Edit tour
Windows
Analysis Report
invoice.exe
Overview
General Information
Detection
GuLoader
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
May check the online IP address of the machine
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Drops certificate files (DER)
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Abnormal high CPU Usage
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- invoice.exe (PID: 4636 cmdline:
C:\Users\u ser\Deskto p\invoice. exe MD5: F111934675C34CCA18D9D76FC34A2E40) - CasPol.exe (PID: 1520 cmdline:
C:\Users\u ser\Deskto p\invoice. exe MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 2356 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - WerFault.exe (PID: 4620 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 520 -s 254 4 MD5: 40A149513D721F096DDF50C04DA2F01F)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security |
⊘No Sigma rule has matched
Timestamp: | 192.168.11.20193.122.130.049842802039190 03/17/23-14:34:28.679795 |
SID: | 2039190 |
Source Port: | 49842 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_00406268 | |
Source: | Code function: | 1_2_0040572D | |
Source: | Code function: | 1_2_004026F8 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Code function: | 5_2_37746DE3 | |
Source: | Code function: | 5_2_37746300 |
Networking |
---|
Source: | Snort IDS: |
Source: | DNS query: | ||
Source: | DNS query: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_004051CA |
Source: | File created: | Jump to dropped file |
System Summary |
---|
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 1_2_004031F1 |
Source: | Code function: | 1_2_00406742 | |
Source: | Code function: | 1_2_00404A09 | |
Source: | Code function: | 1_2_00406F19 | |
Source: | Code function: | 5_2_37746DE3 | |
Source: | Code function: | 5_2_37746300 | |
Source: | Code function: | 5_2_377462EF |
Source: | Process Stats: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_004031F1 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_004020CB |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_00404496 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 1_2_10002D4E |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Code function: | 1_2_10001A5D |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 1_2_00406268 | |
Source: | Code function: | 1_2_0040572D | |
Source: | Code function: | 1_2_004026F8 |
Source: | API call chain: | graph_1-4240 | ||
Source: | API call chain: | graph_1-4062 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_10001A5D |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_00402D48 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_004031F1 |
Source: | Binary or memory string: |
Stealing of Sensitive Information |
---|
Source: | Key opened: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 1 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 System Network Configuration Discovery | SMB/Windows Admin Shares | 1 Clipboard Data | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Access Token Manipulation | NTDS | 3 File and Directory Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 111 Process Injection | LSA Secrets | 15 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Obfuscated Files or Information | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
28% | Virustotal | Browse | ||
36% | ReversingLabs | Win32.Trojan.Tnega |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
2% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs | |||
0% | ReversingLabs |
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1223491 | Download File | ||
100% | Avira | HEUR/AGEN.1223491 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.250.184.206 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.33 | true | false | high | |
checkip.dyndns.com | 193.122.130.0 | true | true |
| unknown |
checkip.dyndns.org | unknown | unknown | true |
| unknown |
doc-0k-a8-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
193.122.130.0 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | true | |
142.250.184.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 828743 |
Start date and time: | 2023-03-17 14:30:04 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 58s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 10 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | invoice.exe |
Detection: | MAL |
Classification: | mal88.troj.spyw.evad.winEXE@5/19@3/3 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.73.29
- Excluded domains from analysis (whitelisted): spclient.wg.spotify.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, umwatson.events.data.microsoft.com, wdcp.microsoft.com
- Execution Graph export aborted for target CasPol.exe, PID 1520 because it is empty
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
⊘No simulations
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
193.122.130.0 | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
ORACLE-BMC-31898US | Get hash | malicious | Snake Keylogger | Browse |
| |
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader, Lokibot | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | Amadey, Djvu, Fabookie, SmokeLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Lokibot | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Clipboard Hijacker, Djvu, Fabookie, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Djvu, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, HTMLPhisher, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | BluStealer, ThunderFox Stealer, a310Logger | Browse |
| ||
Get hash | malicious | Amadey, Djvu, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Grandcrab, Gandcrab | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | AgentTesla, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | Unknown | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_caspol.exe_d8eda6a1754a151dd5173ca6db3e65435df63db_ea830a9b_04bcfbd1-2c77-4702-aba0-8ccec9d684fc\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 1.2413258792200002 |
Encrypted: | false |
SSDEEP: | 192:lMbr9vYxYmBUWSaX+AMWVM+Du760fAIO8h:KFYHBUWSaOaq+Du760fAIO8h |
MD5: | AA43B8BBA15A813BFCCD02E862007CD8 |
SHA1: | 8250B873BAC21F5986212B2451B512E48B4349D5 |
SHA-256: | 2D416E1A3C441D6B7DCF6EF0F287F15ED46DCEF848C32BEB31D02196D402DB63 |
SHA-512: | 159EAE789D7948F7077A9761DCEB26AC5A66D646CA0E183AEF6B3DA6EA00C55BECAA2CFC90A5BBC04A875F15CA86A8348895E2A8F6D83D4EAF63D41DD09E77FB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 296706 |
Entropy (8bit): | 3.5831200793212092 |
Encrypted: | false |
SSDEEP: | 3072:QA5LTg7X74RS+qaqyO0uE04uEqW6PCLFQq:QcTgoAHaqyb04z6S |
MD5: | 7EBCA7182F74A342B0C77C9FE8DDC072 |
SHA1: | 1F7A577A9AC5731E0DD8130DDBB8B5B01D0F496E |
SHA-256: | 8D93AC888DBA63A724D6827FCEA592EE97BE5E19BFAE9131BD861813E6C644E5 |
SHA-512: | 5DFF1396A6136908905076DFD12A267B8F69CC6D52F09107AE99EEF40EA84AFAD37AC33A39A543B064CAED628E585E76919C576AB535D5B22AB2CD3311E75CFB |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8434 |
Entropy (8bit): | 3.7091201286754427 |
Encrypted: | false |
SSDEEP: | 192:R9l7lZNidI6IyHLoW6YAAo66ngmfZJCGprr89bw0sfBwm:R9lnNiC6IyroW6YAf6agmfXkwnfj |
MD5: | A6EEA52F37433165774D6A66E6B6994F |
SHA1: | 97AEC2A821BA4337326EB3BDEE28195E298F6291 |
SHA-256: | 5F4ECF6632344627BA5B494DEAB0E0E9F97E194E1F1FDC699D9985AADE578C43 |
SHA-512: | F068BFD03B06815A0677F92099A389CFCE810E184070BF8738E98F394268454DD077BA4A424488B9540E34750DE42AD5400C993401C3D862C9BDCEB290BE95B9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4928 |
Entropy (8bit): | 4.554053374413811 |
Encrypted: | false |
SSDEEP: | 48:cvIwwtl8zsnle702I7VFJ5WS2Cfjkss3rm8M4Jd0PFr+q8vr0uvkinkd:uILfs7GySPfqJCKXvkinkd |
MD5: | 5770CD5EAA63B08F65E7E38543698591 |
SHA1: | E440A41F9A3DAE38151312126A08FA17C818B0D2 |
SHA-256: | 5D8A6CD4D2DE8A2B0B46B87FAEAB8B31E6622D0C5EF81970C9D65975B37CA94E |
SHA-512: | 5BFC69378548041A332B3E6ECDFA0A687C708BDDF0985D2694512F1967B56C86EC0BCE545567DDCF70CA98D0E113D023AEECE91538D05E5AABF64D8F5AC7453F |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\icon-ui.icns
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1245 |
Entropy (8bit): | 5.462849750105637 |
Encrypted: | false |
SSDEEP: | 24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5 |
MD5: | 5343C1A8B203C162A3BF3870D9F50FD4 |
SHA1: | 04B5B886C20D88B57EEA6D8FF882624A4AC1E51D |
SHA-256: | DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F |
SHA-512: | E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Antimodernly\trever\Hovedinteressers\lang-1059.dll
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 160264 |
Entropy (8bit): | 4.358279117234243 |
Encrypted: | false |
SSDEEP: | 768:EVS3TP/nITMkSXnOLeecEKVdPGeGlo1ciX9NtfoxOpGHXGHmeVDj3bRQ9pY/ycVa:EVsPQBRodPDW4zMctML/ |
MD5: | B47C741673A92A16B48140FCBDA04030 |
SHA1: | AA7A003DA656320A274F276EE4BF8C27203D1B4C |
SHA-256: | E6E775E7A5AC1BFA01B5A5CB9A7532171817408E67E346E33CA3CB091BDEA478 |
SHA-512: | 464BFC63FD715E07C02ED78F9603A1C890F3848C0D46BB7B58D352B3FF1E76612E8D772903C9954159586735567DD493A023BCFADA5E15407725F7267567DC60 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Ath_CoexAgent.exe
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 323584 |
Entropy (8bit): | 6.212800759462987 |
Encrypted: | false |
SSDEEP: | 3072:KW+Rs18sEZQEwgD+odVKFKLuFv1kJV0YVJL/vFU/lmJ03Hk7OJ3/b7FG66sN4IqF:j7SdPKZ1kJLLH+lmJgHeOVb7o663L |
MD5: | 86B8B1F5C1189D68B07666784BE882FE |
SHA1: | B023E9442CFC9C9652E1C8990F06DEF08BDC5B01 |
SHA-256: | 0DD8C627F3DDBDB61B1910540C465C0D62C9F8D84C7CBB6C80782DB02D535AF0 |
SHA-512: | E471BEBDD441756CD840420C862CD84EF18A03144DDCAA20D783399D0736BD012D3984E38BDDB9DF16837B205D0A6ECA4C6FEE1D41553B5002A4B1E1B753E139 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Diskofils\Justiciaryship\vmusbmouse.cat
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 10376 |
Entropy (8bit): | 7.080841609849737 |
Encrypted: | false |
SSDEEP: | 192:pL/2EJC+EhGRmwBYyKaWFWQFV5NB0884LfqnajnWc:11PCFRVJlLWc |
MD5: | DBE99D951395F37E5C3F4164D8A22245 |
SHA1: | 238EF179549F6AEB2E3C6F4188365814A965312B |
SHA-256: | 671CB26C75AC0256B07835AE00E7018AF6126FAE7400BF21E57707E0CC9164B5 |
SHA-512: | 3A931015C1038965028AD70E439F75BA210B1113BBCD8A7C5063DA376DBB577F250BE6141B93F1CB100084A930DAD4B2205864F19F3A5E3911CD6CC0B6D0D0D8 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\Mss32.dll
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 353768 |
Entropy (8bit): | 6.836018886719178 |
Encrypted: | false |
SSDEEP: | 6144:EpcTapyHuUcl0PUpFawtMR6gP4aHrmtcWR3uA9:MIaQ+l0PoRtW6aHrmtcWRt9 |
MD5: | B75A8E0DDEEB4330C1DBA37105244B0F |
SHA1: | E5302CA8517AC2826B5D56E3395D41C34B5B3DF7 |
SHA-256: | CC142B9D8B5223E2720C6440CB7A124C0A80D2FB04ECF59AD7331DFD6E3CB51F |
SHA-512: | 120F91A144B5B6CC9E33B232AE4466AF2E6C5F702F4C04E9A03DD4F239DE752770E4DE2C6BE2CAF3BEE9775C8887EAB9E08A896D7F2EBA1AD8CF928555CC99A3 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Inkshed\NMDllHost.exe
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 116720 |
Entropy (8bit): | 5.889271571414613 |
Encrypted: | false |
SSDEEP: | 3072:g3nqpX2I6OhctR+lCTD01Lcy4J93TnCx86:L2W1oy4J93TCT |
MD5: | DBF787BD6E5CE77FB34FF281A144EB96 |
SHA1: | 50B7799ECCA566BE35429828245D44CB04AD8885 |
SHA-256: | CCBACEEA04837229C95C08274C747ABE069279AFB990DDD89EC743C42ADC0AD9 |
SHA-512: | 07949EC3882D9CB6E2341CE60C6E911F24463B01F484C037E65A2A8F3495543A096B632E01F8480D03FF388D1E811ECF760155F97F1D5329785C506603BB18A7 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Stemningssvingning\Urgently.Suk
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 52812 |
Entropy (8bit): | 2.691443133069214 |
Encrypted: | false |
SSDEEP: | 768:w3MHvSSEEEE422O9Py2Ve76uBu+O3+xpnY/A8o9kxErpEEEbYRx+KmGSBAM07byk:bvS53XH/Y/A8opMr07bnr |
MD5: | 4C6FAD70762561B0D38AA152C52796A8 |
SHA1: | 9FAFD1E9CF41E5482AC7960F7F0C20AB5B703D30 |
SHA-256: | C7CC1E08C3B0850EF02E7F4371D71918B55686581FDE5D124149884EE56C8F4F |
SHA-512: | 721DC72FF2153615343BCEC4B408337E8BD5012C234237F2005C43C48D1179DEDC1606014DE6659F5A22BC9116C2348C1AD5B05BF128D60572EEAE9346E06EE0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\SourceCodePro-ExtraLight.otf
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 127080 |
Entropy (8bit): | 7.036042013030407 |
Encrypted: | false |
SSDEEP: | 3072:Tz0LOC7z/0cS/Uz0+Gp+dtsVaHGg0IADoQg4RAxL2+p:s7z/0jUz0+GsdBHGg9cg4mvp |
MD5: | 9ECC8DF598E9EDDE1072942D344CC0CF |
SHA1: | 9FF240AB48EB7E97237E25D8C6F8CD738BA97CAA |
SHA-256: | D945E1C81A59A434E36EEDEF21E64B61CC6901A9E43936AF79C20BDBF57592B1 |
SHA-512: | 09978B7AF39B541C13F5E628BAF789E9FD1635258C74379351612451022D53B38B9F78DA7A74C19BA0FFB7B0C93B63C69EFCFC36285EFBCAF3678ADE7D423AD0 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\Udlandsrejse153\Aeroscopic\Clanging\Uskyldsrent\cs.txt
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 9204 |
Entropy (8bit): | 5.371514089173945 |
Encrypted: | false |
SSDEEP: | 192:iRJ98lWxEb5BvGIrd+mc1OTno+SXhbSIm1JjSvcQpK/w:ijK0GeIrQmEOTno+SXox1JjmpKo |
MD5: | 641B90F9AEDFC68486D0D20B40F7ECA6 |
SHA1: | 0A683DD844534905336784FADD80498AFE26F6FA |
SHA-256: | 87A4B9369FD51D76C9032C0E65C3C6221659E086798829072785BE589E55B839 |
SHA-512: | 567CB9F6C31D196A171E5A9C2726A39A9B3D351AC92D4ACF8624213A68C9033ACC31AFAAAD82AA9F5359F32D3A0CA40522E151B8370D553A41ABEB6A6E097078 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\predepository\figuranternes.Han
Download File
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218305 |
Entropy (8bit): | 7.337101777894853 |
Encrypted: | false |
SSDEEP: | 3072:PdqWTzg/gzZ9xRpRmib28JUBTE+vAsGolsJAsJ7Z/aKespGgyfZrl:HOaZ1nv9J2I+veZiKe2i |
MD5: | DF0C864AD6FE636F3AD391B04A408AC7 |
SHA1: | B0072D5406BA66EDD9F6A1A443D56378BDA688C5 |
SHA-256: | A802EB02B9345615A947C6B8B57441D7DEBD4300FFEAFC16623CE18F68CABBF2 |
SHA-512: | 2AA97CC2724CA1309B3594F552BAF227CCB7B6F73B29E612A9779D987E9FBE0E41F7CE765083AE16CD3CEC84B826A401279D69200D1AE3A0722B4E3CC731079C |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 5632 |
Entropy (8bit): | 4.76010720109437 |
Encrypted: | false |
SSDEEP: | 96:HqNXqwK188CgAtXvZBkjDf0yf9ysrtWp2wol:HAqrg1XvZB6kYtWp2 |
MD5: | 88C3BA1802AEF228541820767453E058 |
SHA1: | 4F3AEFB9E4EC27CB49973CB19BD968E54A2BA676 |
SHA-256: | 2722555EC1F72523774B64D25FD4C2B460000BFE82140876D6100DC4FB1F62B1 |
SHA-512: | 718790339E13B53553AFDE6968AE10CDA7B47CBDBFC82599116C8B5B1E8FBBA259F0CE6781908BE027360132A0ABE057DF2FFA7072212ACDA96BFF535E241582 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\invoice.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11264 |
Entropy (8bit): | 5.767999234165119 |
Encrypted: | false |
SSDEEP: | 192:cPtkumJX7zBE2kGwfy9S9VkPsFQ1MZ1c:N7O2k5q9wA1MZa |
MD5: | C9473CB90D79A374B2BA6040CA16E45C |
SHA1: | AB95B54F12796DCE57210D65F05124A6ED81234A |
SHA-256: | B80A5CBA69D1853ED5979B0CA0352437BF368A5CFB86CB4528EDADD410E11352 |
SHA-512: | EAFE7D5894622BC21F663BCA4DD594392EE0F5B29270B6B56B0187093D6A3A103545464FF6398AD32D2CF15DAB79B1F133218BA9BA337DDC01330B5ADA804D7B |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2097152 |
Entropy (8bit): | 4.523815600656336 |
Encrypted: | false |
SSDEEP: | 12288:kDvK0ehODuTywB84iTd+vXlnebS23+5PfWhsYSDzFJFGl56zwlMhagmcnYJx:kATywB84iTd+vXlneGKHlMhagmcnYJx |
MD5: | 6B3E54A24A9E83963E044BE36E344CD6 |
SHA1: | FE8383F68D875A4C9E711E7878D7385C1612CCCA |
SHA-256: | D3FF0F24C8D20A5005CC564DEB0B197A5FBF1506F3F1388D50292DD118698312 |
SHA-512: | BD8821C4DE2619E9450DE73A4FAA53B13D6102CB1686DFABBB72D01B12AE96FC8918D01FD366ACC3EC139DD22DAFBDFDE98D418677656469776B9C992C4D8904 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 499712 |
Entropy (8bit): | 4.5534365820054905 |
Encrypted: | false |
SSDEEP: | 3072:HAQEODdececetnZJCy5i1T7Em0CXrnS+p2oJHrYKzOixxRvF5dlEVyi9RReloD3I:0OJJxa5ii+4yLYKzX1F/ljiteloN5 |
MD5: | 51B02C650B9F903CC6EEACB3A10D21A5 |
SHA1: | 4EA07D7465F2429B16A13D2058F8A4B25CC65AE4 |
SHA-256: | 30B4E3705D8FAC7230A89C328F433F7EEC2FA552181EE91AB39F4B13A7ED70ED |
SHA-512: | 7624DD241AC2E1448014E5B603C9FDD255180E437E1A34520D8115C3B56052D24DC7FD98C4ED929D6722F71CCF1F2FC978C3344F7FABEADEA4F490B78D7B137F |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 164 |
Entropy (8bit): | 4.5750027080925975 |
Encrypted: | false |
SSDEEP: | 3:WNEDkFrA7fw3eqIusdHSdX7/fWmEdIOAlwV6EwqQLWFBaaafFa/Rv/naaaaqBcn:WsTbtyxkKO+dZWF7afFoRHRaaqBc |
MD5: | 8D14AB4128F9BFE3E4F5F9B160BBFFE7 |
SHA1: | 7EA846DF04D4120A819DB47723C716BF2610E5CD |
SHA-256: | 91D7EA682DB129FD33DA04168DB3BFCA08EA8B6CB0533C559E0ADC0DA5BD56E8 |
SHA-512: | BF72FC0F59202B09E92961CE6C6CF21D3BBBB22AAA6B0A6B3FFBA2392362BF30A6B874A6CBBF6D11F06975CDDDBDB247053222D34D4F24055E50C0AFC9802E65 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.953363965326294 |
TrID: |
|
File name: | invoice.exe |
File size: | 861416 |
MD5: | f111934675c34cca18d9d76fc34a2e40 |
SHA1: | 6c54e0fbae03df56fee84195f3deb4d2ebd8d8c1 |
SHA256: | c627b8bb6c4ea0cf03aa2d209d0ecc53ff9784283328dabd44c1675aef0939c2 |
SHA512: | 48b825550b320ebfcccc4260e359ffedad7675913ee7e7a62bd62a3839fd20c8f7cafb9a6e6bb8d7d8a2164674019b696c8851362c0a6b69f4dde8b1da3dc84c |
SSDEEP: | 12288:cJAEzBf4FZZmubGJ6vVZgj9Zp4RVkdXALai8ZpP7MxhGmeLJfRriFm4gCb5vr:cJBf4guba6voj9mOdXALN8bP7MxhVP5 |
TLSH: | 090523919D24D01ACFCB1A32C6E0AAF51FA93D1DF546350FAB103DDE7AB3016992E1D8 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........(...F...F...F.*.....F...G.v.F.*.....F...v...F...@...F.Rich..F.........................PE..L...2.uY.................d...|..... |
Icon Hash: | 185d7c3f1d094720 |
Entrypoint: | 0x4031f1 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x59759532 [Mon Jul 24 06:35:30 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 3abe302b6d9a1256e6a915429af4ffd2 |
Signature Valid: | false |
Signature Issuer: | E=Levnendes@Printstnings.Gum, OU="Berlinsk Absorptively Uncatholicise ", O=Toffy, L=Parbrook, S=England, C=GB |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 56C9BA7DFEC92471D18B65DEBADFD264 |
Thumbprint SHA-1: | 791103B8F445F30749CC09454489D8932043151F |
Thumbprint SHA-256: | 12660D9C667AA56EF5F4D3C7A46C00BBF32786E1EDB7C6D1BB2EFDC10DDE5337 |
Serial: | 292387F23D7D31A4C4A61C828EB508755809B6A4 |
Instruction |
---|
sub esp, 00000184h |
push ebx |
push esi |
push edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+18h], ebx |
mov dword ptr [esp+10h], 0040A198h |
mov dword ptr [esp+20h], ebx |
mov byte ptr [esp+14h], 00000020h |
call dword ptr [004080A0h] |
call dword ptr [0040809Ch] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [0042F40Ch], eax |
je 00007FEA50837CA3h |
push ebx |
call 00007FEA5083AD5Ah |
cmp eax, ebx |
je 00007FEA50837C99h |
push 00000C00h |
call eax |
mov esi, 00408298h |
push esi |
call 00007FEA5083ACD6h |
push esi |
call dword ptr [00408098h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], bl |
jne 00007FEA50837C7Dh |
push 0000000Ah |
call 00007FEA5083AD2Eh |
push 00000008h |
call 00007FEA5083AD27h |
push 00000006h |
mov dword ptr [0042F404h], eax |
call 00007FEA5083AD1Bh |
cmp eax, ebx |
je 00007FEA50837CA1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007FEA50837C99h |
or byte ptr [0042F40Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [00408288h] |
mov dword ptr [0042F4D8h], eax |
push ebx |
lea eax, dword ptr [esp+38h] |
push 00000160h |
push eax |
push ebx |
push 00429830h |
call dword ptr [00408178h] |
push 0040A188h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8534 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x41000 | 0x219c8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xd02c0 | 0x2228 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x298 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x6254 | 0x6400 | False | 0.6676171875 | data | 6.4338643172916266 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x1354 | 0x1400 | False | 0.4599609375 | data | 5.236269898436511 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x25518 | 0x600 | False | 0.4557291666666667 | data | 4.044625496015545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x30000 | 0x11000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x41000 | 0x219c8 | 0x21a00 | False | 0.8901312732342007 | data | 7.609648735329348 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x41418 | 0x1224f | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x53668 | 0x6259 | PNG image data, 256 x 256, 8-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x598c8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x5be70 | 0x2466 | PNG image data, 256 x 256, 4-bit colormap, non-interlaced | English | United States |
RT_ICON | 0x5e2d8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x5f380 | 0xea8 | Device independent bitmap graphic, 48 x 96 x 8, image size 2304 | English | United States |
RT_ICON | 0x60228 | 0x8a8 | Device independent bitmap graphic, 32 x 64 x 8, image size 1024 | English | United States |
RT_ICON | 0x60ad0 | 0x668 | Device independent bitmap graphic, 48 x 96 x 4, image size 1152 | English | United States |
RT_ICON | 0x61138 | 0x568 | Device independent bitmap graphic, 16 x 32 x 8, image size 256 | English | United States |
RT_ICON | 0x616a0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_ICON | 0x61b08 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 512 | English | United States |
RT_ICON | 0x61df0 | 0x128 | Device independent bitmap graphic, 16 x 32 x 4, image size 128 | English | United States |
RT_DIALOG | 0x61f18 | 0x120 | data | English | United States |
RT_DIALOG | 0x62038 | 0x11c | data | English | United States |
RT_DIALOG | 0x62158 | 0xc4 | data | English | United States |
RT_DIALOG | 0x62220 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x62280 | 0xae | data | English | United States |
RT_VERSION | 0x62330 | 0x354 | data | English | United States |
RT_MANIFEST | 0x62688 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetTempPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, SetEnvironmentVariableA, Sleep, GetTickCount, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GetWindowsDirectoryA, SetCurrentDirectoryA, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, GetExitCodeProcess, WaitForSingleObject, CompareFileTime, SetFileAttributesA, GetFileAttributesA, GetShortPathNameA, MoveFileA, GetFullPathNameA, SetFileTime, SearchPathA, CloseHandle, lstrcmpiA, CreateThread, GlobalLock, lstrcmpA, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GlobalAlloc, GlobalFree, ExpandEnvironmentStringsA |
USER32.dll | ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExA, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExA, RegOpenKeyExA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, RegEnumValueA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegSetValueExA, RegQueryValueExA, RegEnumKeyA |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
192.168.11.20193.122.130.049842802039190 03/17/23-14:34:28.679795 | TCP | 2039190 | ET TROJAN 404/Snake/Matiex Keylogger Style External IP Check | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 14:34:25.817516088 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.817559958 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.817728996 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.830518007 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.830559969 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.870882988 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.871021986 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.871067047 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.872196913 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.872360945 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.945143938 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.945188046 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.945667982 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:25.945909977 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.950752974 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:25.992337942 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:26.441880941 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:26.442033052 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:26.442121029 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:26.442156076 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:26.442212105 CET | 443 | 49840 | 142.250.184.206 | 192.168.11.20 |
Mar 17, 2023 14:34:26.442816973 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:26.442816973 CET | 49840 | 443 | 192.168.11.20 | 142.250.184.206 |
Mar 17, 2023 14:34:26.527911901 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:26.527951002 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:26.528120041 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:26.528405905 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:26.528420925 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.586244106 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.586421967 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.586488962 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.588453054 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.588624954 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.588624954 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.591826916 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.591856003 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.592645884 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.592905045 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.593214989 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.636318922 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.803666115 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.803952932 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.803965092 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.804122925 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.804511070 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.804641008 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.804688931 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.804688931 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.805387974 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.805522919 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.805593967 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.806293011 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.806519032 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.806525946 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.806628942 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.808926105 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.809103012 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.809113979 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.809334040 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.811726093 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.811872959 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.811928988 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.811933041 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.811959982 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.812011957 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.812182903 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.812731028 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.812877893 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.812890053 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.813030958 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.813043118 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.813240051 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.813616991 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.813657999 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.813822031 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.813828945 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.813977003 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.814548969 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.814713001 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.814724922 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.814933062 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.815463066 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.815520048 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.815613985 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.815628052 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.815685034 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.815767050 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.816344023 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.816478968 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.816622019 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.816634893 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.816757917 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.817270041 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.817449093 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.817460060 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.817699909 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.817708015 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.817888021 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.818191051 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.818242073 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.818332911 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.818346024 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.818413019 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.818538904 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.819063902 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.819194078 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.819221973 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.819230080 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.819427967 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.819968939 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.820146084 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.820152998 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.820266962 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.820270061 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.820461988 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.820888996 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821038961 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821114063 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.821129084 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821219921 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.821283102 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.821824074 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821897984 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821938992 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821960926 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.821966887 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.821974039 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.822173119 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.822740078 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.822864056 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.822891951 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.822902918 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.822916985 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823019028 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823019028 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823153019 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823158979 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823297024 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823574066 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823700905 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823730946 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823751926 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823759079 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.823919058 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.823925972 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824062109 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.824491978 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824673891 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.824685097 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824820995 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824847937 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824862957 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.824914932 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.824925900 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825031996 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825031996 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825129032 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825323105 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825375080 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825459003 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825467110 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825566053 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825576067 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825629950 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825647116 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825650930 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.825719118 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.825798988 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.826210976 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.826361895 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.826370955 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.826481104 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.826508045 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.826535940 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.826559067 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.826690912 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.826781034 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.827220917 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.827353954 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.827411890 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.827419043 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.827480078 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.827518940 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.827590942 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.827595949 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.827706099 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.827852011 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.828107119 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828248024 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.828254938 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828392982 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.828399897 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828461885 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828589916 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828634977 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.828641891 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.828778982 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.829056978 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.829201937 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.829268932 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.829320908 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.829375029 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.829408884 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.829463005 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.829544067 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.829600096 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.829741001 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.830039978 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830099106 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830173969 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.830174923 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830180883 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830264091 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.830267906 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830444098 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.830446959 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830579042 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.830790997 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830889940 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:27.830940962 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.831110001 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:27.831110001 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:28.139965057 CET | 49841 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 17, 2023 14:34:28.139990091 CET | 443 | 49841 | 142.250.186.33 | 192.168.11.20 |
Mar 17, 2023 14:34:28.579044104 CET | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Mar 17, 2023 14:34:28.679069042 CET | 80 | 49842 | 193.122.130.0 | 192.168.11.20 |
Mar 17, 2023 14:34:28.679271936 CET | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Mar 17, 2023 14:34:28.679795027 CET | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Mar 17, 2023 14:34:28.779683113 CET | 80 | 49842 | 193.122.130.0 | 192.168.11.20 |
Mar 17, 2023 14:34:28.781480074 CET | 80 | 49842 | 193.122.130.0 | 192.168.11.20 |
Mar 17, 2023 14:34:28.827358007 CET | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Mar 17, 2023 14:35:02.051467896 CET | 49842 | 80 | 192.168.11.20 | 193.122.130.0 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 17, 2023 14:34:25.800806999 CET | 53317 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 14:34:25.810267925 CET | 53 | 53317 | 1.1.1.1 | 192.168.11.20 |
Mar 17, 2023 14:34:26.492222071 CET | 64485 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 14:34:26.525289059 CET | 53 | 64485 | 1.1.1.1 | 192.168.11.20 |
Mar 17, 2023 14:34:28.565037012 CET | 53811 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 17, 2023 14:34:28.573910952 CET | 53 | 53811 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 17, 2023 14:34:25.800806999 CET | 192.168.11.20 | 1.1.1.1 | 0x9c31 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2023 14:34:26.492222071 CET | 192.168.11.20 | 1.1.1.1 | 0xb9a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 17, 2023 14:34:28.565037012 CET | 192.168.11.20 | 1.1.1.1 | 0x9827 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 17, 2023 14:34:25.810267925 CET | 1.1.1.1 | 192.168.11.20 | 0x9c31 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:26.525289059 CET | 1.1.1.1 | 192.168.11.20 | 0xb9a5 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:26.525289059 CET | 1.1.1.1 | 192.168.11.20 | 0xb9a5 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
Mar 17, 2023 14:34:28.573910952 CET | 1.1.1.1 | 192.168.11.20 | 0x9827 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49840 | 142.250.184.206 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49841 | 142.250.186.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.11.20 | 49842 | 193.122.130.0 | 80 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Mar 17, 2023 14:34:28.679795027 CET | 370 | OUT | |
Mar 17, 2023 14:34:28.781480074 CET | 370 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49840 | 142.250.184.206 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 13:34:25 UTC | 0 | OUT | |
2023-03-17 13:34:26 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49841 | 142.250.186.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-17 13:34:27 UTC | 1 | OUT | |
2023-03-17 13:34:27 UTC | 1 | IN |