Edit tour
Windows
Analysis Report
rJUSTIFICANTEDEPAGO.exe
Overview
General Information
Detection
AgentTesla, GuLoader
Score: | 96 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
PE file does not import any functions
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Binary contains a suspicious time stamp
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- rJUSTIFICANTEDEPAGO.exe (PID: 4708 cmdline:
C:\Users\u ser\Deskto p\rJUSTIFI CANTEDEPAG O.exe MD5: E542CF9CE8A67A5B681CC9B0004E0B10) - CasPol.exe (PID: 4160 cmdline:
C:\Users\u ser\Deskto p\rJUSTIFI CANTEDEPAG O.exe MD5: 914F728C04D3EDDD5FBA59420E74E56B) - conhost.exe (PID: 8068 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Agent Tesla, AgentTesla | A .NET based keylogger and RAT readily available to actors. Logs keystrokes and the host's clipboard and beacons this information back to the C2. |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Static PE information: |
Source: | Registry value created: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 2_2_0040596D | |
Source: | Code function: | 2_2_004065A2 | |
Source: | Code function: | 2_2_00402862 |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 2_2_00405402 |
Source: | Static PE information: |
Source: | Code function: | 2_2_00403350 |
Source: | Code function: | 2_2_00404C3F | |
Source: | Code function: | 7_2_360A4140 | |
Source: | Code function: | 7_2_360A4D58 | |
Source: | Code function: | 7_2_360A4488 |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00403350 |
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 2_2_004020FE |
Source: | File read: | Jump to behavior |
Source: | Code function: | 2_2_004046C3 |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Key opened: | Jump to behavior |
Source: | Registry value created: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 2_2_10002E0E |
Source: | Code function: | 2_2_10001B18 |
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: |
Source: | Code function: | 2_2_0040596D | |
Source: | Code function: | 2_2_004065A2 | |
Source: | Code function: | 2_2_00402862 |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_2-4655 | ||
Source: | API call chain: | graph_2-4660 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_10001B18 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_00401E43 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_00403350 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 211 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Disable or Modify Tools | 1 OS Credential Dumping | 2 File and Directory Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | 1 Native API | 1 Windows Service | 1 Access Token Manipulation | 1 Obfuscated Files or Information | 1 Credentials in Registry | 117 System Information Discovery | Remote Desktop Protocol | 1 Data from Local System | Exfiltration Over Bluetooth | 11 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 Windows Service | 1 Timestomp | Security Account Manager | 311 Security Software Discovery | SMB/Windows Admin Shares | 1 Email Collection | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 111 Process Injection | 1 DLL Side-Loading | NTDS | 21 Virtualization/Sandbox Evasion | Distributed Component Object Model | 1 Clipboard Data | Scheduled Transfer | 13 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 21 Virtualization/Sandbox Evasion | LSA Secrets | 1 Application Window Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Access Token Manipulation | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 111 Process Injection | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
22% | Virustotal | Browse | ||
8% | ReversingLabs | Win32.Trojan.Generic |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
0% | Virustotal | Browse | ||
0% | ReversingLabs | |||
3% | Virustotal | Browse | ||
0% | ReversingLabs | |||
1% | Virustotal | Browse |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 172.217.16.206 | true | false | high | |
googlehosted.l.googleusercontent.com | 142.250.186.33 | true | false | high | |
doc-0s-98-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.217.16.206 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.250.186.33 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox Version: | 37.0.0 Beryl |
Analysis ID: | 830400 |
Start date and time: | 2023-03-20 11:19:28 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 14m 59s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample file name: | rJUSTIFICANTEDEPAGO.exe |
Detection: | MAL |
Classification: | mal96.troj.spyw.evad.winEXE@4/14@2/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, audiodg.exe, UserOOBEBroker.exe, RuntimeBroker.exe, ShellExperienceHost.exe, WMIADAP.exe, backgroundTaskHost.exe, MoUsoCoreWorker.exe, svchost.exe, UsoClient.exe
- Excluded domains from analysis (whitelisted): www.bing.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, ctldl.windowsupdate.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
⊘No simulations
⊘No context
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | GuLoader | Browse |
| |
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Djvu, Fabookie, Raccoon Stealer v2, RedLine, SmokeLoader | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Djvu, RHADAMANTHYS, RedLine, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Djvu, RedLine, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu | Browse |
| ||
Get hash | malicious | Amadey, Babuk, Djvu, Fabookie, RedLine, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Clipboard Hijacker, Djvu, HTMLPhisher, Vidar | Browse |
| ||
Get hash | malicious | Amadey, Djvu, Fabookie, RHADAMANTHYS, SmokeLoader, Vidar | Browse |
| ||
Get hash | malicious | Clipboard Hijacker, Djvu, Vidar | Browse |
| ||
Get hash | malicious | Djvu | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonteachable\Bekmpelsesforanstaltninger\Carcinoid2\Efterplaprer\System.Reflection.Primitives.dll | Get hash | malicious | GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Biofeedback\Zonar187\Fgtedes\Kisser\battery-level-90-charging-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6689 |
Entropy (8bit): | 5.135211840989561 |
Encrypted: | false |
SSDEEP: | 192:VkjcMIy2+X2I2F2C2G2fH7y8cQaVB2nnuy1FQOcQaVv2q22L2k2s:mjcM7u8xaV8nnL1FQOxaVu6 |
MD5: | C96D0DD361AFC6B812BDDD390B765A26 |
SHA1: | 71081F096719CAA70B9BAEF86FE642635D8E2765 |
SHA-256: | 6690799E5FA3FB0DD6CCE4BAC5AA1607C8A6BB16507854A87520C7DE53052E1B |
SHA-512: | 7C73BC880A9401C64AB0571957B414180C1B94137C7BC870BA602979E7A990640A37991CB87A40BC7E5942A37FDA25EFC58C759C00F4344BA3D88B9AA64182DA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonconcessive\Gennemgaas\Dispend70\colorimeter-colorhug-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 227 |
Entropy (8bit): | 6.604776901672149 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysE9Xj1F/bkqdXujFErL4MImATQZu22F+p:6v/7kR7/bjd8Kgm2Q/2y |
MD5: | 7843C38CC42C6786B3373F166AF10172 |
SHA1: | BA0163109D9B641B1312230B3F62E1E10A61AA5E |
SHA-256: | E3AF1293F8E8AB5C81300196AF55A7C15D5608291D46A2B86D4255910A7D0E59 |
SHA-512: | B1D3DF6A0A8CACD729CD9A2FD5AB0F74ED611270FA172CDBEB13D46FA71DD5CC5540A2FBFDB6C3004E652D317C8FAD4EC3AE437DF1C082B629870A33CC6BD34F |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonconcessive\Gennemgaas\Dispend70\media-playlist-consecutive-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1329 |
Entropy (8bit): | 4.950241534342892 |
Encrypted: | false |
SSDEEP: | 24:t4Cp/YHyKbRAecFxVrGDT/Gfd8hTdyKbRAecFxVrGDT/bNxNxZrGQ:9YHNtAecFmDT/s8hdNtAecFmDT/j3YQ |
MD5: | 021A9F00A28C9D496E490AE951E8EF12 |
SHA1: | F8A6392065D07BAC72E138B0E47A24FFDCCEE74B |
SHA-256: | B420561770B77FCB47F69B6198B34B11155535F8A2E907BC4A0998CE74AFD340 |
SHA-512: | 7F4F2D904EA968BF68E35E0D7F1EAE9718234757D1989879996BFB49D9C447F67544CB0E1C441FD6539D58B5F2C6ACA7E9E0208738C235D9AF0C093511760212 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonconcessive\Gennemgaas\Dispend70\network-offline-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1155 |
Entropy (8bit): | 5.154592341044034 |
Encrypted: | false |
SSDEEP: | 24:t4CpQyhEXQDWu4AeWrGMyRQJaPahrGDfJcghSvOqlIQX6e4AeWrGMyp:vhjDWu4Ae3M5wSgDDontqe4Ae3MO |
MD5: | EFB3C780BC44B346B50B1F0DC6CF6D0F |
SHA1: | 472B0EDD1C4C3092BC7C4DF934ABE126885B1780 |
SHA-256: | 990859D3B2C830E23EC276BF1D38A38EE1BA3D89BF04CB138107E4CDE31167B5 |
SHA-512: | 5B9C96F146C6A065C89172D02BDE8020876DC9C78859AD2B8B9529C615215F88BA85C2789544F5C5A247C148BB52FE4B5FCA325E7EAC4826D31A0365A0B8BCBE |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonconcessive\Gennemgaas\Dispend70\network-wireless.png
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 891 |
Entropy (8bit): | 7.745720384539504 |
Encrypted: | false |
SSDEEP: | 24:d4qWCHdkXfUZEcO5MkIi416cOQSkye9V+:d4qnHd8MkIi4Dpb6 |
MD5: | 5AF147D26AD399F83825377F04FD56A1 |
SHA1: | B378A498B0DB8114C794E21D533E80CEBE5DDE04 |
SHA-256: | 6147A091847FCC9D9EDB22E655C4FC9DE6632C76D4252350400FA286F9791109 |
SHA-512: | EEC16DE49A4698FE4F03F841FBCF045FBBDC9D634EB73ED35DB544B6DB4BC0135CD8E1DF102FD1E8BDE9FC75380948B4C0459685EE2C21858D645B7973759EA6 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Nonteachable\Bekmpelsesforanstaltninger\Carcinoid2\Efterplaprer\System.Reflection.Primitives.dll
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 14952 |
Entropy (8bit): | 6.599053939997928 |
Encrypted: | false |
SSDEEP: | 192:mrlnC6xxk2R5Ws+Wql73WOL8/pCuPHnhWgN7aoWTF6lI+XqnajlkEv:6nbW2R5Ws+Wql7//uPHRN7SIImlqW |
MD5: | EDA04E04EBC0EBF7F8BBF30C4DAE6DE3 |
SHA1: | 7BC4D50E6EEC7F04A9272BFEE4E4DB6F278DBE63 |
SHA-256: | F3E55CB3ADFA93F563B09114D93062E680AB0864C220491458FBE151798B862F |
SHA-512: | 7027DA3404675596B71394B660E600DA12C0750895F624776362167869760555EE9990699FFC9E4407301FC9437B2F638E2734B8BDEF3C7054990FD5A9C86550 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: | |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Rntgenstraaler\Overholde\Wingdings\Preaddition.Bor
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36518 |
Entropy (8bit): | 2.6830744752603626 |
Encrypted: | false |
SSDEEP: | 768:xeK/i8OrT1EEEN7NmGmBsb7IxbJhOANjoIi55GP++IssSCDu/2qnSsUHZll:xeKv2n1OAE/EP9Ka/2lHzl |
MD5: | AE738FA62A77E7AC245E166294F62CF4 |
SHA1: | EB347C2E02E3FBB39D316CEE73ED4B72DCA34C41 |
SHA-256: | 4513093A8A81A33B2704FA5C8D168172A4A561188992D2AE1C93E1AF0611C076 |
SHA-512: | 5B1241A8702E25C84D64CD7B6790852B46FA0848B16056FCFA0035CEAB1AB3448953D3FDF15DE7BB7D0074C7EC7E94748CFEDA625621E3BA5BFB3C4D813C82E2 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Rntgenstraaler\Overholde\Wingdings\System.Reflection.TypeExtensions.dll
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 32368 |
Entropy (8bit): | 6.393948275188786 |
Encrypted: | false |
SSDEEP: | 384:yWweWqlXnYcLpSfX0lawccfNXLWrdzy+A2jc2EPLNtAf/uPHRN7AJ/AlGseC62c:EqlXYcgEAwcc17Wc+bj+PLHuMU/xjx2c |
MD5: | F2A123183E106BB1CF19376A8079D171 |
SHA1: | 2B96296BE92D5F2EF7C59A70858AF4CAABC99A9D |
SHA-256: | 896D4ED138C35ECF19AE432380096562872EAB103F7E352C15D214FD875B337A |
SHA-512: | FCA6A89EFB16780A06CD25A55638882970F03E1535180A0E463AF9794184B04EB345CF29B12D4F261094E04A584E9225A7AD36A62631227451059F64A77B3C67 |
Malicious: | false |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Stereoing\preferences-desktop-font-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 225 |
Entropy (8bit): | 6.596645802250635 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysi5NuhsPwRngRfPq/3+phjSfVsup:6v/7thstJACSNsc |
MD5: | F894266AB6A933B2FDA751E6490C319A |
SHA1: | 2D2D3635198FEEFCB64D1D6B3CDCCDC4EA3DF4B0 |
SHA-256: | 95F533585B4C61936C369557B3B7E397E56545A4C9DB9A5BDDD0E9ABB7A7F7E7 |
SHA-512: | 977ED04753C3CB2B883D03A2A55001F6FCC8617DC3060B6C25AB7E5C691C3F76049E7DEADC7F6567AB7E8DC8492DE2874E8E632CF3EAD7B39ABC8CC98D331442 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Stereoing\task-due-symbolic.symbolic.png
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 263 |
Entropy (8bit): | 6.731374842054556 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPysw9TXm0RZC/8xhbPgfdSwj4vw29OjuAO4+ZvYNVp:6v/7QVXm0a/8xhbPgfdSBvNYn2ZvYd |
MD5: | 003B524806C1CA654CAC6ED2EB883E1B |
SHA1: | F6F6ACA125DC4DB3B33378404017B5EE7D21D334 |
SHA-256: | 2899E53769FA741E2C0675A2C69D2C246A8F34601BEE58DD66B16261005962A9 |
SHA-512: | AA905997F9CE39F039E33C4CCA167C0137775D91B4929D918528BA00B92737C448EC46D91A4221644CCC00D1FCAA403AFF83F07276BAB6FD80D4B9E88E652F87 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Stereoing\window-close.png
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 337 |
Entropy (8bit): | 7.143668471552015 |
Encrypted: | false |
SSDEEP: | 6:6v/lhPWFmX9Ckymx8BZhCjO5QO6MsHqd+K/eBDQeU2oG9xqgjp:6v/7K0omx8yOqVtHH1U2oGR |
MD5: | 7FBFE5B0A7AD2A67AACFD8481F8DCA01 |
SHA1: | 21BABB6B7EC4746835DB43DC6A69A4AF0EFECA2D |
SHA-256: | 0B4CD789E087F712F131FACCD754DC461774498DF3CA19B346D461D18A0AE622 |
SHA-512: | 3A8F0D9653301F789A0588E848C40FFC92394461BF70A3421ABC85647F2C115948134FE9E161D055A11D200536356A15677D9C0E645346D27E122001F67FE22B |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Temp\Musicalises34\Coleman\Biarcuated\Stersfarterne\Svigermdrenes.Hip
Download File
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 222555 |
Entropy (8bit): | 7.344342205951728 |
Encrypted: | false |
SSDEEP: | 3072:pBmSzQUCQ7eiGVj+oHu80OFKzRem/0qaVnuHyAkwbH4A5ICfxHSdjByvg4T:fmioZd+osLdL/0FuVTjAuypPo |
MD5: | 1247D9E48508188AEA42C1860C123BDB |
SHA1: | B94FAE1C07539802B0D102309BA9B6F2A10C2638 |
SHA-256: | C6FAD708D2D267FA214B467BA745F085BE0F86DE24F1CBD6DB02F9A168359668 |
SHA-512: | C2A18EA7DE077087EF70780D10796F338C7FD9764777E33F6AB6B68F32E370DC063AC463A1AF6299A9A50F8410352E5CC9D90F290389D7531F6B4A5666459BFD |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 6144 |
Entropy (8bit): | 4.496995234059773 |
Encrypted: | false |
SSDEEP: | 96:1IUNaXnnXyEIPtXvZhr5RwiULuxDtJ1+wolpE:1Ix3XyEwXvZh1RwnLUDtf+I |
MD5: | E8B67A37FB41D54A7EDA453309D45D97 |
SHA1: | 96BE9BF7A988D9CEA06150D57CD1DE19F1FEC19E |
SHA-256: | 2AD232BCCF4CA06CF13475AF87B510C5788AA790785FD50509BE483AFC0E0BCF |
SHA-512: | 20EFFAE18EEBB2DF90D3186A281FA9233A97998F226F7ADEAD0784FBC787FEEE419973962F8369D8822C1BBCDFB6E7948D9CA6086C9CF90190C8AB3EC97F4C38 |
Malicious: | false |
Antivirus: |
|
Preview: |
Process: | C:\Users\user\Desktop\rJUSTIFICANTEDEPAGO.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.659384359264642 |
Encrypted: | false |
SSDEEP: | 192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz |
MD5: | 8B3830B9DBF87F84DDD3B26645FED3A0 |
SHA1: | 223BEF1F19E644A610A0877D01EADC9E28299509 |
SHA-256: | F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37 |
SHA-512: | D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03 |
Malicious: | false |
Antivirus: |
|
Preview: |
File type: | |
Entropy (8bit): | 7.031249628696672 |
TrID: |
|
File name: | rJUSTIFICANTEDEPAGO.exe |
File size: | 433352 |
MD5: | e542cf9ce8a67a5b681cc9b0004e0b10 |
SHA1: | 40161158f7cab76c57b4d95798c74ebc7d612cfe |
SHA256: | 4e78f6957f4c8c0f56a9b49e139342b1df7b1dc05518d96e776aa687a80f8c58 |
SHA512: | 5cb1f2132c5d85f068ed5fc35229df5f83d711f30748a951bd006569a24df0818aa24effb91d171a895f342b1b9e14ad2df8a2f1124e1ef2c7f8c74a6b9627ce |
SSDEEP: | 6144:c6bAcJvkzKmPPzS58G93IuZjZz5VWY+LWWwseVp4ZLlbXrvAhM8LjbL7rrraAiGl:z7ubCHICV0LfwqZLlXTqMYvi7 |
TLSH: | CA94F1227F97E857E4266D78608AEE19AEB0DF249205D317F37139EDE9B53016C2B103 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........!`G.@...@...@../OQ..@...@..I@../OS..@...c>..@..+F...@..Rich.@..........................PE..L.....uY.................d....:.... |
Icon Hash: | 20c4f8f8e8f0f24c |
Entrypoint: | 0x403350 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x59759518 [Mon Jul 24 06:35:04 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
Signature Valid: | false |
Signature Issuer: | E=Baccheion@Train.Ric, OU="Ukampdygtige Ratteners Fllesskolernes ", O=Amerciament, L=Putnam Valley, S=New York, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 9D5FC1EED3EFD5AE85C5FE4E5DE73B01 |
Thumbprint SHA-1: | 5C6F3AFCFAAFE00B47463625067078E82ACF72F1 |
Thumbprint SHA-256: | 29E893BEBBB82AB1F213286EF68814B75D778BAB740B54B6457C756488BE3856 |
Serial: | 53BB1A3E0600B528584097460509366C59C5C7CB |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080A8h] |
call dword ptr [004080A4h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [007A8A2Ch], eax |
je 00007FCB90F077D3h |
push ebx |
call 00007FCB90F0AA69h |
cmp eax, ebx |
je 00007FCB90F077C9h |
push 00000C00h |
call eax |
mov esi, 004082B0h |
push esi |
call 00007FCB90F0A9E3h |
push esi |
call dword ptr [00408150h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007FCB90F077ACh |
push 0000000Ah |
call 00007FCB90F0AA3Ch |
push 00000008h |
call 00007FCB90F0AA35h |
push 00000006h |
mov dword ptr [007A8A24h], eax |
call 00007FCB90F0AA29h |
cmp eax, ebx |
je 00007FCB90F077D1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007FCB90F077C9h |
or byte ptr [007A8A2Fh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [004082A0h] |
mov dword ptr [007A8AF8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 0079FEE0h |
call dword ptr [00408188h] |
push 0040A2C8h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x84fc | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x3d0000 | 0x28268 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x67a88 | 0x2240 | .data |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x63c8 | 0x6400 | False | 0.6766015625 | data | 6.504099201068482 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x138e | 0x1400 | False | 0.4509765625 | data | 5.146454805063938 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x39eb38 | 0x600 | unknown | unknown | unknown | unknown | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x3a9000 | 0x27000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x3d0000 | 0x28268 | 0x28400 | False | 0.3355129076086957 | data | 4.767250735975199 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x3d0310 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 65536 | English | United States |
RT_ICON | 0x3e0b38 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 36864 | English | United States |
RT_ICON | 0x3e9fe0 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 20736 | English | United States |
RT_ICON | 0x3ef468 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16384 | English | United States |
RT_ICON | 0x3f3690 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9216 | English | United States |
RT_ICON | 0x3f5c38 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4096 | English | United States |
RT_ICON | 0x3f6ce0 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2304 | English | United States |
RT_ICON | 0x3f7668 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1024 | English | United States |
RT_DIALOG | 0x3f7ad0 | 0x100 | data | English | United States |
RT_DIALOG | 0x3f7bd0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x3f7cc8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x3f7d68 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x3f7dc8 | 0x76 | data | English | United States |
RT_MANIFEST | 0x3f7e40 | 0x423 | XML 1.0 document, ASCII text, with very long lines (1059), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 20, 2023 11:23:11.148125887 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.148149967 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.148309946 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.161170959 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.161183119 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.193301916 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.193433046 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.193612099 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.194029093 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.194288969 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.265213013 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.266252041 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.266392946 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.269294024 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.312500000 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548156977 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548352957 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.548438072 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548583984 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.548625946 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548651934 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.548688889 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548733950 CET | 443 | 49816 | 172.217.16.206 | 192.168.11.20 |
Mar 20, 2023 11:23:11.548985958 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.548985958 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.548985958 CET | 49816 | 443 | 192.168.11.20 | 172.217.16.206 |
Mar 20, 2023 11:23:11.641153097 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.641195059 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.641344070 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.641753912 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.641777992 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.681567907 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.681797981 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.681797981 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.682383060 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.682543039 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.682563066 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.685803890 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.685817957 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.686108112 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:11.686331034 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.686677933 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:11.728390932 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.091964960 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.092227936 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.092228889 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.092359066 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.092581987 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.092612028 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.092665911 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.092758894 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.092834949 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.092834949 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.093034983 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.093281984 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.093947887 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.094284058 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.094346046 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.094567060 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.096529007 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.096740007 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.096829891 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.097059965 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.098711967 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.099062920 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.100601912 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.100784063 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.100878954 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.101051092 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.101166964 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.101330996 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.101402998 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.101568937 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.101603031 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.101632118 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.101773977 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.101773977 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.101876020 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102026939 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.102076054 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102236986 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102243900 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.102284908 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102389097 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.102389097 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.102442026 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102590084 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.102626085 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.102776051 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.103457928 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.103616953 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.103741884 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.103909969 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.103996038 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.104151964 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.104202986 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.104234934 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.104352951 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.104353905 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.104458094 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.104679108 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.105206013 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.105421066 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.105510950 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.105673075 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.105716944 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.105911016 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.106113911 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.106276989 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.106364965 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.106518984 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.106559038 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.106761932 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.106846094 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.107026100 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.107042074 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.107074976 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.107207060 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.107254982 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.107448101 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.107840061 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.108011961 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.108093023 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.108246088 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.108285904 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.108439922 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.109756947 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.109924078 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.109966993 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110121965 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.110167980 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110291004 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110326052 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.110368013 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110446930 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.110601902 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.110673904 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110879898 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.110927105 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.110969067 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111100912 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111102104 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111190081 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111337900 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111342907 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111383915 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111517906 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111546993 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111701965 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111741066 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111872911 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.111943007 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.111987114 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.112025023 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112133980 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112149954 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.112171888 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.112279892 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112279892 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112468958 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.112622976 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112670898 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.112819910 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.112858057 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113009930 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113046885 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113243103 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113296986 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113318920 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113449097 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113449097 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113500118 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113647938 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113692045 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113883018 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.113899946 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.113944054 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114032984 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114094973 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114129066 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114276886 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114308119 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114456892 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114496946 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114648104 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114677906 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114700079 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.114826918 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114826918 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.114875078 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115025043 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115087032 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115251064 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115289927 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115441084 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115485907 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115644932 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115658998 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115716934 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.115807056 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115894079 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.115952015 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116105080 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116153955 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116302013 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116355896 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116530895 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116545916 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116583109 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116681099 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116730928 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116751909 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.116904974 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.116942883 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.117096901 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.117144108 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.117294073 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.117322922 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.117471933 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.117503881 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.117661953 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.117706060 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.117876053 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.117907047 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118030071 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118057966 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118093014 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118208885 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118208885 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118305922 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118453026 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118480921 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118624926 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118658066 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118850946 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.118882895 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.118905067 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.119029999 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119029999 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119075060 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.119226933 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119337082 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.119497061 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119528055 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.119679928 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119720936 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.119832993 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.119873047 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120018959 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120048046 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120206118 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120234966 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120378017 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120415926 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120578051 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120580912 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120615959 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120743990 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120743990 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120803118 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.120955944 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.120995998 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121170998 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.121201992 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121359110 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.121398926 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121552944 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.121584892 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121607065 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121736050 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.121809006 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.121840954 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.121989012 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122011900 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122131109 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122158051 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122183084 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122320890 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122320890 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122380018 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122509003 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122530937 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122570038 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122659922 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122711897 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122736931 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122761965 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.122873068 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122873068 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.122916937 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123064995 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123099089 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123256922 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123256922 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123302937 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123481989 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123516083 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123665094 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123691082 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123816013 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123833895 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123862028 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.123974085 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.123974085 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124022007 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.124166012 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124200106 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.124351978 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124351978 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124394894 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.124546051 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124546051 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124581099 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.124633074 CET | 443 | 49817 | 142.250.186.33 | 192.168.11.20 |
Mar 20, 2023 11:23:12.124691010 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Mar 20, 2023 11:23:12.124742985 CET | 49817 | 443 | 192.168.11.20 | 142.250.186.33 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 20, 2023 11:23:11.131897926 CET | 53658 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 20, 2023 11:23:11.141695023 CET | 53 | 53658 | 1.1.1.1 | 192.168.11.20 |
Mar 20, 2023 11:23:11.612874031 CET | 62382 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 20, 2023 11:23:11.639658928 CET | 53 | 62382 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 20, 2023 11:23:11.131897926 CET | 192.168.11.20 | 1.1.1.1 | 0x8c78 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 20, 2023 11:23:11.612874031 CET | 192.168.11.20 | 1.1.1.1 | 0x5dc4 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 20, 2023 11:23:11.141695023 CET | 1.1.1.1 | 192.168.11.20 | 0x8c78 | No error (0) | 172.217.16.206 | A (IP address) | IN (0x0001) | false | ||
Mar 20, 2023 11:23:11.639658928 CET | 1.1.1.1 | 192.168.11.20 | 0x5dc4 | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Mar 20, 2023 11:23:11.639658928 CET | 1.1.1.1 | 192.168.11.20 | 0x5dc4 | No error (0) | 142.250.186.33 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49816 | 172.217.16.206 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-20 10:23:11 UTC | 0 | OUT | |
2023-03-20 10:23:11 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49817 | 142.250.186.33 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2023-03-20 10:23:11 UTC | 1 | OUT | |
2023-03-20 10:23:12 UTC | 1 | IN |