Play interactive tourEdit tour
Windows Analysis Report 184285013-044310-Factura pendiente (2).exe
Overview
General Information
Detection
AgentTesla GuLoader
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected GuLoader
Hides threads from debuggers
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
C2 URLs / IPs found in malware configuration
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: Agenttesla |
---|
{"Exfil Mode": "SMTP", "SMTP Info": "info@malkaratso.org.trMto1903mail.malkaratso.org.trwilliamsmith8135@gmail.com"}
Threatname: GuLoader |
---|
{"Payload URL": "https://drive.google.com/uc?export=downloa"}
Yara Overview |
---|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: | ||
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Code function: | 5_2_00E65220 | |
Source: | Code function: | 5_2_00E65868 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00404402 | |
Source: | Code function: | 5_2_00A41130 | |
Source: | Code function: | 5_2_00A4BA50 | |
Source: | Code function: | 5_2_00A43A50 | |
Source: | Code function: | 5_2_00A4C7B0 | |
Source: | Code function: | 5_2_00A44320 | |
Source: | Code function: | 5_2_00A43708 | |
Source: | Code function: | 5_2_00AA6D90 | |
Source: | Code function: | 5_2_00AA07E0 | |
Source: | Code function: | 5_2_00E2A09B | |
Source: | Code function: | 5_2_00E2B2C8 | |
Source: | Code function: | 5_2_00E27A28 | |
Source: | Code function: | 5_2_00E244F8 | |
Source: | Code function: | 5_2_00E26518 | |
Source: | Code function: | 5_2_00E2B269 | |
Source: | Code function: | 5_2_00E2F780 | |
Source: | Code function: | 5_2_00E6880D | |
Source: | Code function: | 5_2_00E6E2DF | |
Source: | Code function: | 5_2_00E61BD0 | |
Source: | Code function: | 5_2_00E6C398 | |
Source: | Code function: | 5_2_00E60040 | |
Source: | Code function: | 5_2_00E67B40 | |
Source: | Code function: | 5_2_00E62DA0 | |
Source: | Code function: | 5_2_1DB15E08 | |
Source: | Code function: | 5_2_1DB146C4 | |
Source: | Code function: | 5_2_1DB15DC1 | |
Source: | Code function: | 5_2_1DB16AF1 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Data Obfuscation: |
---|
Yara detected GuLoader | Show sources |
Source: | File source: |
Source: | Code function: | 2_2_004058E7 | |
Source: | Code function: | 2_2_00406417 | |
Source: | Code function: | 2_2_02283E86 | |
Source: | Code function: | 2_2_02281A8B | |
Source: | Code function: | 2_2_02281B67 | |
Source: | Code function: | 2_2_02281BC3 | |
Source: | Code function: | 5_2_00E298B5 | |
Source: | Code function: | 5_2_00E22179 | |
Source: | Code function: | 5_2_00E21614 | |
Source: | Code function: | 5_2_00E29A14 | |
Source: | Code function: | 5_2_00E60162 | |
Source: | Code function: | 5_2_00E60115 | |
Source: | Code function: | 5_2_00E60318 | |
Source: | Code function: | 5_2_00E6DC26 |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect Any.run | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources |
Source: | WMI Queries: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior |
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Anti Debugging: |
---|
Hides threads from debuggers | Show sources |
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 5_2_00A46950 |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Tries to steal Mail credentials (via file / registry access) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources |
Source: | Key opened: | Jump to behavior |
Tries to harvest and steal ftp login credentials | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Tries to harvest and steal browser information (history, passwords, etc) | Show sources |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected AgentTesla | Show sources |
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Process Injection112 | Disable or Modify Tools1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection112 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | DLL Side-Loading1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol123 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
55% | Virustotal | Browse | ||
64% | ReversingLabs | Win32.Trojan.GuLoader |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
malkaratso.org.tr | 212.83.130.20 | true | true |
| unknown |
drive.google.com | 142.250.181.238 | true | false | high | |
googlehosted.l.googleusercontent.com | 216.58.212.129 | true | false | high | |
mail.malkaratso.org.tr | unknown | unknown | true | unknown | |
doc-04-7o-docs.googleusercontent.com | unknown | unknown | false | high |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.250.181.238 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
212.83.130.20 | malkaratso.org.tr | France | 12876 | OnlineSASFR | true | |
216.58.212.129 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 533171 |
Start date: | 03.12.2021 |
Start time: | 08:21:43 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 184285013-044310-Factura pendiente (2).exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.spyw.evad.winEXE@5/2@3/3 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
08:24:15 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
212.83.130.20 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
OnlineSASFR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Users\user\Desktop\184285013-044310-Factura pendiente (2).exe |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 1.9866006611106688 |
Encrypted: | false |
SSDEEP: | 96:jWpahLKAycVxc4LlvnffSIPW0wLzzj1ylDHn3Rs:KMhLKCxV5vnffI0wIdHBs |
MD5: | A256BBA112F7FA34FE9E19ED07D0DF83 |
SHA1: | 3E86ADD7C0890C55E8F22334A3E26134D7AB1EE8 |
SHA-256: | AB9F6744C55428A62F4696BC1779409A30420D0983EDD5536A0D280DF5EE7FE0 |
SHA-512: | 9E762DFE82611778602E8BF19439E48AF7278D3D9399FF44666EB8A196206F4B1B50B9B623710B138BD7A7E9C1E0A05BE85CE6FB7B0F208C9664669297C416EA |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 30 |
Entropy (8bit): | 3.964735178725505 |
Encrypted: | false |
SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
MD5: | 9F754B47B351EF0FC32527B541420595 |
SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.044918080657453 |
TrID: |
|
File name: | 184285013-044310-Factura pendiente (2).exe |
File size: | 155648 |
MD5: | 05bee3772cc551cbbab5d5d8bd125015 |
SHA1: | 4e4f69aff7d883e4ad0e612b415cb6b49d90098a |
SHA256: | aa017fd080982ca27d62f3d0e433b8f73898978487c5139ff6ab187a7dd11888 |
SHA512: | 5a92878ef86d3a79b9572abfce8771334e53a22ee2d6120f8e5690127e208ce6be0b1e79d0b82b0077a5cdb2d17d24cd6cf079c909c0fbce0e77ab091869f81f |
SSDEEP: | 3072:WfJffGeb5/Tu5++rjO4yl0bb/BzpifJffpfJff:n87u5O4Qib/ |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O.......................D.......=.......Rich............PE..L...t.BO.....................P............... ....@................ |
File Icon |
---|
Icon Hash: | 70ecccaececc71e2 |
Static PE Info |
---|
General | |
---|---|
Entrypoint: | 0x4015a8 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
DLL Characteristics: | |
Time Stamp: | 0x4F421A74 [Mon Feb 20 10:03:32 2012 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | 458ac857eb15a6ebaad7748f2f663dae |
Entrypoint Preview |
---|
Instruction |
---|
push 00402D30h |
call 00007FAB8C94B1E5h |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
xor byte ptr [eax], al |
add byte ptr [eax], al |
inc eax |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [edx-39h], ch |
inc ebx |
cmc |
jc 00007FAB8C94B1F8h |
salc |
inc ebx |
mov al, 19h |
xchg eax, esp |
push eax |
jmp far 0000h : 005D18E8h |
add byte ptr [eax], al |
add byte ptr [ecx], al |
add byte ptr [eax], al |
add byte ptr [ebx+eax], dl |
xchg eax, edi |
add byte ptr [eax], al |
add byte ptr [ebx+72h], al |
jo 00007FAB8C94B25Ch |
je 00007FAB8C94B253h |
je 00007FAB8C94B257h |
add byte ptr fs:[eax], al |
pop es |
inc ecx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add bh, bh |
int3 |
xor dword ptr [eax], eax |
add eax, 34F89814h |
jno 00007FAB8C94B1A9h |
add byte ptr [ebx+ecx*4+10h], al |
mov cl, byte ptr [esi-62h] |
iretd |
push es |
fidivr word ptr [ecx-7491635Fh] |
mov ecx, 2CB542F3h |
cld |
rcr dword ptr [ebp-39h], 20h |
fstsw word ptr [edx] |
dec edi |
lodsd |
xor ebx, dword ptr [ecx-48EE309Ah] |
or al, 00h |
stosb |
add byte ptr [eax-2Dh], ah |
xchg eax, ebx |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
add byte ptr [eax], al |
je 00007FAB8C94B208h |
add byte ptr [eax], al |
xchg eax, ecx |
adc eax, 0A000000h |
add byte ptr [ebp+63h], al |
popad |
jc 00007FAB8C94B260h |
popad |
je 00007FAB8C94B257h |
add byte ptr fs:[52000C01h], cl |
push 00000073h |
Data Directories |
---|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x21654 | 0x28 | .text |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x24000 | 0x2f2c | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x228 | 0x20 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0x194 | .text |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
---|
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x20c28 | 0x21000 | False | 0.354854699337 | data | 5.20319490867 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.data | 0x22000 | 0x1250 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x24000 | 0x2f2c | 0x3000 | False | 0.232503255208 | data | 4.2104497983 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
---|
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
CUSTOM | 0x25992 | 0x1542 | data | English | United States |
RT_ICON | 0x248ea | 0x10a8 | data | ||
RT_ICON | 0x24482 | 0x468 | GLS_BINARY_LSB_FIRST | ||
RT_STRING | 0x26ed4 | 0x58 | data | English | United States |
RT_GROUP_ICON | 0x24460 | 0x22 | data | ||
RT_VERSION | 0x241c0 | 0x2a0 | data | English | United States |
Imports |
---|
DLL | Import |
---|---|
MSVBVM60.DLL | __vbaVarTstGt, _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaAryMove, __vbaStrVarMove, __vbaFreeVarList, __vbaVarIdiv, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaStrCat, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryVar, __vbaAryDestruct, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaStrCmp, __vbaVarTstEq, __vbaAryConstruct2, __vbaPrintObj, DllFunctionCall, _adj_fpatan, __vbaLateIdCallLd, __vbaRedim, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaUbound, _CIlog, __vbaNew2, __vbaVar2Vec, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, __vbaFreeStrList, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaI4Var, __vbaStrToAnsi, __vbaVarDup, _CIatan, __vbaStrMove, __vbaAryCopy, _allmul, _CItan, _CIexp, __vbaFreeObj, __vbaFreeStr |
Version Infos |
---|
Description | Data |
---|---|
Translation | 0x0409 0x04b0 |
LegalCopyright | Corps |
InternalName | Chechakos |
FileVersion | 1.00 |
CompanyName | Corps |
LegalTrademarks | Corps |
ProductName | Corps |
ProductVersion | 1.00 |
FileDescription | Corps |
OriginalFilename | Chechakos.exe |
Possible Origin |
---|
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 3, 2021 08:24:04.056538105 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.056607962 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.056785107 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.075998068 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.076035023 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.129394054 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.129556894 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.129569054 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.130943060 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.131194115 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.131203890 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.276904106 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.276940107 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.277642965 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.277873993 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.281378984 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.323844910 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.862073898 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.862250090 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.862287998 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.862447977 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.862483025 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.862653017 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.862670898 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.862807989 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.868364096 CET | 49807 | 443 | 192.168.11.20 | 142.250.181.238 |
Dec 3, 2021 08:24:04.868416071 CET | 443 | 49807 | 142.250.181.238 | 192.168.11.20 |
Dec 3, 2021 08:24:04.954551935 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:04.954567909 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:04.954767942 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:04.955147028 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:04.955157042 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.006633043 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.006877899 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.009542942 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.009711027 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.009737968 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.013019085 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.013046980 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.013638020 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.013770103 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.021765947 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.063922882 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.336492062 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.336652994 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.336693048 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.336837053 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.336982965 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337012053 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337029934 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337162971 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.337305069 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337332964 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337349892 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337419033 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.337601900 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.337882042 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.338044882 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.338160992 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.338324070 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.338375092 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.338557005 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.338722944 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.338949919 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.347745895 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.347920895 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.348114014 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.348268032 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.348336935 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.348484993 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.348547935 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.348762035 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.348800898 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.348949909 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.348967075 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.348987103 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.349138975 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.349180937 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.349421024 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.349462032 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.349607944 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.349651098 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.349798918 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.349839926 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.349991083 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.350033045 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.350187063 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.350446939 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.350608110 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.350645065 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.350851059 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.350910902 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.351092100 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.351377010 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.351536036 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.351640940 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.351794958 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.351850986 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.352061987 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.352515936 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.352694988 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.352740049 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.352894068 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.352935076 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.353084087 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.353174925 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.353353024 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.353423119 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.353568077 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.353602886 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.353754044 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.353801012 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.354022026 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.354136944 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.354341984 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.354379892 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.354583025 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.354646921 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.354805946 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.355115891 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.355326891 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.355381012 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.355530024 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.355564117 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.355736971 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.358789921 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.358941078 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.358978033 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.359129906 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.359163046 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.359380007 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.359404087 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.359422922 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.359568119 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.359600067 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.359765053 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.360168934 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.360344887 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.360387087 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.360533953 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.360569000 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.360722065 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.360759020 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.360965014 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.360991001 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.361013889 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.361146927 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.361186028 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.361562014 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.361715078 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.361749887 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362025976 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.362078905 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362298965 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.362551928 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362708092 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.362721920 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362742901 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362890005 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.362977982 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.363009930 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.363049984 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.363074064 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.363142014 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.363585949 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.363621950 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.363934040 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.364059925 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.364237070 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.364273071 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.364315033 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.364430904 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.364470005 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.364495993 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.364682913 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.364947081 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.365094900 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.365138054 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.365232944 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.365323067 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.365360975 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.365398884 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.365529060 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.365900993 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.366091013 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.366307020 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.366466999 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.366472960 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.366514921 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.366651058 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.366856098 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367016077 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.367024899 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367054939 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367186069 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.367206097 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.367222071 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367396116 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.367662907 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367818117 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.367854118 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.367943048 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.368038893 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368063927 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.368105888 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368216038 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368398905 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.368566036 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.368608952 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368643999 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.368714094 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368793964 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.368809938 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.369009972 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370172977 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370331049 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370341063 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370362043 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370522022 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370589972 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370600939 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370630026 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370680094 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370740891 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370759964 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370794058 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370935917 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.370942116 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.370980978 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371083975 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371104956 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.371144056 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371155977 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.371181011 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371263027 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.371325016 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.371613026 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371776104 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.371783972 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371815920 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371968031 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.371972084 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372000933 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372098923 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372121096 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372143984 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372308969 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372416973 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372587919 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372590065 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372627974 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372736931 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372742891 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.372798920 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.372970104 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.373012066 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373235941 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.373274088 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373426914 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.373475075 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373634100 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.373647928 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373668909 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373852015 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.373899937 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.373936892 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374001026 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374038935 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374090910 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374129057 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374263048 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374299049 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374310017 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374322891 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374341011 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374434948 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374459982 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374476910 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374492884 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374640942 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374655008 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374686956 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374793053 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374814987 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374921083 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.374924898 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374958992 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.374972105 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375060081 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375082016 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375104904 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375303030 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375447989 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375618935 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375633955 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375655890 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375781059 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375807047 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.375832081 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375916004 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.375982046 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376017094 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376070976 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376137018 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376226902 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376244068 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376281023 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376291990 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376378059 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376467943 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376574993 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376729965 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376765966 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376843929 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.376935005 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.376971006 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377017021 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377105951 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377141953 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377151966 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377171993 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377290010 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377321005 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377356052 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377454996 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377594948 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.377614021 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.377758026 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.378401041 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378599882 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378628969 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.378669977 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378752947 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378755093 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.378837109 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378835917 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.378870964 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.378962040 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379020929 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379050970 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379184008 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379199982 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379208088 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379241943 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379384041 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379420996 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379535913 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379584074 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379646063 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379683971 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.379719019 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379816055 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.379987955 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380023956 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.380131960 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.380172014 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380193949 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.380306005 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380342007 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:24:05.380358934 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380464077 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380511999 CET | 49808 | 443 | 192.168.11.20 | 216.58.212.129 |
Dec 3, 2021 08:24:05.380553961 CET | 443 | 49808 | 216.58.212.129 | 192.168.11.20 |
Dec 3, 2021 08:25:40.753202915 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.774215937 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.774390936 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.912132025 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.912561893 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.934145927 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.934530020 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.957628012 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.960306883 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.986651897 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.986740112 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.986804008 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.986848116 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.986933947 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.986987114 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:40.987961054 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:40.990155935 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.012214899 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.060394049 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.167397976 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.189085007 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.190696955 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.212527990 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.213047981 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.242861032 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.243423939 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.265152931 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.265583038 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.322328091 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.322662115 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.344299078 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.381092072 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.381288052 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.381302118 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.381305933 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:25:41.402653933 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.402678967 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.402836084 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.402851105 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.404593945 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:25:41.450972080 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:27:20.616790056 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:27:20.639695883 CET | 587 | 49824 | 212.83.130.20 | 192.168.11.20 |
Dec 3, 2021 08:27:20.639914036 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
Dec 3, 2021 08:27:20.640405893 CET | 49824 | 587 | 192.168.11.20 | 212.83.130.20 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 3, 2021 08:24:04.035654068 CET | 59035 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 3, 2021 08:24:04.045047045 CET | 53 | 59035 | 1.1.1.1 | 192.168.11.20 |
Dec 3, 2021 08:24:04.907629013 CET | 51239 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 3, 2021 08:24:04.953001976 CET | 53 | 51239 | 1.1.1.1 | 192.168.11.20 |
Dec 3, 2021 08:25:40.592478037 CET | 55022 | 53 | 192.168.11.20 | 1.1.1.1 |
Dec 3, 2021 08:25:40.694175959 CET | 53 | 55022 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 3, 2021 08:24:04.035654068 CET | 192.168.11.20 | 1.1.1.1 | 0x5b65 | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 3, 2021 08:24:04.907629013 CET | 192.168.11.20 | 1.1.1.1 | 0xd39f | Standard query (0) | A (IP address) | IN (0x0001) | |
Dec 3, 2021 08:25:40.592478037 CET | 192.168.11.20 | 1.1.1.1 | 0xd92a | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 3, 2021 08:24:04.045047045 CET | 1.1.1.1 | 192.168.11.20 | 0x5b65 | No error (0) | 142.250.181.238 | A (IP address) | IN (0x0001) | ||
Dec 3, 2021 08:24:04.953001976 CET | 1.1.1.1 | 192.168.11.20 | 0xd39f | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
Dec 3, 2021 08:24:04.953001976 CET | 1.1.1.1 | 192.168.11.20 | 0xd39f | No error (0) | 216.58.212.129 | A (IP address) | IN (0x0001) | ||
Dec 3, 2021 08:25:40.694175959 CET | 1.1.1.1 | 192.168.11.20 | 0xd92a | No error (0) | malkaratso.org.tr | CNAME (Canonical name) | IN (0x0001) | ||
Dec 3, 2021 08:25:40.694175959 CET | 1.1.1.1 | 192.168.11.20 | 0xd92a | No error (0) | 212.83.130.20 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTPS Proxied Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49807 | 142.250.181.238 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-03 07:24:04 UTC | 0 | OUT | |
2021-12-03 07:24:04 UTC | 0 | IN | |
2021-12-03 07:24:04 UTC | 1 | IN | |
2021-12-03 07:24:04 UTC | 2 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49808 | 216.58.212.129 | 443 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2021-12-03 07:24:05 UTC | 2 | OUT | |
2021-12-03 07:24:05 UTC | 2 | IN |