FEA29DD3375F709317B984A6F3B9BA12B8CF1952F97BEEE5 |
SHA-512: | 8F2D7442191DE22457C1B8402FAAD594AF2FE0C38280AAAFC876C797CA79F7F4B6860E557E37C3DBE084FE7262A85C358E3EEAF91E16855A91B7535CB0AC832E |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Forhastelse\Kommandjsr\drive-multidisk.png
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 569 |
Entropy (8bit): | 7.482468865601557 |
Encrypted: | false |
SSDEEP: | 12:6v/7QkFqDaHfvZFpa7O/oH5kGxVI7F2bk7jv0E1YpA0sVrgY:x8qeH7MQ+px2qqj5Y60mr7 |
MD5: | B0C0FEE6A573A2776A013307457B6556 |
SHA1: | 95157DA2FAD0902832E25CBEBE3EE4E58C265346 |
SHA-256: | 1A41F703735FD48EE79E423993B2C6695E326269F7A61304DFF4796F59977FF2 |
SHA-512: | 28CDDB1071E69145AC1845EC573618EC6268FDEF795B0F3638EB1DEC834C8FE0FC65517D9ED784F81F67535F25333FC986BD9C9B3AAB73BCE4C42837C81E168C |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\System.Xml.XmlDocument.dll
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16024 |
Entropy (8bit): | 6.768484247043723 |
Encrypted: | false |
SSDEEP: | 384:EVgGf2BiWOsWql//uPHRN7/2WF//dJR9ztBcvM:EVgGL4lXM/2WF//dj9zUvM |
MD5: | 1FED3E9E68967F0903F43CF955EC8EAE |
SHA1: | DA9D98424E2BB2AE625E9EBEBD90AD4B7F007CA4 |
SHA-256: | B861237F55766E286E7008AC4B1E5CE88E88FDF7741EF9C6B00540E1765390F3 |
SHA-512: | F030383C4D933EC13EE1E892654AEEFD5C722BE25461472639DF49FA0E165AC470BFB901A0A062CA145A6B693C607E279CDBA2A144E62A5B9D2FD6E999943364 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Konini\Firsaarsfdselsdage\Whorehouse\Faithworthy\accessories-dictionary.png
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 639 |
Entropy (8bit): | 7.594477595602655 |
Encrypted: | false |
SSDEEP: | 12:6v/7xXsWeAITRagJSezSlTm4IpuXLJNux3NdHbvHR+d0FKHrHPnwF4LWbf7H:wINVSo4gud4NxbvxI0erv04Lcf7H |
MD5: | B8367F3483C54EFE19D1426A98402829 |
SHA1: | F9E9A067BFE5F2A3A4AE1C93D519B8B8792719C9 |
SHA-256: | 0791574192B5767D904619B1F6BB30B3A5101FBD51F8C259C2CFFF078C7ECECD |
SHA-512: | A4C0E3D1CAA4A828B9160D4936F5E11E42AFE00A9A611A0814884BBA9E18A691D16B142F5A23E2AEE11708C72AADAAB78F19733E1E541BD19E64437AC6E43AED |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Laboratories53\x-office-address-book-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2059 |
Entropy (8bit): | 5.063551723274034 |
Encrypted: | false |
SSDEEP: | 24:t4CpYL7IyKbRAecFxMGMaMlF6Yi36fRMTXoUfQBjWIu4IZ715ByKbRAecFxMGMM:fNtAecFJM/FiqfQpQipvBNtAecFJMM |
MD5: | 5447BF4EF18181AA69BEC4978E312549 |
SHA1: | 4843AA2388FE80EE474F399061C6FDBB547BC2BA |
SHA-256: | EC1CDEAD87BAD12FACA206F03D6748ED11F3A50FF32E8AD341BD44A3A44D6075 |
SHA-512: | 611A25E6FE93CFA74DF01200914D730BB608B6EB05BDB8E77F13416800B45468D4067C8516C734B8C602EF4EFEF4B90D045B7456AA2BAF243526C8145BBA3D4D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Mitheithel\Homoplasy\Wice\AMD.Power.Processor.ppkg
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-new-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 200 |
Entropy (8bit): | 6.353867134664978 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPys1AhcwQnKFxLsaV0MSFw6YB1L5jp:6v/7RgFKBE1L5N |
MD5: | B1E1142D7EF33AD94E80A7394C036540 |
SHA1: | D05408C3B4360DE12D0B7A1CCB04A27E946FD517 |
SHA-256: | 9572648AC9CA12A253EFBFB3DB0160C56CBFAAC3157779285642FAEB1D86CA94 |
SHA-512: | 18AC511A1916E99780BAB5D3CEDBCA816932D88A4230F8FFADE5C17DBF1511840033D5A05322B0AA3EE4D30A9105D2F211C84C46DDFAAA71008444669CB65A3F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\folder-templates-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 963 |
Entropy (8bit): | 5.12784027591558 |
Encrypted: | false |
SSDEEP: | 24:t4CptM48A8A8F+yEcGZrGF19XQzyKbRAecFxMGM7:B8A8A8F+yEcGYFmNtAecFJM7 |
MD5: | F5A69E814CB5E7713E3C624942DE1DA5 |
SHA1: | 2919A07D2792295111CF54AF23742CEE14337B10 |
SHA-256: | 06D97F580D3709C0EA0E2705425C621A17FF97CF3A449B468D2976BA0D55EFEB |
SHA-512: | ABC0F7671B316DC01152253639319BED058C20D4E8C56F6D23B67AF6584F39E5F3191D97FD8F135C259E5BD7FE032939528A93029D747061500DFAE14C135D55 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\printer-printing-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 295 |
Entropy (8bit): | 4.922153835627764 |
Encrypted: | false |
SSDEEP: | 6:tI9mc4slzcWER4W6UmUuksJtjdU0tytlN8uFWOXM2KchvXa7BGl0/:t4CDqW6zUmjW0ktl+sd1a7BM0/ |
MD5: | 611C311204F39AB0E7F3CC8A0264246A |
SHA1: | 9E4A3BEA0DE6D11491E5AA69A61E1FF051D79DED |
SHA-256: | 1E6C4120B833698852CF451D0B5F8FCA83CD5591EA73EBC3C918547B67FBEB34 |
SHA-512: | 919628653C7441CC4F82C7177D5A6EBBB86686A4E15435A21201B1D77B325808435323FA9FF906E6DB4D612ACEB1C00AC89B0571181D1F521636943EFE25EEF0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Paleograph\Statuskonto\Gusting\screen-shared-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 254 |
Entropy (8bit): | 6.643831924508014 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysJ/dh3z6yXtAMoWACcF/byM2TnmLzU/Jqj84up:6v/7p/dh7tfbAC0uM2ygR94c |
MD5: | 0DFD6D9ADF93297702595FA9A5D9A7AF |
SHA1: | 23A4AAE7E34232870AACF6B48B24377EA16519C6 |
SHA-256: | 8CB87F7A9BFFD886E5931B865AB5731DF7CDD7D2768DA05808FE2D40027ED9C1 |
SHA-512: | 880643F4BFD6F660B272EE93D38EE2513F26197053E41DF4AFE3FEC77FDBC0A087B295256451A1FB83ABAC594E6A0A585C2619D3DD400AF1DB49035E23FE555F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\AsMultiLang.ini
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 398 |
Entropy (8bit): | 4.737590272626814 |
Encrypted: | false |
SSDEEP: | 6:SIMYmm7jVYNEiJuXLIM/Cnjkq5cKYAbSJ94r1WR0rD1pulzV+ML6JyMx:SI0m7pYNEiJuXLIM6hcKc6curfQzxOf |
MD5: | D96836E1DD4D151DA0687D7251B528DB |
SHA1: | CCF444F32EDE194FCDE18BB32EBFCCF921E7CB30 |
SHA-256: | C013CFD743455DFFDBB614EA966EEC32977D7CBF096DD4A95081E7A650E8E6B9 |
SHA-512: | 2442D9289CD7E741FF74DD99BEF39EBA7562B94DC153C3C4C4F7642455FFB0879330BC0C59B888F39A352C1C58418995F8AA319FB3BBA110B57FF7EE0A8751EF |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Kartoffelprodukterne\conchinine\Stinkbranden\Middagsselskaber\PSReadline.psd1
Download File
Process: | C:\Users\user\Desktop\Royalistic.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.493705345043699 |
TrID: |
|
File name: | Royalistic.exe |
File size: | 385376 |
MD5: | d14335f61c99a9b8a2d5e87cdf83cdd0 |
SHA1: | f82f3481619be8f9f11d76638db3107b1d332912 |
SHA256: | 08cabec4d0127fb3e6530b04448cb3539c2b8f28988e60499c2dbbfe475206df |
SHA512: | 9d94b9bc836b9bb292b4e2b0ef83f1632fceb712bf60bdb3127ffaca3b4c2dcbe4aeb3f5ad3c712a47111d81c650b1a44a55e0e26f0f3f83e6727f8556d11ea2 |
SSDEEP: | 6144:hGemq9vVMEHIx0Sc149PSjEeUlbojewwn1QuMQylhWsqfXatqMFJZV2H4ktcA8a:hmK9MNx0Sc149KAeyyeZ1QiyeVX8zHYX |
TLSH: | E384F121F128BCCAD60358F01DBDA61051E5DFED80D5450D6ABA328994F239778AFF2E |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1)..PG..PG..PG.*_...PG..PF.IPG.*_...PG..sw..PG..VA..PG.Rich.PG.........PE..L.....Oa.................f....... ...3............@ |
Icon Hash: | 0355ccaeb2fe5500 |
Entrypoint: | 0x4033b3 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x614F9D8B [Sat Sep 25 22:07:07 2021 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 5f0c714c36e6cc016b3a1f4bc86559e4 |
Signature Valid: | false |
Signature Issuer: | E=squeaked@Dipsas.Ge, OU="Skumringstimes subhalid Cocitizen ", O=Alveolariform, L=Saint-Georges-de-Luzen\xe7on, S=Occitanie, C=FR |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 7AB231DCE5C6FFAD69D73B26E510B330 |
Thumbprint SHA-1: | 78B2E08127E635C646392C64AE8048CE0274B9EB |
Thumbprint SHA-256: | D5FDEC97888AB854DBF29C2F3CDDD20DE4CEEBF3C0264DBC1620ACC59A819E35 |
Serial: | 6A4A99A1737DDB2714130F7ACA2C5BCFD03D4200 |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 00000220h |
push esi |
push edi |
xor edi, edi |
push 00008001h |
mov dword ptr [ebp-10h], edi |
mov dword ptr [ebp-04h], 0040A198h |
mov dword ptr [ebp-08h], edi |
mov byte ptr [ebp-0Ch], 00000020h |
call dword ptr [004080B8h] |
mov esi, dword ptr [004080BCh] |
lea eax, dword ptr [ebp-000000C0h] |
push eax |
mov dword ptr [ebp-000000ACh], edi |
mov dword ptr [ebp-2Ch], edi |
mov dword ptr [ebp-28h], edi |
mov dword ptr [ebp-000000C0h], 0000009Ch |
call esi |
test eax, eax |
jne 00007FDEA4FB4431h |
lea eax, dword ptr [ebp-000000C0h] |
mov dword ptr [ebp-000000C0h], 00000094h |
push eax |
call esi |
cmp dword ptr [ebp-000000B0h], 02h |
jne 00007FDEA4FB441Ch |
movsx cx, byte ptr [ebp-0000009Fh] |
mov al, byte ptr [ebp-000000ACh] |
sub ecx, 30h |
sub al, 53h |
mov byte ptr [ebp-26h], 00000004h |
neg al |
sbb eax, eax |
not eax |
and eax, ecx |
mov word ptr [ebp-2Ch], ax |
cmp dword ptr [ebp-000000B0h], 02h |
jnc 00007FDEA4FB4414h |
and byte ptr [ebp-26h], 00000000h |
cmp byte ptr [ebp-000000ABh], 00000041h |
jl 00007FDEA4FB4403h |
movsx ax, byte ptr [ebp-000000ABh] |
sub eax, 40h |
mov word ptr [ebp-2Ch], ax |
jmp 00007FDEA4FB43F6h |
mov word ptr [ebp-2Ch], di |
cmp dword ptr [ebp-000000BCh], 0Ah |
jnc 00007FDEA4FB43FAh |
and word ptr [ebp+00000000h], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8544 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0xcf000 | 0x14bf8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x5d730 | 0xa30 | .ndata |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x29c | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x65ba | 0x6600 | False | 0.6783088235294118 | data | 6.475278602230841 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1382 | 0x1400 | False | 0.4626953125 | data | 5.262676635269928 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x48538 | 0x600 | False | 0.4615885416666667 | data | 4.125526322488032 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x53000 | 0x7c000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0xcf000 | 0x14bf8 | 0x14c00 | False | 0.16929828689759036 | data | 4.457664961464067 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0xcf250 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 0 | English | United States |
RT_ICON | 0xdfa78 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 0 | English | United States |
RT_ICON | 0xe2020 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 0 | English | United States |
RT_ICON | 0xe30c8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 0 | English | United States |
RT_DIALOG | 0xe3530 | 0x100 | data | English | United States |
RT_DIALOG | 0xe3630 | 0x11c | data | English | United States |
RT_DIALOG | 0xe3750 | 0xc4 | data | English | United States |
RT_DIALOG | 0xe3818 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0xe3878 | 0x3e | data | English | United States |
RT_MANIFEST | 0xe38b8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
ADVAPI32.dll | RegCreateKeyExA, RegEnumKeyA, RegQueryValueExA, RegSetValueExA, RegCloseKey, RegDeleteValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetFileSecurityA, RegOpenKeyExA, RegEnumValueA |
SHELL32.dll | SHGetFileInfoA, SHFileOperationA, SHGetPathFromIDListA, ShellExecuteExA, SHGetSpecialFolderLocation, SHBrowseForFolderA |
ole32.dll | IIDFromString, OleInitialize, OleUninitialize, CoCreateInstance, CoTaskMemFree |
COMCTL32.dll | ImageList_Create, ImageList_Destroy, ImageList_AddMasked |
USER32.dll | SetClipboardData, CharPrevA, CallWindowProcA, PeekMessageA, DispatchMessageA, MessageBoxIndirectA, GetDlgItemTextA, SetDlgItemTextA, GetSystemMetrics, CreatePopupMenu, AppendMenuA, TrackPopupMenu, FillRect, EmptyClipboard, LoadCursorA, GetMessagePos, CheckDlgButton, SetWindowPos, SetCursor, GetSysColor, SetClassLongA, GetWindowLongA, IsWindowEnabled, GetWindowRect, GetSystemMenu, EnableMenuItem, RegisterClassA, ScreenToClient, EndDialog, GetClassInfoA, SystemParametersInfoA, CreateWindowExA, ExitWindowsEx, DialogBoxParamA, CharNextA, SetTimer, DestroyWindow, CreateDialogParamA, SetForegroundWindow, SetWindowTextA, PostQuitMessage, SendMessageTimeoutA, ShowWindow, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, GetDC, SetWindowLongA, LoadImageA, InvalidateRect, ReleaseDC, EnableWindow, BeginPaint, SendMessageA, DefWindowProcA, DrawTextA, GetClientRect, EndPaint, IsWindowVisible, CloseClipboard, OpenClipboard |
GDI32.dll | SetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectA, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject |
KERNEL32.dll | GetExitCodeProcess, WaitForSingleObject, GetProcAddress, GetSystemDirectoryA, WideCharToMultiByte, MoveFileExA, ReadFile, GetTempFileNameA, WriteFile, RemoveDirectoryA, CreateProcessA, CreateFileA, GetLastError, CreateThread, CreateDirectoryA, GlobalUnlock, GetDiskFreeSpaceA, GlobalLock, SetErrorMode, GetVersionExA, lstrcpynA, GetCommandLineA, GetTempPathA, lstrlenA, SetEnvironmentVariableA, ExitProcess, GetWindowsDirectoryA, GetCurrentProcess, GetModuleFileNameA, CopyFileA, GetTickCount, Sleep, GetFileSize, GetFileAttributesA, SetCurrentDirectoryA, SetFileAttributesA, GetFullPathNameA, GetShortPathNameA, MoveFileA, CompareFileTime, SetFileTime, SearchPathA, lstrcmpiA, lstrcmpA, CloseHandle, GlobalFree, GlobalAlloc, ExpandEnvironmentStringsA, LoadLibraryExA, FreeLibrary, lstrcpyA, lstrcatA, FindClose, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, SetFilePointer, GetModuleHandleA, FindNextFileA, FindFirstFileA, DeleteFileA, MulDiv |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 10:50:21.814665079 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.814757109 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.815057039 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.839333057 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.839395046 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.909576893 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.909811020 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.911075115 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.911446095 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.975106001 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.975178003 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.976231098 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:21.976440907 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:21.979921103 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:22.020489931 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:23.076155901 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:23.076381922 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:23.076458931 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:23.076620102 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:23.076739073 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:23.076982021 CET | 443 | 49835 | 142.250.184.238 | 192.168.11.20 |
Mar 17, 2023 10:50:23.077193022 CET | 49835 | 443 | 192.168.11.20 | 142.250.184.238 |
Mar 17, 2023 10:50:23.162549973 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.162590027 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.162870884 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.163238049 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.163265944 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.226531029 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.226744890 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.228517056 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.228774071 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.232059002 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.232100964 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.232681036 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.232892036 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.233177900 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.276480913 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.509140968 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.509370089 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.509437084 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.509609938 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.510006905 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.510340929 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.511176109 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.511471987 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.511785030 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.512290955 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.512365103 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.512661934 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.513920069 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.514188051 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.514225960 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.514381886 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.516531944 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.516721964 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.518826962 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519010067 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.519031048 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519048929 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519188881 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519244909 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519299984 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.519326925 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519342899 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.519388914 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.519623041 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519648075 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.519675016 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.519835949 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.520343065 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.520580053 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.520597935 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.520886898 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.521034956 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.521508932 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.521522045 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.521795988 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.521820068 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.521835089 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.522102118 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.522438049 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.522537947 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.522810936 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.522838116 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.523034096 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.523266077 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.523371935 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.523494005 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.523508072 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.523678064 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.524259090 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.524411917 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.524482012 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.524508953 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.524624109 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.524739981 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.525156021 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.525305033 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.525352955 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.525374889 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.525486946 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.525540113 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.526089907 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.526199102 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.526372910 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.526392937 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.526451111 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.526557922 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.526930094 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.527049065 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.527116060 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.527131081 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.527196884 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.527276993 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.527894020 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528007984 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528096914 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.528115034 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528441906 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.528645039 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528791904 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528836012 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.528844118 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528855085 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.528953075 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.529042006 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.529490948 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.529602051 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.529645920 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.529659986 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.529670954 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.529764891 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.529798031 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.529798031 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.530313015 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.530426025 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.530462980 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.530476093 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.530603886 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.530616999 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.530750990 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.531097889 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.531236887 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.531418085 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.531558037 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.531599045 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.531610966 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.531621933 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.531733990 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.531809092 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.532201052 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.532335997 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.532401085 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.532407999 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.532430887 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.532489061 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.532537937 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.532537937 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.533049107 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533157110 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533216000 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533309937 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.533329964 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533389091 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.533504963 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.533729076 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533844948 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533937931 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.533941984 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.533967972 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.534028053 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.534109116 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.534121990 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.534316063 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.534756899 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.534897089 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.534965992 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535026073 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.535036087 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535048008 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535126925 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.535259962 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.535587072 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535706997 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535772085 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535824060 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.535839081 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.535849094 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.536017895 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.536207914 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.536556005 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.536714077 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.536744118 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.536849976 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.536883116 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.536909103 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537019014 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537033081 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537079096 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537091970 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537213087 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537213087 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537240982 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537349939 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537388086 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537411928 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537520885 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537522078 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537522078 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537549973 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537664890 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537664890 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.537688017 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.537843943 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538141012 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538286924 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538311958 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538465977 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538490057 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538636923 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538642883 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538659096 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538791895 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538791895 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.538815975 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.538960934 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539060116 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539249897 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539258957 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539272070 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539397955 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539439917 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539463043 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539537907 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539557934 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539592028 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539613962 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539796114 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539813995 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.539952993 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.539988995 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540132046 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540154934 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540263891 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540322065 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540344000 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540411949 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540447950 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540509939 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540532112 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540612936 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540627003 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540708065 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.540712118 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540724039 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540936947 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.540980101 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541004896 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541121006 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541306019 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541368961 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541368961 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541388035 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541412115 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541548967 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541670084 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541742086 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541769028 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.541870117 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.541924953 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.542017937 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.542076111 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.542097092 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.542195082 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.542242050 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.542251110 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:23.542408943 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.542471886 CET | 49836 | 443 | 192.168.11.20 | 142.250.184.225 |
Mar 17, 2023 10:50:23.542496920 CET | 443 | 49836 | 142.250.184.225 | 192.168.11.20 |
Mar 17, 2023 10:50:25.088048935 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:25.088155985 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:25.088383913 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:25.091383934 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:25.091465950 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.078171015 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.078340054 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:26.079747915 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:26.079756975 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.080008030 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.082947016 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:26.124308109 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.371436119 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.371520996 CET | 443 | 49837 | 64.185.227.155 | 192.168.11.20 |
Mar 17, 2023 10:50:26.371654034 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Mar 17, 2023 10:50:26.374254942 CET | 49837 | 443 | 192.168.11.20 | 64.185.227.155 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 10:50:21.796883106 CET | 60241 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 10:50:21.806250095 CET | 53 | 60241 | 1.1.1.1 | 192.168.11.20 |
Mar 17, 2023 10:50:23.140407085 CET | 59915 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 10:50:23.160876036 CET | 53 | 59915 | 1.1.1.1 | 192.168.11.20 |
Mar 17, 2023 10:50:25.073568106 CET | 59437 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 10:50:25.083336115 CET | 53 | 59437 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2023 10:50:21.796883106 CET | 192.168.11.20 | 1.1.1.1 | 0x8696 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2023 10:50:23.140407085 CET | 192.168.11.20 | 1.1.1.1 | 0xe52e | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2023 10:50:25.073568106 CET | 192.168.11.20 | 1.1.1.1 | 0x37af | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2023 10:50:21.806250095 CET | 1.1.1.1 | 192.168.11.20 | 0x8696 | No error (0) | 142.250.184.238 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:23.160876036 CET | 1.1.1.1 | 192.168.11.20 | 0xe52e | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:23.160876036 CET | 1.1.1.1 | 192.168.11.20 | 0xe52e | No error (0) | 142.250.184.225 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:25.083336115 CET | 1.1.1.1 | 192.168.11.20 | 0x37af | No error (0) | api4.ipify.org | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:25.083336115 CET | 1.1.1.1 | 192.168.11.20 | 0x37af | No error (0) | 64.185.227.155 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:25.083336115 CET | 1.1.1.1 | 192.168.11.20 | 0x37af | No error (0) | 104.237.62.211 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 10:50:25.083336115 CET | 1.1.1.1 | 192.168.11.20 | 0x37af | No error (0) | 173.231.16.76 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49835 | 142.250.184.238 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 09:50:21 UTC | 0 | OUT | |
2023-03-17 09:50:23 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49836 | 142.250.184.225 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 09:50:23 UTC | 1 | OUT | |
2023-03-17 09:50:23 UTC | 1 | IN |