Edit tour
Windows
Analysis Report
comprobante de transferencia.exe
Overview
General Information
Detection
GuLoader
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Classification
- System is w10x64native
- comprobante de transferencia.exe (PID: 3144 cmdline:
C:\Users\u ser\Deskto p\comproba nte de tra nsferencia .exe MD5: 8A1422827315B9DB63CD6B399A454FAB) - comprobante de transferencia.exe (PID: 8496 cmdline:
C:\Users\u ser\Deskto p\comproba nte de tra nsferencia .exe MD5: 8A1422827315B9DB63CD6B399A454FAB)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security |
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Avira: |
Source: | ReversingLabs: |
Source: | Code function: | 2_2_36449100 | |
Source: | Code function: | 2_2_364498F8 |
Source: | Static PE information: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 0_2_0040635D | |
Source: | Code function: | 0_2_0040580B | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 2_2_0040635D | |
Source: | Code function: | 2_2_0040580B | |
Source: | Code function: | 2_2_004027FB |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 0_2_004052B8 |
Source: | Code function: | 0_2_0040326A | |
Source: | Code function: | 2_2_0040326A |
Source: | Code function: | 0_2_004066E2 | |
Source: | Code function: | 0_2_00404AF5 | |
Source: | Code function: | 2_2_004066E2 | |
Source: | Code function: | 2_2_00404AF5 | |
Source: | Code function: | 2_2_0015B010 | |
Source: | Code function: | 2_2_0015D0F8 | |
Source: | Code function: | 2_2_0015A3F8 | |
Source: | Code function: | 2_2_00156530 | |
Source: | Code function: | 2_2_001541A7 | |
Source: | Code function: | 2_2_00156522 | |
Source: | Code function: | 2_2_0015A740 | |
Source: | Code function: | 2_2_36443280 | |
Source: | Code function: | 2_2_3644E298 | |
Source: | Code function: | 2_2_3644F078 | |
Source: | Code function: | 2_2_3644C158 | |
Source: | Code function: | 2_2_364465F8 | |
Source: | Code function: | 2_2_36442E7A | |
Source: | Code function: | 2_2_3644B321 | |
Source: | Code function: | 2_2_3644A580 | |
Source: | Code function: | 2_2_37055150 | |
Source: | Code function: | 2_2_370541EA | |
Source: | Code function: | 2_2_37050D30 | |
Source: | Code function: | 2_2_37057360 | |
Source: | Code function: | 2_2_37050648 | |
Source: | Code function: | 2_2_3714B4E0 |
Source: | Code function: |
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Classification label: |
Source: | Code function: | 0_2_0040326A | |
Source: | Code function: | 2_2_0040326A |
Source: | Code function: | 0_2_00404579 |
Source: | Code function: | 0_2_00402095 |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Code function: | 0_2_10001B18 |
Source: | Code function: | 0_2_10002E0E | |
Source: | Code function: | 2_2_00150C7A |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | WMI Queries: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | API coverage: |
Source: | WMI Queries: |
Source: | WMI Queries: |
Source: | Code function: | 0_2_0040635D | |
Source: | Code function: | 0_2_0040580B | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 2_2_0040635D | |
Source: | Code function: | 2_2_0040580B | |
Source: | Code function: | 2_2_004027FB |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-4548 | ||
Source: | API call chain: | graph_0-4551 |
Source: | Code function: | 0_2_00405648 |
Source: | Code function: | 0_2_10001B18 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 0_2_0040326A |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 121 Windows Management Instrumentation | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | 1 OS Credential Dumping | 111 Security Software Discovery | Remote Services | 1 Email Collection | 21 Encrypted Channel | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 1 Native API | Boot or Logon Initialization Scripts | 11 Process Injection | 12 Virtualization/Sandbox Evasion | 1 Credentials in Registry | 12 Virtualization/Sandbox Evasion | Remote Desktop Protocol | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | 1 DLL Side-Loading | 1 Disable or Modify Tools | Security Account Manager | 2 File and Directory Discovery | SMB/Windows Admin Shares | 1 Data from Local System | 2 Non-Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 Access Token Manipulation | NTDS | 26 System Information Discovery | Distributed Component Object Model | 1 Clipboard Data | 13 Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Process Injection | LSA Secrets | Internet Connection Discovery | SSH | Keylogging | Fallback Channels | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Deobfuscate/Decode Files or Information | Cached Domain Credentials | Wi-Fi Discovery | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 2 Obfuscated Files or Information | DCSync | Remote System Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | System Owner/User Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | HEUR/AGEN.1361137 | ||
63% | ReversingLabs | Win32.Trojan.GuLoader |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
drive.google.com | 142.251.40.142 | true | false | high | |
drive.usercontent.google.com | 142.251.41.1 | true | false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
142.251.40.142 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
142.251.41.1 | drive.usercontent.google.com | United States | 15169 | GOOGLEUS | false |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1411000 |
Start date and time: | 2024-03-18 15:04:15 +01:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 15m 34s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | comprobante de transferencia.exe |
Detection: | MAL |
Classification: | mal80.troj.spyw.evad.winEXE@3/9@2/2 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, UserOOBEBroker.exe
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: comprobante de transferencia.exe
⊘No simulations
⊘No context
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | FormBook, GuLoader | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | PureLog Stealer, Vidar | Browse |
| ||
Get hash | malicious | Babuk, Djvu | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\nsk3D2F.tmp\System.dll | Get hash | malicious | FormBook, GuLoader | Browse | ||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse | |||
Get hash | malicious | FormBook, GuLoader | Browse |
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.656126712214018 |
Encrypted: | false |
SSDEEP: | 192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE |
MD5: | A4DD044BCD94E9B3370CCF095B31F896 |
SHA1: | 17C78201323AB2095BC53184AA8267C9187D5173 |
SHA-256: | 2E226715419A5882E2E14278940EE8EF0AA648A3EF7AF5B3DC252674111962BC |
SHA-512: | 87335A43B9CA13E1300C7C23E702E87C669E2BCF4F6065F0C684FC53165E9C1F091CC4D79A3ECA3910F0518D3B647120AC0BE1A68EAADE2E75EAA64ADFC92C5A |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Reputation: | moderate, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Fjeldklftens38.bio
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 200432 |
Entropy (8bit): | 3.234993383739913 |
Encrypted: | false |
SSDEEP: | 3072:MbK3xS/itsupP4zlLPatE1650lNzpANsqud:x2K16zJa2Qwd |
MD5: | 910B94BB45EC253A90F4CA8FA56BC584 |
SHA1: | ED29E140FE94207B697953B8D1466F7C02F4E60E |
SHA-256: | BE72DFD9F250BBD69DCFD4508D08A327CBB9B3FBB11964FD5F66BEE35A9FD5C9 |
SHA-512: | 93C902D3EC6959BBFA801D13A787A157A998B3615E69EFA205D0952FA6A9935AB699E62316A20F5DB0682DA340FAC8B8454272DDFE9C82D7C16CF57FBB6EE1A0 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Gaudiest.pre
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 274661 |
Entropy (8bit): | 3.2513826448357057 |
Encrypted: | false |
SSDEEP: | 3072:VLYngh97JDNV3fLhV/OKJCY2kKIwk7Xf7NTVaYYvPclKkL:5Y6Dnj7JCkK/ovBT89cII |
MD5: | 9CB88B1AE7827818B29E20B15C82A937 |
SHA1: | A60DFA07CBF65C96A3C7019D99452F138A12746E |
SHA-256: | 445AA65354C5F1118FE748FE21ACFA11A69400398DD1CEAE2362242B187CF754 |
SHA-512: | 2D0B4879369B2ADF0136AA2CDB1299614311A16D76F2A4FB90521E5D2EA17153874DA1F40C25A0CEBEDBE18DD31C2102AA0B6FAF295F1838FB3798CACA3EF1BE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Morel.Off24
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59489 |
Entropy (8bit): | 4.580505754362581 |
Encrypted: | false |
SSDEEP: | 768:XPXHwrXXLjLW9P0urM8Wq9AcrFvxMh18l6LYn+wKaxTT1cJ/X5iqmdKxRC:2LjLWr1WqN/M4mY+wKaBTQ/X5+KC |
MD5: | 9140973AC47B93AF67ACBA70D8840AD4 |
SHA1: | 5431473058B0F1A06832A7C4AE8525C976620618 |
SHA-256: | 7E665361FD0DB8138B3CF34029342C553CFCD80330F28CBC214423E672BB20F7 |
SHA-512: | F9D180A50699D5A0C517858B813627036C55E87154983A94CB173462C860A7DCA711C139B69074130316AD19EF7BFCE602153931401B74766C8BA8686356BFBE |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Renoveringers\Buddhisme\Indordningers207\Faultiest\gagers.rec
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 183776 |
Entropy (8bit): | 3.2465393215116713 |
Encrypted: | false |
SSDEEP: | 3072:0Y0pp0QgB1Uepc+D+FJOHDz9WWhEGwk/oZP:0Y0piQgB1Uepc+6Q5h7T/+ |
MD5: | B013C10185F365E645B1A8A4090DE5AF |
SHA1: | 20F0178AD225AEC8785EA741E82729E6D816CEF0 |
SHA-256: | 0A403F11C29743BFFF4A5CBB13DA533121BC9CEC2F2BD38473F3939895422E4C |
SHA-512: | B33FDB0357DA26C5E4A6BB45B50FDEAFE102E428F56D90A5EAC57829F5F57F8323C689A2BE928A468DB46948012078D10B605AE03F246EAA72827B1351807412 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Rygklappers.Bly
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246330 |
Entropy (8bit): | 7.79519904417669 |
Encrypted: | false |
SSDEEP: | 3072:5iozhsOrvBM0JN38MXONVHVLufMX6tNMBlZ2FNaCpRvpE9lh81Kf6iWPARBAEPMN:5tSwjRXYotKBl8FkKRC9lH6idLO6OaQ |
MD5: | 005464858B128A2A613D56386FA5297D |
SHA1: | 03CD9F513B21FADBD019F3F3AA2D2D2B9A14116E |
SHA-256: | 95E1306E687940A010BE1CD61F849601C2987399AA659DC86D5707BEA3BA76E1 |
SHA-512: | 067208881D541BAF04C6B11F727891B2928CE34C4EDB3B219944DFF5F6C93A1640635E738364707724D5EBB7D7D6AFC9A9D4243A8176F3CAC5EB3E51BA9ACE08 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\Undervisningsform.bek
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 272352 |
Entropy (8bit): | 3.2380792387673005 |
Encrypted: | false |
SSDEEP: | 3072:9wrIYjPjPwOv1ccOX2vCXCdj4w8JJ3WkPd+Eix/j8lQ1KpB:9lYjTwOdccNCup8JJLP8EiF8lB |
MD5: | 93A04CCDF51474B877C9414AE5AD2760 |
SHA1: | 1321C10A4CC69A33235C87ABF2779A57619533BB |
SHA-256: | D9DCAF7157CB66EFE264672D39EA0D004DD2CECDAC777BDB857509AEDDF040FF |
SHA-512: | 675C752DEDAD08A6BBBB976A3E26F03D54B1AF4DDA84999B7749D8DB67BA01E1488CC92AFB5C769A5B4BE3DD67B6AC0038D9062CD8DDEB025E9493241038DB2D |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\floddeltaets.mar
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 207086 |
Entropy (8bit): | 3.2412864519720883 |
Encrypted: | false |
SSDEEP: | 3072:/xOtUWnnPV6AtPH2oDGzK6jQoplsYXzYl:/xvE6Afw5jQoplLYl |
MD5: | 1171715CBB2206BFF607138FEF73877F |
SHA1: | D7059E4A741A345239A17FE037C8605D4219E28C |
SHA-256: | 27A8BF54AD65E1DC2C3C88BE4A56792C4960365F12BFF185676D0D4966AE3B31 |
SHA-512: | 69449053EAD94E7B0894729E3608F767D8E53775300F876EEC04712C653580EFCEE192BB64EE4A5D10A3B4648351DD0DCB4661F8EB62199BC92B661967ABDB4E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Afskrkkelsesvaabnet84\Fodboldenke\biltyven\kannevasen.txt
Download File
Process: | C:\Users\user\Desktop\comprobante de transferencia.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 453 |
Entropy (8bit): | 4.317248216463251 |
Encrypted: | false |
SSDEEP: | 12:pUVo0WmtKoENHeo6fAy/22Xe7V9Ec/BZMIjbAl4WOE:KjKb9Vyul59JXehn |
MD5: | 9F716DE9908957BD324DCC4ADA5A33F7 |
SHA1: | 5AA93CFD2DF40B9ED1F46A728EEE203258DC05DD |
SHA-256: | CDBC11AE1032690D95484A15A78C94AECFEE10103E26372894547D7B25C01A94 |
SHA-512: | 0C47E325FD292F1E782B69F985A92336D1F0DF39E8C0902389F81BB6E7CE212968EF6EA9ABCBE2C8B9869021A9095B868E93AF51EBF8085596FCC5B05E35F237 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.986983955561028 |
TrID: |
|
File name: | comprobante de transferencia.exe |
File size: | 800'824 bytes |
MD5: | 8a1422827315b9db63cd6b399a454fab |
SHA1: | 235c6e8149097f00ac26e70b0022c7b5a2f49c1d |
SHA256: | 2d49a4fcfdf17af26d78ec4eea4eb75176ab9918c7644855d4d80454ce7382c0 |
SHA512: | 1d48248911e937157eb2147456e7ff508936257916412533ef1c80a2b9f67790f46f178b28014b17d73a3727653b3f26228952cd2802c90800760a74959aae66 |
SSDEEP: | 12288:nqLWnK6qSn2bcfB/5FsfecOs8c3ObwMB8aqEEbViGCyQRy1/6dzgA6zZxfb5R9A:8WnVD5h5FoFJBoZyQqNbbfNQ |
TLSH: | 8A0523261283A041F9E584F54AD7B336DD70A7D94136EB0E6F751ABA2504B22CF243BF |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....c.W.................`...*......j2.......p....@ |
Icon Hash: | 3d2e0f95332b3399 |
Entrypoint: | 0x40326a |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57956391 [Mon Jul 25 00:55:45 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e2a592076b17ef8bfb48b7e03965a3fc |
Signature Valid: | false |
Signature Issuer: | E=Dwarves@eksportmarkeder.Tri, O=Kongefloderne, OU="Palaeodendrologist Linated ", CN=Kongefloderne, L=Leivasy, S=West Virginia, C=US |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | A84745518FBDCF236D8B362BDC042931 |
Thumbprint SHA-1: | EF6135327AF598B98077D3B6778630318A274FCA |
Thumbprint SHA-256: | 57AB6697E2DF0E8CA942FF7C261CB088CB53666DBA46EF8052FA83F02D970B2D |
Serial: | 4714A48C7EED8FC800CFB1095DD34591AD152D1B |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 004092E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004070B0h] |
call dword ptr [004070ACh] |
cmp ax, 00000006h |
je 00007F4780ADDDE3h |
push ebx |
call 00007F4780AE0F24h |
cmp eax, ebx |
je 00007F4780ADDDD9h |
push 00000C00h |
call eax |
mov esi, 004072B8h |
push esi |
call 00007F4780AE0E9Eh |
push esi |
call dword ptr [0040715Ch] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007F4780ADDDBCh |
push ebp |
push 00000009h |
call 00007F4780AE0EF6h |
push 00000007h |
call 00007F4780AE0EEFh |
mov dword ptr [00429204h], eax |
call dword ptr [0040703Ch] |
push ebx |
call dword ptr [004072A4h] |
mov dword ptr [004292B8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 004206A8h |
call dword ptr [00407188h] |
push 004092C8h |
push 00428200h |
call 00007F4780AE0AD8h |
call dword ptr [004070A8h] |
mov ebp, 00434000h |
push eax |
push ebp |
call 00007F4780AE0AC6h |
push ebx |
call dword ptr [00407174h] |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x7504 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x67000 | 0xb48 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0xc1d20 | 0x1b18 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x7000 | 0x2b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x5ff9 | 0x6000 | 34f0469eb860d5ecf0e52ef9d3820a60 | False | 0.6667073567708334 | data | 6.4734859396670705 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x7000 | 0x13a4 | 0x1400 | 848ecd58951d0a4cfe8ec8cfce6b20d1 | False | 0.452734375 | data | 5.125569346027248 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x9000 | 0x202f8 | 0x600 | 3953dbb7217e7539ee75e90871f7aef9 | False | 0.4947916666666667 | data | 3.9050018847265378 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x2a000 | 0x3d000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x67000 | 0xb48 | 0xc00 | 737bf22e330f1bb677a1a75bfb3076c2 | False | 0.4215494791666667 | data | 4.359435247089545 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x671c0 | 0x2e8 | Device independent bitmap graphic, 32 x 64 x 4, image size 640 | English | United States | 0.42473118279569894 |
RT_DIALOG | 0x674a8 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x675a8 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x676c8 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x67790 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x677f0 | 0x14 | data | English | United States | 1.2 |
RT_MANIFEST | 0x67808 | 0x33d | XML 1.0 document, ASCII text, with very long lines (829), with no line terminators | English | United States | 0.5536791314837153 |
DLL | Import |
---|---|
KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2024 15:06:44.187952995 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.187973022 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.188138008 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.201850891 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.201879978 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.484978914 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.485115051 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.485192060 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.485944986 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.486078978 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.554874897 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.554883003 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.555110931 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.555238008 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.558010101 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.600605011 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.779589891 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.779712915 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.779764891 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.779843092 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.781260014 CET | 49784 | 443 | 192.168.11.20 | 142.251.40.142 |
Mar 18, 2024 15:06:44.781271935 CET | 443 | 49784 | 142.251.40.142 | 192.168.11.20 |
Mar 18, 2024 15:06:44.915218115 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:44.915245056 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:44.915505886 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:44.916095018 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:44.916110039 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.127846003 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.128058910 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.128058910 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.133785963 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.133801937 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.134341955 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.134496927 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.134900093 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.176569939 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.675909996 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.676068068 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.676068068 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.676115036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.682615042 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.682786942 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.682786942 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.682807922 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.695477009 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.695689917 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.702162027 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.702435017 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.770195007 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.770525932 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.770538092 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.770778894 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.773463964 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.773689985 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.773700953 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.773931980 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.780162096 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.780375957 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.780388117 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.780548096 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.786660910 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.786874056 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.786886930 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.787144899 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.793369055 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.793581963 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.793595076 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.793829918 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.799920082 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.800132036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.800143957 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.800334930 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.806499004 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.806710958 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.806723118 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.806974888 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.813143969 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.813385963 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.813397884 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.813592911 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.819250107 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.819451094 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.819463968 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.819662094 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.825200081 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.825402021 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.825413942 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.825630903 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.831336021 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.831541061 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.831553936 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.831763029 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.837760925 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.838001013 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.838057041 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.838293076 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.843724966 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.843961954 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.846930027 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.847178936 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.847239971 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.847485065 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.847542048 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.847801924 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.865192890 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.865421057 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.865478039 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.865684032 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.867501020 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.867744923 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.867801905 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.868036985 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.872294903 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.872545004 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.872626066 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.872886896 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.876513004 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.876708031 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.876770973 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.877055883 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.880790949 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.881032944 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.881122112 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.881319046 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.885081053 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.885274887 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.885338068 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.885535955 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.885575056 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.885740995 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.889368057 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.889564991 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.889628887 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.889897108 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.893570900 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.893750906 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.893815994 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.894057989 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.897949934 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.898134947 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.898197889 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.898396969 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.902143955 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.902331114 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.902396917 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.902628899 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.906441927 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.906650066 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.906713963 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.906960011 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.910645962 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.910881042 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.912985086 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.913162947 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.913248062 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.913438082 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.917172909 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.917407036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.917479992 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.917635918 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.921381950 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.921591043 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.921659946 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.921837091 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.925683975 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.925945044 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.926001072 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.926229954 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.930073977 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.930289984 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.930362940 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.930545092 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.934295893 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.934499979 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.934559107 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.934813023 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.938532114 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.938796997 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.938878059 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.939062119 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.943378925 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.943569899 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.943643093 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.943835020 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.947262049 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.947438002 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.947494984 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.947680950 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.950695992 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.950885057 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.950922966 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.951103926 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.955965042 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.956134081 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.956170082 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.956340075 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.958127022 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.958306074 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.958343983 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.958512068 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.961905003 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.962073088 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.964334965 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.964689016 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.964716911 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.964855909 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.968110085 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.968311071 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.968321085 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.968523979 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.971559048 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.971729994 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.971740961 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.971956015 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.973984957 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.974134922 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.974877119 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.975032091 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.976330996 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.976475000 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.977485895 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.977663994 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.979274988 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.979425907 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.979434013 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.979568005 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.981151104 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.981316090 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.981326103 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.981479883 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.983639956 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.984092951 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.984102011 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.984247923 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.985882044 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.986028910 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.986041069 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.986185074 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.988075972 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.988257885 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.988269091 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.988423109 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.990417957 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.990624905 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.990633965 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.990811110 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.993136883 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.993297100 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.993307114 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.993439913 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.995348930 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.995532990 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.995906115 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.996118069 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.996126890 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.996259928 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.998538971 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.998692036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:45.998703003 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:45.998833895 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.000272036 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.000432968 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.000443935 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.000588894 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.002437115 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.002603054 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.002612114 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.002774954 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.004581928 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.004785061 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.004810095 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.004945040 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.006767988 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.006923914 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.006934881 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.007101059 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.009139061 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.009341955 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.009352922 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.009507895 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.010780096 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.010925055 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.010946989 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.011106968 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.012806892 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.012984037 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.012994051 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.013096094 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.014761925 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.014941931 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.014952898 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.015098095 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.016788006 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.016978025 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.016988039 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.017126083 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.018969059 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.019103050 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.019129992 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.019284010 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.020581961 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.020726919 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.021619081 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.021766901 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.021775961 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.021923065 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.023514032 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.023833036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.023843050 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.024003029 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.025366068 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.025549889 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.025561094 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.025706053 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.027363062 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.027543068 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.027551889 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.027733088 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.029055119 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.029202938 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.029213905 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.029350996 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.030958891 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.031141043 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.031150103 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.031282902 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.032685995 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.032831907 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.032845974 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.033014059 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.034774065 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.034939051 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.034950018 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.035106897 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.036375999 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.036524057 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.036536932 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.036770105 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.038135052 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.038291931 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.038305044 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.038472891 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.040005922 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.040241957 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.040251970 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.040383101 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.041702986 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.041867018 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.041878939 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.042021036 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.043509960 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.043662071 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.044337034 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.044478893 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.044488907 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.044723034 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.046128988 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.046293974 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.046305895 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.046498060 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.047842026 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.048028946 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.048039913 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.048178911 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.049546003 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.049726009 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.049736977 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.049913883 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.051249027 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.051461935 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.051476955 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.051616907 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.052880049 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.053056002 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.053066015 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.053606987 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.054649115 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.054805994 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.054821968 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.054958105 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.056262970 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.056404114 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.056416035 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.056555986 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.057797909 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.057949066 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.057965994 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.058123112 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.059453964 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.059670925 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.059681892 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.059858084 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.061192036 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.061387062 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.061398029 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.061562061 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.062849998 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.063019037 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.063030958 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.063199043 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.064302921 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.064460993 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.065159082 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.065320015 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.065335035 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.065562963 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.066759109 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.066935062 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.066945076 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.067143917 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.068372965 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.068516016 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.068527937 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.068701982 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.070838928 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.070982933 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Mar 18, 2024 15:06:46.070987940 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.071118116 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.071182013 CET | 49785 | 443 | 192.168.11.20 | 142.251.41.1 |
Mar 18, 2024 15:06:46.071196079 CET | 443 | 49785 | 142.251.41.1 | 192.168.11.20 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Mar 18, 2024 15:06:44.086272955 CET | 55029 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 18, 2024 15:06:44.181320906 CET | 53 | 55029 | 1.1.1.1 | 192.168.11.20 |
Mar 18, 2024 15:06:44.818701982 CET | 51600 | 53 | 192.168.11.20 | 1.1.1.1 |
Mar 18, 2024 15:06:44.914122105 CET | 53 | 51600 | 1.1.1.1 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Mar 18, 2024 15:06:44.086272955 CET | 192.168.11.20 | 1.1.1.1 | 0xe3d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Mar 18, 2024 15:06:44.818701982 CET | 192.168.11.20 | 1.1.1.1 | 0xcff | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Mar 18, 2024 15:06:44.181320906 CET | 1.1.1.1 | 192.168.11.20 | 0xe3d | No error (0) | 142.251.40.142 | A (IP address) | IN (0x0001) | false | ||
Mar 18, 2024 15:06:44.914122105 CET | 1.1.1.1 | 192.168.11.20 | 0xcff | No error (0) | 142.251.41.1 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.11.20 | 49784 | 142.251.40.142 | 443 | 8496 | C:\Users\user\Desktop\comprobante de transferencia.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-18 14:06:44 UTC | 216 | OUT | |
2024-03-18 14:06:44 UTC | 1582 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.11.20 | 49785 | 142.251.41.1 | 443 | 8496 | C:\Users\user\Desktop\comprobante de transferencia.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-03-18 14:06:45 UTC | 258 | OUT | |
2024-03-18 14:06:45 UTC | 4687 | IN |