Edit tour
Windows
Analysis Report
Rechung-R1663322504.exe
Overview
General Information
| Sample Name: | Rechung-R1663322504.exe |
| Analysis ID: | 829392 |
| MD5: | 11b5b208de7a85b46104a0597c5da7dc |
| SHA1: | c578bc317e666159cbfc191cb4e50de2de03ab79 |
| SHA256: | 0a80ba418f561098477e18cc42ddfc31796b2be3166ff6c99967b98388fe4826 |
| Infos: |  |
 | |
Detection
GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected BrowserPasswordDump
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
May check the online IP address of the machine
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
One or more processes crash
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Enables debug privileges
AV process strings found (often used to terminate AV products)
Found inlined nop instructions (likely shell or obfuscated code)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
PE / OLE file has an invalid certificate
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
Rechung-R1663322504.exe (PID: 6340 cmdline: C:\Users\u ser\Deskto p\Rechung- R166332250 4.exe MD5: 11B5B208DE7A85B46104A0597C5DA7DC) 
CasPol.exe (PID: 6560 cmdline: C:\Users\u ser\Deskto p\Rechung- R166332250 4.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - CasPol.exe (PID: 3312 cmdline:
C:\Users\u ser\Deskto p\Rechung- R166332250 4.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - CasPol.exe (PID: 5220 cmdline:
C:\Users\u ser\Deskto p\Rechung- R166332250 4.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) 
conhost.exe (PID: 5764 cmdline: C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68) - dw20.exe (PID: 9028 cmdline:
dw20.exe - x -s 2584 MD5: 89106D4D0BA99F770EAFE946EA81BB65)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| HKTL_NET_GUID_BrowserPass | Detects c# red/black-team tools via typelibguid | Arnim Rupp (https://github.com/ruppde) |
| |
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security | ||
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security | ||
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security | ||
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security | ||
| Click to see the 4 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| HKTL_NET_GUID_BrowserPass | Detects c# red/black-team tools via typelibguid | Arnim Rupp (https://github.com/ruppde) |
| |
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security | ||
| HKTL_NET_GUID_BrowserPass | Detects c# red/black-team tools via typelibguid | Arnim Rupp (https://github.com/ruppde) |
| |
| JoeSecurity_BrowserPasswordDump_1 | Yara detected BrowserPasswordDump | Joe Security |
⊘No Sigma rule has matched
| Timestamp: | 192.168.11.20158.101.44.24249845802039190 03/18/23-05:38:08.943594 |
| SID: | 2039190 |
| Source Port: | 49845 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Code function: | 7_2_370F1C22 | |
| Source: | Code function: | 7_2_370F1BF9 | |
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 1_2_00402862 | |
| Source: | Code function: | 1_2_0040596D | |
| Source: | Code function: | 1_2_004065A2 | |
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Code function: | 7_2_00D2BE60 | |
| Source: | Code function: | 7_2_00D2A8D0 | |
| Source: | Code function: | 7_2_00D23CD0 | |
| Source: | Code function: | 7_2_00D204C0 | |
| Source: | Code function: | 7_2_00D249C0 | |
| Source: | Code function: | 7_2_00D2B5C0 | |
| Source: | Code function: | 7_2_00D28EC8 | |
| Source: | Code function: | 7_2_00D222F0 | |
| Source: | Code function: | 7_2_00D263FA | |
| Source: | Code function: | 7_2_00D22FE0 | |
| Source: | Code function: | 7_2_00D22B90 | |
| Source: | Code function: | 7_2_00D23880 | |
| Source: | Code function: | 7_2_00D2A480 | |
| Source: | Code function: | 7_2_00D281B0 | |
| Source: | Code function: | 7_2_00D211B0 | |
| Source: | Code function: | 7_2_00D29BB8 | |
| Source: | Code function: | 7_2_00D21EA0 | |
| Source: | Code function: | 7_2_00D21A50 | |
| Source: | Code function: | 7_2_00D22740 | |
| Source: | Code function: | 7_2_00D2B170 | |
| Source: | Code function: | 7_2_00D24570 | |
| Source: | Code function: | 7_2_00D20070 | |
| Source: | Code function: | 7_2_00D28A78 | |
| Source: | Code function: | 7_2_00D20D60 | |
| Source: | Code function: | 7_2_00D29768 | |
| Source: | Code function: | 7_2_00D20910 | |
| Source: | Code function: | 7_2_00D2BA10 | |
| Source: | Code function: | 7_2_00D29318 | |
| Source: | Code function: | 7_2_00D26400 | |
| Source: | Code function: | 7_2_00D21600 | |
| Source: | Code function: | 7_2_00D2A030 | |
| Source: | Code function: | 7_2_00D23430 | |
| Source: | Code function: | 7_2_00D2AD20 | |
| Source: | Code function: | 7_2_00D24120 | |
| Source: | Code function: | 7_2_00D28628 | |
| Source: | Code function: | 7_2_00D26729 | |
| Source: | Code function: | 7_2_36F2DC70 | |
| Source: | Code function: | 7_2_36F2F200 | |
| Source: | Code function: | 7_2_36F22588 | |
| Source: | Code function: | 7_2_36F2212B | |
| Source: | Code function: | 7_2_36F2B0F0 | |
| Source: | Code function: | 7_2_36F2B0E0 | |
| Source: | Code function: | 7_2_36F2CED0 | |
| Source: | Code function: | 7_2_36F2E0C0 | |
| Source: | Code function: | 7_2_36F228A0 | |
| Source: | Code function: | 7_2_36F2FAAE | |
| Source: | Code function: | 7_2_36F2F650 | |
| Source: | Code function: | 7_2_36F2CA29 | |
| Source: | Code function: | 7_2_36F2CC08 | |
| Source: | Code function: | 7_2_36F2C3E8 | |
| Source: | Code function: | 7_2_36F2EDB0 | |
| Source: | Code function: | 7_2_36F22586 | |
| Source: | Code function: | 7_2_36F2E961 | |
| Source: | Code function: | 7_2_36F2E510 | |
Networking | |
|---|
| Source: | Snort IDS: | ||
| Source: | DNS query: | ||
| Source: | DNS query: | ||
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | Code function: | 7_2_34B6A09A | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Code function: | 1_2_00405402 | |
| Source: | Static PE information: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Matched rule: | ||
| Source: | Process created: | ||
| Source: | Code function: | 1_2_00403350 | |
| Source: | File created: | Jump to behavior | ||
| Source: | Code function: | 1_2_00404C3F | |
| Source: | Code function: | 7_2_00D25C78 | |
| Source: | Code function: | 7_2_00D26778 | |
| Source: | Code function: | 7_2_00D27460 | |
| Source: | Code function: | 7_2_00D2BE60 | |
| Source: | Code function: | 7_2_00D24E10 | |
| Source: | Code function: | 7_2_00D2A8D0 | |
| Source: | Code function: | 7_2_00D23CD0 | |
| Source: | Code function: | 7_2_00D22FD0 | |
| Source: | Code function: | 7_2_00D204C0 | |
| Source: | Code function: | 7_2_00D249C0 | |
| Source: | Code function: | 7_2_00D2B5C0 | |
| Source: | Code function: | 7_2_00D2A8C0 | |
| Source: | Code function: | 7_2_00D28EC8 | |
| Source: | Code function: | 7_2_00D23CCE | |
| Source: | Code function: | 7_2_00D222F0 | |
| Source: | Code function: | 7_2_00D215F0 | |
| Source: | Code function: | 7_2_00D263FA | |
| Source: | Code function: | 7_2_00D222E2 | |
| Source: | Code function: | 7_2_00D22FE0 | |
| Source: | Code function: | 7_2_00D22B90 | |
| Source: | Code function: | 7_2_00D21E9E | |
| Source: | Code function: | 7_2_00D23880 | |
| Source: | Code function: | 7_2_00D2A480 | |
| Source: | Code function: | 7_2_00D22B80 | |
| Source: | Code function: | 7_2_00D281B0 | |
| Source: | Code function: | 7_2_00D211B0 | |
| Source: | Code function: | 7_2_00D249B0 | |
| Source: | Code function: | 7_2_00D29BB8 | |
| Source: | Code function: | 7_2_00D28EB9 | |
| Source: | Code function: | 7_2_00D204BE | |
| Source: | Code function: | 7_2_00D2B5BE | |
| Source: | Code function: | 7_2_00D211A0 | |
| Source: | Code function: | 7_2_00D21EA0 | |
| Source: | Code function: | 7_2_00D281A0 | |
| Source: | Code function: | 7_2_00D29BA9 | |
| Source: | Code function: | 7_2_00D20D50 | |
| Source: | Code function: | 7_2_00D21A50 | |
| Source: | Code function: | 7_2_00D2BE55 | |
| Source: | Code function: | 7_2_00D29759 | |
| Source: | Code function: | 7_2_00D22740 | |
| Source: | Code function: | 7_2_00D21A4E | |
| Source: | Code function: | 7_2_00D2B170 | |
| Source: | Code function: | 7_2_00D24570 | |
| Source: | Code function: | 7_2_00D20070 | |
| Source: | Code function: | 7_2_00D28A76 | |
| Source: | Code function: | 7_2_00D28A78 | |
| Source: | Code function: | 7_2_00D2387E | |
| Source: | Code function: | 7_2_00D2A47E | |
| Source: | Code function: | 7_2_00D20D60 | |
| Source: | Code function: | 7_2_00D2B161 | |
| Source: | Code function: | 7_2_00D2456A | |
| Source: | Code function: | 7_2_00D29768 | |
| Source: | Code function: | 7_2_00D25C68 | |
| Source: | Code function: | 7_2_00D26769 | |
| Source: | Code function: | 7_2_00D20910 | |
| Source: | Code function: | 7_2_00D2BA10 | |
| Source: | Code function: | 7_2_00D24110 | |
| Source: | Code function: | 7_2_00D20011 | |
| Source: | Code function: | 7_2_00D2AD16 | |
| Source: | Code function: | 7_2_00D29318 | |
| Source: | Code function: | 7_2_00D28619 | |
| Source: | Code function: | 7_2_00D26400 | |
| Source: | Code function: | 7_2_00D21600 | |
| Source: | Code function: | 7_2_00D20906 | |
| Source: | Code function: | 7_2_00D2BA0B | |
| Source: | Code function: | 7_2_00D29309 | |
| Source: | Code function: | 7_2_00D22732 | |
| Source: | Code function: | 7_2_00D2A030 | |
| Source: | Code function: | 7_2_00D23430 | |
| Source: | Code function: | 7_2_00D2AD20 | |
| Source: | Code function: | 7_2_00D24120 | |
| Source: | Code function: | 7_2_00D2A020 | |
| Source: | Code function: | 7_2_00D2342B | |
| Source: | Code function: | 7_2_00D28628 | |
| Source: | Code function: | 7_2_36F212E8 | |
| Source: | Code function: | 7_2_36F296A0 | |
| Source: | Code function: | 7_2_36F22C83 | |
| Source: | Code function: | 7_2_36F2DC70 | |
| Source: | Code function: | 7_2_36F2F200 | |
| Source: | Code function: | 7_2_36F265C8 | |
| Source: | Code function: | 7_2_36F2212B | |
| Source: | Code function: | 7_2_36F264D0 | |
| Source: | Code function: | 7_2_36F2CED0 | |
| Source: | Code function: | 7_2_36F2E0C0 | |
| Source: | Code function: | 7_2_36F29ECB | |
| Source: | Code function: | 7_2_36F25EA0 | |
| Source: | Code function: | 7_2_36F214A8 | |
| Source: | Code function: | 7_2_36F2FAAE | |
| Source: | Code function: | 7_2_36F29690 | |
| Source: | Code function: | 7_2_36F25E9E | |
| Source: | Code function: | 7_2_36F25A79 | |
| Source: | Code function: | 7_2_36F2F650 | |
| Source: | Code function: | 7_2_36F26C19 | |
| Source: | Code function: | 7_2_36F2B408 | |
| Source: | Code function: | 7_2_36F2ABF3 | |
| Source: | Code function: | 7_2_36F2B3F8 | |
| Source: | Code function: | 7_2_36F2C3E8 | |
| Source: | Code function: | 7_2_36F2C3DA | |
| Source: | Code function: | 7_2_36F2EDB0 | |
| Source: | Code function: | 7_2_36F265B7 | |
| Source: | Code function: | 7_2_36F2E961 | |
| Source: | Code function: | 7_2_36F2BD40 | |
| Source: | Code function: | 7_2_36F2BD30 | |
| Source: | Code function: | 7_2_36F2E510 | |
| Source: | Code function: | 7_2_36F2910F | |
| Source: | Code function: | 7_2_34B6A67E | |
| Source: | Code function: | 7_2_34B6A64D | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | Virustotal: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_00403350 | |
| Source: | Code function: | 7_2_34B6A502 | |
| Source: | Code function: | 7_2_34B6A4CB | |
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | Code function: | 1_2_004020FE | |
| Source: | File read: | Jump to behavior | ||
| Source: | Code function: | 1_2_004046C3 | |
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File written: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation | |
|---|
| Source: | File source: | ||
| Source: | Code function: | 1_3_00A8BC83 | |
| Source: | Code function: | 1_3_00A8BF03 | |
| Source: | Code function: | 1_3_00A88803 | |
| Source: | Code function: | 1_3_00A8787B | |
| Source: | Code function: | 1_3_00A8104E | |
| Source: | Code function: | 1_3_00A80EA6 | |
| Source: | Code function: | 1_3_00A87823 | |
| Source: | Code function: | 1_3_00A89B4C | |
| Source: | Code function: | 1_3_00A8A163 | |
| Source: | Code function: | 1_2_10002E0E | |
| Source: | Code function: | 7_2_36F2FAA5 | |
| Source: | Code function: | 7_2_36F22042 | |
| Source: | Code function: | 7_2_36F2201A | |
| Source: | Code function: | 7_2_36F22012 | |
| Source: | Code function: | 7_2_36F21FEA | |
| Source: | Code function: | 7_2_36F2C3A3 | |
| Source: | Code function: | 7_2_36F21FC2 | |
| Source: | Code function: | 7_2_36F21F9A | |
| Source: | Code function: | 7_2_36F21D4A | |
| Source: | Code function: | 7_2_36F21D4E | |
| Source: | Code function: | 7_2_36F21D52 | |
| Source: | Code function: | 7_2_36F22122 | |
| Source: | Code function: | 7_2_36F21D02 | |
| Source: | Code function: | 1_2_10001B18 | |
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Last function: | ||
| Source: | Code function: | 1_2_00402862 | |
| Source: | Code function: | 1_2_0040596D | |
| Source: | Code function: | 1_2_004065A2 | |
| Source: | System information queried: | Jump to behavior | ||
| Source: | API call chain: | graph_1-4651 | ||
| Source: | API call chain: | graph_1-4646 | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 1_2_10001B18 | |
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Code function: | 1_2_00406937 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 1_2_00403350 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 11 Masquerading | 2 OS Credential Dumping | 211 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 21 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
| Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 111 Process Injection | 1 Virtualization/Sandbox Evasion | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | Exfiltration Over Bluetooth | 2 Ingress Tool Transfer | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 1 System Network Configuration Discovery | SMB/Windows Admin Shares | 2 Data from Local System | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Access Token Manipulation | NTDS | 4 File and Directory Discovery | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 111 Process Injection | LSA Secrets | 16 System Information Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 2 Obfuscated Files or Information | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 DLL Side-Loading | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | ReversingLabs | Win32.Trojan.Tnega | ||
| 38% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | ReversingLabs | |||
| 0% | ReversingLabs |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| drive.google.com | 142.250.184.206 | true | false | high | |
| googlehosted.l.googleusercontent.com | 172.217.16.129 | true | false | high | |
| checkip.dyndns.com | 158.101.44.242 | true | true |
| unknown |
| doc-04-c4-docs.googleusercontent.com | unknown | unknown | false | high | |
| checkip.dyndns.org | unknown | unknown | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| false | high |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| low | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 172.217.16.129 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
| 158.101.44.242 | checkip.dyndns.com | United States | 31898 | ORACLE-BMC-31898US | true | |
| 142.250.184.206 | drive.google.com | United States | 15169 | GOOGLEUS | false |
| Joe Sandbox Version: | 37.0.0 Beryl |
| Analysis ID: | 829392 |
| Start date and time: | 2023-03-18 05:35:01 +01:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 10m 14s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
| Number of analysed new started processes analysed: | 11 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample file name: | Rechung-R1663322504.exe |
| Detection: | MAL |
| Classification: | mal100.troj.spyw.evad.winEXE@10/15@3/3 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92
- Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, onedsblobprdeus17.eastus.cloudapp.azure.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, wdcp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
⊘No simulations
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 158.101.44.242 | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| checkip.dyndns.com | Get hash | malicious | Snake Keylogger | Browse |
| |
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| ORACLE-BMC-31898US | Get hash | malicious | Mirai | Browse |
| |
| Get hash | malicious | Mirai, Moobot | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | GuLoader | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | HTMLPhisher | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
| ||
| Get hash | malicious | Snake Keylogger | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| |
| Get hash | malicious | Babuk, Djvu | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Djvu, Fabookie, SmokeLoader | Browse |
| ||
| Get hash | malicious | Amadey, Babuk, Clipboard Hijacker, Djvu, SmokeLoader | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Unknown | Browse |
| ||
| Get hash | malicious | Amadey, Djvu, RHADAMANTHYS, SmokeLoader | Browse |
| ||
| Get hash | malicious | Amadey, Djvu, RHADAMANTHYS, SmokeLoader | Browse |
| ||
| Get hash | malicious | FormBook | Browse |
| ||
| Get hash | malicious | Vidar | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Clipboard Hijacker, Djvu | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
| Get hash | malicious | Amadey, Djvu, Fabookie, RHADAMANTHYS, SmokeLoader | Browse |
| ||
| Get hash | malicious | Amadey, Djvu, SmokeLoader | Browse |
| ||
| Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, HTMLPhisher, Vidar | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
|---|---|---|---|---|---|---|
| C:\Users\user\AppData\Local\Temp\nsiF853.tmp\System.dll | Get hash | malicious | GuLoader | Browse | ||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | AgentTesla, GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse | |||
| Get hash | malicious | GuLoader | Browse |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_caspol.exe_5cc44e97acf31afa8e5c5ec1af53c5acde2c3_00000000_24c613c7-d23f-4749-9f08-829cc3a3e2d7\Report.wer
Download File
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 65536 |
| Entropy (8bit): | 1.2686160289713344 |
| Encrypted: | false |
| SSDEEP: | 192:MCTLeARl7CaUaX+AMWZm9AsrMThITlui1EXuvc4Du76lfAIO82S:FeAR+aOaTMxxDu76lfAIO82 |
| MD5: | EB6A187691ECB171BB92C9F8E305FD41 |
| SHA1: | 9BF86D62729502A98EF78F098BB6361B93D3F193 |
| SHA-256: | EC8E0F9FC991A71C6669456807F0CD410DC40AD42C6CFDBB2D85041CF8EE476D |
| SHA-512: | F785180408E5E7AC0BEEA41BCA28C93E23143D08BB8C72585CC9755C76B08CD0EB9BD7CE8D721A2BD5B7828358E0DC3446EC53924E0B0810766B71CF95FF6FDE |
| Malicious: | false |
| Reputation: | low |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 7620 |
| Entropy (8bit): | 3.6992698079997943 |
| Encrypted: | false |
| SSDEEP: | 192:R9l7lZNiWR6IhaL26Ynq6PgmfmFPXp1Qd1fYQm:R9lnNi46IIK6Yq6PgmfqTQff2 |
| MD5: | CA48408075A231F52A067DA8CD11513C |
| SHA1: | 025231FF1257DEAE25771552FE42E23D301AC397 |
| SHA-256: | BC5EC16382F87B2F16A3AFBEB91E1DDD715E80C1D79B016BB3132A464A3AF2A6 |
| SHA-512: | 8C83A69466BE06D962E5760CDE9ACCC65A63355F2E71EC077F779E5CCFDAA2871928FF06045E4B193E6F4E71FE720FEF3B2B94D28E5647413707BEB8BF7EB27E |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4730 |
| Entropy (8bit): | 4.477930624054625 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwwtl8zsYBe702I7VFJ5WS2Cfjkas3rm8M4JFKf6TF2FhO+q8wFvLB8wkd:uILfYI7GySPfIJFKEFgOtFjB8wkd |
| MD5: | 3B2723FA6E50F304DAB44C852B06D6A3 |
| SHA1: | 584FDF4AC4D9CEED31871A830D69D8E3DE05FDC5 |
| SHA-256: | 58E37D2FBD32637D9BC03C469D6C1A071C6B09275AEC10F56FF20655397AD323 |
| SHA-512: | C56613AD635C55E65DED3A7E109E3DF1865DD75824694AA03D56CD1A2CC4C82DD8C0D725220131FF211AE3F21049D0E305092964287063D226FB79606F2E52EB |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 6144 |
| Entropy (8bit): | 4.496995234059773 |
| Encrypted: | false |
| SSDEEP: | 96:1IUNaXnnXyEIPtXvZhr5RwiULuxDtJ1+wolpE:1Ix3XyEwXvZh1RwnLUDtf+I |
| MD5: | E8B67A37FB41D54A7EDA453309D45D97 |
| SHA1: | 96BE9BF7A988D9CEA06150D57CD1DE19F1FEC19E |
| SHA-256: | 2AD232BCCF4CA06CF13475AF87B510C5788AA790785FD50509BE483AFC0E0BCF |
| SHA-512: | 20EFFAE18EEBB2DF90D3186A281FA9233A97998F226F7ADEAD0784FBC787FEEE419973962F8369D8822C1BBCDFB6E7948D9CA6086C9CF90190C8AB3EC97F4C38 |
| Malicious: | false |
| Antivirus: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11776 |
| Entropy (8bit): | 5.659384359264642 |
| Encrypted: | false |
| SSDEEP: | 192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz |
| MD5: | 8B3830B9DBF87F84DDD3B26645FED3A0 |
| SHA1: | 223BEF1F19E644A610A0877D01EADC9E28299509 |
| SHA-256: | F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37 |
| SHA-512: | D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03 |
| Malicious: | false |
| Antivirus: |
|
| Joe Sandbox View: |
|
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1280 |
| Entropy (8bit): | 3.1309064191027343 |
| Encrypted: | false |
| SSDEEP: | 12:8wl0dsXUCV/tz0/CSLwrHj4/3BVYG02D23ddQ9k1MJsW+AdpiUz6AwCNfBf4t2Yi:8mrWLgD4/BV02De69kqy+pbWAZjJT |
| MD5: | 4196863E92696387150E600E60EFC6FB |
| SHA1: | EB522598123ACA565CD764787F652CCAA18132CA |
| SHA-256: | 9EE412852B59929D0F10D8647FC2F25A79C7F216578159A43B175BA544FFB4B5 |
| SHA-512: | 268236CF45F17B2D88517E753960243ECD7F402BE0D9E985929418A86D0A396C840475E8C8470A370FB894A2749A2DD2E752D54F497436B138DF76F09978694A |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 10534 |
| Entropy (8bit): | 7.884822059718216 |
| Encrypted: | false |
| SSDEEP: | 192:oXRZxdt62XpqRigPYtY0CfKTQlh5NKW6F5oJxfskCjGmXa6Pbplv26Zzkq:KRfdt62X+XoElh/KW6ifskEGeaIp9zkq |
| MD5: | A4530760E13B17372AE0D8CB48F66D0D |
| SHA1: | AA21564FA3A847E59402B62D3F600DDA5046A926 |
| SHA-256: | F37F7A75DC27903EA88D1A3912DFB9123CA217E2467EB6D5DC966F60DC7F9DB7 |
| SHA-512: | E42C32B412CD4AA560EFED98050F4B2F858190EA8BF56A81311F24C6F0751E2E397F624777E759BC80B1D34BF0AA9ECF6356E26D553D22E503A53CEF76797D43 |
| Malicious: | false |
| Preview: |
C:\Users\user\Socialdirektrer\Fornices\Vingummis\Flannelled\Yndighed\Dialektforskningen134.Luk
Download File
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 35012 |
| Entropy (8bit): | 2.713079331895783 |
| Encrypted: | false |
| SSDEEP: | 768:YOYEtjBKsUje7ciMsO9Z/mAXEEEJu+am7Iuxsr6mPpHOEEEEESW0ymwpTiq:d4/98AEMRNPpHrViq |
| MD5: | F75A78EE11492D9F9146075023D485D3 |
| SHA1: | 772AE864C11AE2C45834F681EFDF662BBD28268B |
| SHA-256: | 5916C8773319EA24B225C76FE361D360360CE03E1F61E2E86387514A185BDAF9 |
| SHA-512: | BB2D74E9F7D7F02E682E302B115C280C886F4E99789F4E5A198E7B2E973FFBE788559140CC2625EE8F754831497E67038CA327196EC14370968B47828863BD0D |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 225168 |
| Entropy (8bit): | 7.3676127973119225 |
| Encrypted: | false |
| SSDEEP: | 3072:NOUzxidFkCI6+rXNfJEow2a5KTa49D1bdzeDZ/7SkPtnWpA2Or1/nD9kS/fmi:s9dFrI6ifJLwV0/9Jd4RSYtWpBanD9kG |
| MD5: | BAFC11E1543369B58D7852857D986EFA |
| SHA1: | A00AD13ECA7F98C1CBBC7AE32151D3878DD2BBB0 |
| SHA-256: | F8D1014289006D2ACCAB3D5A1C36CD867B4D6BEC50781365175B4FF8323A5E81 |
| SHA-512: | 69883FDF36A90C35625D74BF7FE5808AFD1F88314EF60FAB7785C443BD992F72656BB727E3E44503266BECC28A48E0BAF7DF70A6C5CAA10D2B2DFED28C07AA02 |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 183 |
| Entropy (8bit): | 6.337608034945541 |
| Encrypted: | false |
| SSDEEP: | 3:yionv//thPl9vt3lAnsrtxBllTV00EDgZ1uP6he3LFIY8roNQh/e9OuTB+Mg1J7d:6v/lhPysY0EeDyLiRroCh/0B+v1MC1jp |
| MD5: | 293D1D4F18C3A918A44FAD289715E950 |
| SHA1: | BD92A45835DD693FE8D0B72F296FE0134D46B876 |
| SHA-256: | 553F673950BE4DE71377A297050888D0BE5A997DB334781994C3265EDA30C7B3 |
| SHA-512: | E62D45E30997EB18EB3C45BC1574C75462DC4CC36144D4E529F917B6091ADD14F91779F5C428458CEA129EF37B27FDDBBCEA8E5005563DC2AABCB370BEDF2E8C |
| Malicious: | false |
| Preview: |
| Process: | C:\Users\user\Desktop\Rechung-R1663322504.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8934 |
| Entropy (8bit): | 4.259244159879149 |
| Encrypted: | false |
| SSDEEP: | 192:ia3g0F7SHayJ5vKVEB3Bxg5GteGIxpWNMll39oWvt/i4drxJ4MrZEXSW:iWg0zyJlKVEB3A6SM2mWvt/i4dtJ4MNO |
| MD5: | 71D42ABE45803AC9C3DA5FCACF9CC59C |
| SHA1: | 98A1049906972ABB480ABAF1F5658C1B8C10F27C |
| SHA-256: | 78F5CB9345AB258CF745EAA90D44C7A7A73D3FE06EA182B1298A989135FFA11F |
| SHA-512: | A0096575D6F911CC2600DAC93D6FD7AA8D9E2F9F71A92571A76996FB4C47BDB714BBA453C862B3F42CC5F4BAAF2AED1DFF3C9D6F84A3E2053FF2037C56AB85A5 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 2359296 |
| Entropy (8bit): | 4.229686725490386 |
| Encrypted: | false |
| SSDEEP: | 24576:o8pJ5yNYJkymnjNS1O2k5cTBagmcnYJA:o8pJ5yNYJkymnjNQA5mBagmcnYJA |
| MD5: | 327F109CCA4114DE4FE63066D46805A7 |
| SHA1: | 3798C39C38008FB918DCB98DF7DC3C54EC4B17C5 |
| SHA-256: | 9D4022C4B5D40785C0B700F710E7F9FBFD14BDAAE9613FE4ACCCDF6BF253BD65 |
| SHA-512: | EF221FA284132C8638A02BDE73FE05AAF6FBD9F32073947FFD5D9B4680B979DD7BADD816B121BACC6BA53081623163C41DA0CF7C7B9419E5C8C51ECE839CF165 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 376832 |
| Entropy (8bit): | 2.6371963290907305 |
| Encrypted: | false |
| SSDEEP: | 3072:fpFZfwN1/HecetetUuM/aNim4ixiyuiKisiXiPG7ieCNi5gU5zH35Gs3MOx02EnC:fvZoN1vJAO84iTd+v4He3TKz |
| MD5: | 8726C4CBDA130722A758F76728527B19 |
| SHA1: | 7E989D5E29BECA70895BF7F8DCE7ECD5A502B331 |
| SHA-256: | 3856E2E2811C31B7CFB6872DB96F0E384ECA9C3B6DDE5B9712BFC85D20A2B952 |
| SHA-512: | BBF5D267ABC9A6C2A8750B14901D56840CFD00473125732250EB2C22B0F0EA0A4756B30B090A9F182EDFD2F5C0EE862F8DD74CFE66C79378D4DB416DA05CB954 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 227 |
| Entropy (8bit): | 5.2735028737400205 |
| Encrypted: | false |
| SSDEEP: | 6:a1eZBXVNYTF0NwoScUbtSgyAXIWv7v5PMKq:UeZBFNYTswUq1r5zq |
| MD5: | F7F759A5CD40BC52172E83486B6DE404 |
| SHA1: | D74930F354A56CFD03DC91AA96D8AE9657B1EE54 |
| SHA-256: | A709C2551B8818D7849D31A65446DC2F8C4CCA2DCBBC5385604286F49CFDAF1C |
| SHA-512: | A50B7826BFE72506019E4B1148A214C71C6F4743C09E809EF15CD0E0223F3078B683D203200910B07B5E1E34B94F0FE516AC53527311E2943654BFCEADE53298 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 158 |
| Entropy (8bit): | 4.298534139898036 |
| Encrypted: | false |
| SSDEEP: | 3:WNEDkFrA7fwkh07NfORRAzs2VkNatO3MLlDKIEsExLrWwrAXTcFrXX8:WsTbRh07NkMswksKML4IOBWEyIFrc |
| MD5: | 95A9765293B395853C7059AB01DA28AE |
| SHA1: | 7627EBC68CCE94B1E1CCC826C0D14D8068B3C90D |
| SHA-256: | 08E334353322F44FDC19102929B367F4D870F3BC8872F973EAAA8119B6AC771F |
| SHA-512: | 47D1F81B3E26D4BC20954268285ACE3DAA970A5B78F3E6F31BF8266F2310702B57CDF285839BACE9635BE31A2479F9126814FFA4E832C2864080A9C8918D9505 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.1116261135004395 |
| TrID: |
|
| File name: | Rechung-R1663322504.exe |
| File size: | 416280 |
| MD5: | 11b5b208de7a85b46104a0597c5da7dc |
| SHA1: | c578bc317e666159cbfc191cb4e50de2de03ab79 |
| SHA256: | 0a80ba418f561098477e18cc42ddfc31796b2be3166ff6c99967b98388fe4826 |
| SHA512: | c79e0deeb1686edc5bfe2db026f423277740fe816a674a3111fb36fd4813825a080048b44d03e92310db526a8c791259684778f8dea0861cd9b26e2f5f0b5d23 |
| SSDEEP: | 6144:16bAcJtT+SdoujpZM5DMJ+VGM1lMwJ1OPH7USLahNcfM9rQ09j3V/PySssz:2APSbyDMOJrOPH7UfnpCSD |
| TLSH: | B694BFA0F620D0DADCB417F16C9FD9211AE76EECE4E0220F65A73259AD736D3051F24A |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....uY.................d....:.... |
 | |
| Icon Hash: | f169e8e4e4ccca88 |
| Entrypoint: | 0x403350 |
| Entrypoint Section: | .text |
| Digitally signed: | true |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x59759518 [Mon Jul 24 06:35:04 2017 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
| Signature Valid: | false |
| Signature Issuer: | E=Departmentalizations@Trisulphide193.Lok, OU="Pasteuriseringens Eternellerne ", O=Stikprvestandardafvigelsernes, L=Dividing Creek, S=New Jersey, C=US |
| Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
| Error Number: | -2146762487 |
| Not Before, Not After |
|
| Subject Chain |
|
| Version: | 3 |
| Thumbprint MD5: | 1F7F4BF42A830708AC95921509004FCC |
| Thumbprint SHA-1: | 54B3D870C522C1CA544E3D38597EEC9DC6D3C3A0 |
| Thumbprint SHA-256: | ED0BD8E407BDD2EB9D4B7BDFEC49D761B0F85D212BDFDC1A3F9981BBA4AD638B |
| Serial: | 4122AFC051A99F02AE188FBC961AC5C36F876297 |
| Instruction |
|---|
| sub esp, 000002D4h |
| push ebx |
| push esi |
| push edi |
| push 00000020h |
| pop edi |
| xor ebx, ebx |
| push 00008001h |
| mov dword ptr [esp+14h], ebx |
| mov dword ptr [esp+10h], 0040A2E0h |
| mov dword ptr [esp+1Ch], ebx |
| call dword ptr [004080A8h] |
| call dword ptr [004080A4h] |
| and eax, BFFFFFFFh |
| cmp ax, 00000006h |
| mov dword ptr [007A8A2Ch], eax |
| je 00007F40DCB82EE3h |
| push ebx |
| call 00007F40DCB86179h |
| cmp eax, ebx |
| je 00007F40DCB82ED9h |
| push 00000C00h |
| call eax |
| mov esi, 004082B0h |
| push esi |
| call 00007F40DCB860F3h |
| push esi |
| call dword ptr [00408150h] |
| lea esi, dword ptr [esi+eax+01h] |
| cmp byte ptr [esi], 00000000h |
| jne 00007F40DCB82EBCh |
| push 0000000Ah |
| call 00007F40DCB8614Ch |
| push 00000008h |
| call 00007F40DCB86145h |
| push 00000006h |
| mov dword ptr [007A8A24h], eax |
| call 00007F40DCB86139h |
| cmp eax, ebx |
| je 00007F40DCB82EE1h |
| push 0000001Eh |
| call eax |
| test eax, eax |
| je 00007F40DCB82ED9h |
| or byte ptr [007A8A2Fh], 00000040h |
| push ebp |
| call dword ptr [00408044h] |
| push ebx |
| call dword ptr [004082A0h] |
| mov dword ptr [007A8AF8h], eax |
| push ebx |
| lea eax, dword ptr [esp+34h] |
| push 000002B4h |
| push eax |
| push ebx |
| push 0079FEE0h |
| call dword ptr [00408188h] |
| push 0040A2C8h |
| Programming Language: |
|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d3000 | 0x281f0 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x63778 | 0x22a0 | .data |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x63c8 | 0x6400 | False | 0.6766015625 | data | 6.504099201068482 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
| .rdata | 0x8000 | 0x138e | 0x1400 | False | 0.4509765625 | data | 5.146454805063938 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xa000 | 0x39eb38 | 0x600 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .ndata | 0x3a9000 | 0x2a000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
| .rsrc | 0x3d3000 | 0x281f0 | 0x28200 | False | 0.35579731308411217 | data | 5.085440369030725 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x3d3310 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States |
| RT_ICON | 0x3e3b38 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 36864 | English | United States |
| RT_ICON | 0x3ecfe0 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 20736 | English | United States |
| RT_ICON | 0x3f2468 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States |
| RT_ICON | 0x3f6690 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States |
| RT_ICON | 0x3f8c38 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States |
| RT_ICON | 0x3f9ce0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | English | United States |
| RT_ICON | 0x3fa668 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States |
| RT_DIALOG | 0x3faad0 | 0x120 | data | English | United States |
| RT_DIALOG | 0x3fabf0 | 0x11c | data | English | United States |
| RT_DIALOG | 0x3fad10 | 0xc4 | data | English | United States |
| RT_DIALOG | 0x3fadd8 | 0x60 | data | English | United States |
| RT_GROUP_ICON | 0x3fae38 | 0x76 | data | English | United States |
| RT_MANIFEST | 0x3faeb0 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
| DLL | Import |
|---|---|
| KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
| USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
| GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
| SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
| ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
| COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
| ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 192.168.11.20158.101.44.24249845802039190 03/18/23-05:38:08.943594 | TCP | 2039190 | ET TROJAN 404/Snake/Matiex Keylogger Style External IP Check | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 18, 2023 05:38:07.192332983 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.192359924 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.192634106 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.205848932 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.205863953 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.243274927 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.243577957 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.244079113 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.244271040 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.301903009 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.303085089 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.303307056 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.306361914 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.348496914 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.686002016 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.686170101 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.686347961 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.686557055 CET | 443 | 49843 | 142.250.184.206 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.686769009 CET | 49843 | 443 | 192.168.11.20 | 142.250.184.206 |
| Mar 18, 2023 05:38:07.791002989 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.791033030 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.791369915 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.791657925 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.791678905 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.834359884 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.834547997 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.834606886 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.835166931 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.835330009 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.835330009 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.838656902 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.838684082 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.839046001 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.839221954 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.839565992 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:07.880487919 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.059297085 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.059484959 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.059570074 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.059582949 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.059621096 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.059700012 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.059746981 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.059823990 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.061012030 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.061258078 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.061803102 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.062004089 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.062004089 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.062004089 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.062088013 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.062323093 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.063960075 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.064158916 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.064220905 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.064448118 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.066956043 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.067177057 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.067687035 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.067857027 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.067909002 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.068015099 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.068114996 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.068186998 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.068217993 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.068413973 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.068625927 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.068834066 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.068902969 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.069087982 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.069444895 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.069610119 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.069678068 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.069844007 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.070167065 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.070367098 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.070437908 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.070699930 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.070875883 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.071058989 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.071125031 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.071337938 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.071608067 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.071770906 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.071839094 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.072031021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.072288036 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.072453976 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.072556973 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.072715998 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.072776079 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.072920084 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.073020935 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.073086023 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.073132038 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.073306084 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.073761940 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.073991060 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.073998928 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.074049950 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.074165106 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.074266911 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.074683905 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.074984074 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.075042963 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.075110912 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.075155020 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.075314045 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.075596094 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.075788975 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.075833082 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.075855970 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.076014996 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.076545000 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.076742887 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.076771975 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.076796055 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.076970100 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.077451944 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.077658892 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.077676058 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.077723980 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.077867985 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.077914000 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.078067064 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.078216076 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.078373909 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.078422070 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.078598976 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.078634024 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.078701019 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.078748941 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.078876019 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.078912973 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.079066038 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.079205990 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.079363108 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.079410076 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.079543114 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.079611063 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.079674006 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.079715967 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.079866886 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.079915047 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.080066919 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.080172062 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.080324888 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.080377102 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.080545902 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.080579042 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.080645084 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.080702066 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.080866098 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.080909967 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081065893 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081162930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081324100 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081373930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081474066 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081541061 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081584930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081629992 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081722021 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081737041 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081779003 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.081899881 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081955910 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.081991911 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.082098961 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.082216978 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.082263947 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.082304001 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.082338095 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.082417965 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.082556009 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.082807064 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.082966089 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.083013058 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.083185911 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.083225012 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.083275080 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.083390951 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.083446026 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.083482027 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.083637953 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.083986998 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084203959 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.084209919 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084254980 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084348917 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.084350109 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.084404945 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084583044 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.084614992 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084661961 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084768057 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084863901 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.084889889 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084913015 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.084942102 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085050106 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085051060 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085102081 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.085258961 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085472107 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.085628033 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085669041 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.085851908 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.085897923 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086008072 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086102009 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.086168051 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086236954 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.086292028 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086334944 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.086374998 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086545944 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.086699009 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.086879015 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.086925983 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087038994 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087085962 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087146997 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087255001 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087263107 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087311983 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087351084 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087416887 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087543964 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087587118 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087740898 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087779045 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.087940931 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.087968111 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088013887 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088196993 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.088221073 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088243008 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088376999 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.088376999 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.088423014 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088582039 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.088624001 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088754892 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088869095 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.088875055 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088913918 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.088953972 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089052916 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089077950 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089098930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089262009 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089309931 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089461088 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089540958 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089586973 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089622974 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089714050 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089739084 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089780092 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089900970 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089926958 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.089946032 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.089984894 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090076923 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090153933 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090229034 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090269089 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090323925 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090374947 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090423107 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090456009 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090536118 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090589046 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090651989 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090688944 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090787888 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090862036 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.090877056 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.090897083 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091048956 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091089964 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091197014 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091322899 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091324091 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091367006 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091411114 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091491938 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091531038 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091650963 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091716051 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091756105 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.091803074 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091902971 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.091936111 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092067003 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092067957 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092113018 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092147112 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092365026 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092366934 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092415094 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092519999 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092602968 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092623949 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092645884 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.092782974 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092782974 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.092842102 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093010902 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093106031 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093151093 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093188047 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093281984 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093323946 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093353987 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093435049 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093465090 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093499899 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093616962 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093643904 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093662024 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.093832970 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.093878031 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094114065 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094149113 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094299078 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094331980 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094355106 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094489098 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094490051 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094537020 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094676018 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094768047 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094806910 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.094846964 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094955921 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.094955921 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095000029 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095029116 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095048904 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095146894 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095146894 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095201969 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095232964 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095444918 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095478058 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095519066 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095598936 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095679998 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095681906 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095717907 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.095866919 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.095909119 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096146107 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096158028 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096184015 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096343994 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096453905 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096472025 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096503973 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096645117 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096645117 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096716881 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.096863985 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.096905947 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097059011 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097254038 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097296953 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097342014 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097450018 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097484112 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097512960 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097553968 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097582102 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097671986 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097764969 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097826004 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097857952 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.097923994 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.097995996 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098006010 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098038912 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098176003 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098213911 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098351002 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098365068 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098400116 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098579884 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098599911 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098617077 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098639965 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098716021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098850965 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.098887920 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.098994970 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099029064 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099152088 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099239111 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099277020 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099319935 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099385977 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099499941 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099514961 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099561930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099605083 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099675894 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099693060 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099833965 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099853992 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099893093 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.099929094 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.099984884 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100033998 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100066900 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100106001 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100256920 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100258112 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100277901 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100348949 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100433111 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100536108 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100575924 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100684881 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100723028 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100759983 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100862026 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100909948 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100939989 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.100963116 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.100982904 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101056099 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101177931 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101203918 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101243973 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101330996 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101387978 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101397991 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101434946 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101541996 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101583958 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101594925 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101615906 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101720095 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101720095 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101747990 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101772070 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101893902 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.101926088 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.101950884 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.102044106 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.102061987 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.102214098 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.102232933 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.102255106 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.102274895 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.102358103 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.102407932 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.102407932 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108097076 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108253956 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108259916 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108299017 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108474016 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108488083 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108505011 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108618021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108618021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108653069 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108673096 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108825922 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108859062 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108886957 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.108959913 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.108959913 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109003067 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109143019 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109147072 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109173059 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109195948 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109273911 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109301090 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109323978 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109349012 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109508038 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109515905 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109541893 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109613895 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109679937 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109679937 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109709978 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109730005 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109829903 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109838963 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109894037 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.109920025 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.109983921 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110057116 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110074997 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110101938 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110224962 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110255003 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110285044 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110354900 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110354900 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110385895 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110404968 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110428095 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110450983 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110586882 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110586882 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110615015 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110713959 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110727072 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110763073 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110763073 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110790968 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110810041 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110876083 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110902071 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.110945940 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.110972881 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111088991 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111092091 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111243963 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111254930 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111277103 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111305952 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111387968 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111414909 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111434937 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111459970 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111619949 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111639977 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111665010 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111773968 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111774921 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111787081 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111820936 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111820936 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111855030 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.111943960 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.111975908 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112005949 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112025023 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112124920 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112138033 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112185001 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112206936 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112356901 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112394094 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112421989 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112513065 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112519979 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112575054 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112598896 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112713099 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112772942 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112834930 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.112844944 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112870932 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.112925053 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113014936 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113014936 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113018036 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113044024 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113176107 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113200903 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113358021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113358021 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113363981 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113390923 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113501072 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113573074 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113574982 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113600969 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113653898 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113706112 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113734961 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113759041 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113884926 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.113923073 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.113946915 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114015102 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114032030 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114144087 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114202976 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114228010 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114291906 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114342928 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114391088 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114413023 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114480972 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114552975 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114577055 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114600897 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114623070 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114679098 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114732981 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114757061 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114844084 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114876986 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114896059 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.114931107 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.114991903 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115003109 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115078926 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115092993 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115117073 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115204096 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115228891 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115263939 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115287066 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115371943 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115394115 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115437031 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115549088 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115552902 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115577936 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115606070 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115681887 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115690947 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115691900 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115726948 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115854979 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115902901 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.115927935 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.115983963 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116031885 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116053104 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116071939 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116101027 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116122961 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116239071 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116262913 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116290092 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116389990 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116437912 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116472006 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116494894 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116596937 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116604090 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116657019 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116672039 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116739035 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116756916 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116827965 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.116844893 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116925955 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.116964102 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117017984 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117033005 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117086887 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117090940 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117144108 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117171049 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117245913 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117296934 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117314100 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117368937 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117387056 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117425919 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117459059 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117477894 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117614985 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117639065 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117659092 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117692947 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117764950 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117783070 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117805958 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117820024 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117820024 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.117841005 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117856026 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.117949963 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.118016958 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118036032 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.118124962 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118143082 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.118207932 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.118261099 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118377924 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118441105 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118441105 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.118469954 CET | 443 | 49844 | 172.217.16.129 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.118611097 CET | 49844 | 443 | 192.168.11.20 | 172.217.16.129 |
| Mar 18, 2023 05:38:08.798361063 CET | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Mar 18, 2023 05:38:08.943253040 CET | 80 | 49845 | 158.101.44.242 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.943398952 CET | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Mar 18, 2023 05:38:08.943593979 CET | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Mar 18, 2023 05:38:09.088579893 CET | 80 | 49845 | 158.101.44.242 | 192.168.11.20 |
| Mar 18, 2023 05:38:09.089355946 CET | 80 | 49845 | 158.101.44.242 | 192.168.11.20 |
| Mar 18, 2023 05:38:09.136991024 CET | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Mar 18, 2023 05:38:46.182970047 CET | 49845 | 80 | 192.168.11.20 | 158.101.44.242 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Mar 18, 2023 05:38:07.178211927 CET | 60445 | 53 | 192.168.11.20 | 1.1.1.1 |
| Mar 18, 2023 05:38:07.187526941 CET | 53 | 60445 | 1.1.1.1 | 192.168.11.20 |
| Mar 18, 2023 05:38:07.758445024 CET | 63232 | 53 | 192.168.11.20 | 1.1.1.1 |
| Mar 18, 2023 05:38:07.789558887 CET | 53 | 63232 | 1.1.1.1 | 192.168.11.20 |
| Mar 18, 2023 05:38:08.780349016 CET | 65013 | 53 | 192.168.11.20 | 1.1.1.1 |
| Mar 18, 2023 05:38:08.789386034 CET | 53 | 65013 | 1.1.1.1 | 192.168.11.20 |
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|
| Mar 18, 2023 05:38:07.178211927 CET | 192.168.11.20 | 1.1.1.1 | 0xe0f5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 18, 2023 05:38:07.758445024 CET | 192.168.11.20 | 1.1.1.1 | 0xaebb | Standard query (0) | A (IP address) | IN (0x0001) | false | |
| Mar 18, 2023 05:38:08.780349016 CET | 192.168.11.20 | 1.1.1.1 | 0xce36 | Standard query (0) | A (IP address) | IN (0x0001) | false |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
|---|---|---|---|---|---|---|---|---|---|---|
| Mar 18, 2023 05:38:07.187526941 CET | 1.1.1.1 | 192.168.11.20 | 0xe0f5 | No error (0) | 142.250.184.206 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:07.789558887 CET | 1.1.1.1 | 192.168.11.20 | 0xaebb | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:07.789558887 CET | 1.1.1.1 | 192.168.11.20 | 0xaebb | No error (0) | 172.217.16.129 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | checkip.dyndns.com | CNAME (Canonical name) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | 158.101.44.242 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | 193.122.6.168 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | 132.226.8.169 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | 132.226.247.73 | A (IP address) | IN (0x0001) | false | ||
| Mar 18, 2023 05:38:08.789386034 CET | 1.1.1.1 | 192.168.11.20 | 0xce36 | No error (0) | 193.122.130.0 | A (IP address) | IN (0x0001) | false |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.11.20 | 49843 | 142.250.184.206 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.11.20 | 49844 | 172.217.16.129 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 2 | 192.168.11.20 | 49845 | 158.101.44.242 | 80 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Mar 18, 2023 05:38:08.943593979 CET | 743 | OUT | |
| Mar 18, 2023 05:38:09.089355946 CET | 743 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.11.20 | 49843 | 142.250.184.206 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-03-18 04:38:07 UTC | 0 | OUT | |
| 2023-03-18 04:38:07 UTC | 0 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.11.20 | 49844 | 172.217.16.129 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2023-03-18 04:38:07 UTC | 1 | OUT | |
| 2023-03-18 04:38:08 UTC | 1 | IN |