Play interactive tour
Edit tourWindows Analysis Report ejecutable.exe
Overview
General Information
| Sample Name: | ejecutable.exe |
| Analysis ID: | 1374 |
| MD5: | e1034cf41226f321428de243d9248219 |
| SHA1: | 613dd5838e227f6a6587b25d9e947dcdbe59223d |
| SHA256: | 276e2e964b739fdb0aaefc10f3144cf9484ee0e55a3e131293eefbaaf12ec47f |
| Infos: | |
Most interesting Screenshot:  | |
Detection
AgentTesla GuLoader
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Telegram RAT
Yara detected AgentTesla
Sigma detected: RegAsm connects to smtp port
Yara detected GuLoader
Hides threads from debuggers
Writes to foreign memory regions
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Tries to steal Mail credentials (via file access)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Uses SMTP (mail sending)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
Threatname: Agenttesla |
|---|
{"Exfil Mode": "SMTP", "SMTP Info": "pablo@crealuz.esPu10?as1mail.crealuz.esdoggyvirus01@gmail.com"}Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| JoeSecurity_CredentialStealer | Yara detected Credential Stealer | Joe Security | ||
| JoeSecurity_TelegramRAT | Yara detected Telegram RAT | Joe Security | ||
| JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
| JoeSecurity_AgentTesla_1 | Yara detected AgentTesla | Joe Security | ||
| Click to see the 2 entries | ||||
Sigma Overview |
|---|
Networking: |   |
|---|
| Sigma detected: RegAsm connects to smtp port | Show sources | ||
| Source: | Author: Joe Security: | ||
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: | |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Code function: | 4_2_012D114E | |
| Source: | Code function: | 4_2_012D1113 | |
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
Networking: | |
|---|
| Source: | ASN Name: | ||
| Source: | JA3 fingerprint: | ||
| Source: | IP Address: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic: | ||
| Source: | TCP traffic: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | Network traffic detected: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | UDP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | DNS traffic detected: | ||
| Source: | Code function: | 4_2_1E45A09A | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 4_2_0133C58B | |
| Source: | Code function: | 4_2_01768518 | |
| Source: | Code function: | 4_2_017612A0 | |
| Source: | Code function: | 4_2_01768B8E | |
| Source: | Code function: | 4_2_1D217900 | |
| Source: | Code function: | 4_2_1D21DF6C | |
| Source: | Code function: | 4_2_1D219740 | |
| Source: | Code function: | 4_2_1D21D748 | |
| Source: | Code function: | 4_2_1D219B80 | |
| Source: | Code function: | 4_2_1D214F80 | |
| Source: | Code function: | 4_2_1D214210 | |
| Source: | Code function: | 4_2_1D21E640 | |
| Source: | Code function: | 4_2_1D21D2B8 | |
| Source: | Code function: | 4_2_1D21BAF4 | |
| Source: | Code function: | 4_2_1E452BC1 | |
| Source: | Code function: | 4_2_1E452B4A | |
| Source: | Code function: | 4_2_1E452ADD | |
| Source: | Code function: | 4_2_209290D8 | |
| Source: | Code function: | 4_2_2092EE38 | |
| Source: | Code function: | 4_2_1E45B0BA | |
| Source: | Code function: | 4_2_1E45B089 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 4_2_1E45AF3E | |
| Source: | Code function: | 4_2_1E45AF07 | |
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
Data Obfuscation: | |
|---|
| Yara detected GuLoader | Show sources | ||
| Source: | File source: | ||
| Source: | Code function: | 1_2_00407734 | |
| Source: | Code function: | 1_2_004065BD | |
| Source: | Code function: | 1_2_02AB197A | |
| Source: | Code function: | 1_2_02AB56B6 | |
| Source: | Code function: | 1_2_02AB362B | |
| Source: | Code function: | 1_2_02AB166A | |
| Source: | Code function: | 1_2_02AB1447 | |
| Source: | Code function: | 4_2_1D21E439 | |
| Source: | Code function: | 4_2_1E452B48 | |
| Source: | Code function: | 4_2_1E452B48 | |
| Source: | Code function: | 4_2_1E452D8C | |
| Source: | Code function: | 4_2_1E452D8C | |
| Source: | Code function: | 4_2_1E490A44 | |
| Source: | Code function: | 4_2_1E490A7C | |
| Source: | Code function: | 4_2_1E490B24 | |
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion: | |
|---|
| Tries to detect Any.run | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) | Show sources | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Found evasive API chain (trying to detect sleep duration tampering with parallel thread) | Show sources | ||
| Source: | Function Chain: | ||
| Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) | Show sources | ||
| Source: | WMI Queries: | ||
| Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) | Show sources | ||
| Source: | WMI Queries: | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | WMI Queries: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | System information queried: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
Anti Debugging: | |
|---|
| Hides threads from debuggers | Show sources | ||
| Source: | Thread information set: | Jump to behavior | ||
| Source: | Thread information set: | Jump to behavior | ||
| Source: | Process token adjusted: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 4_2_01761870 | |
| Source: | Memory allocated: | Jump to behavior | ||
HIPS / PFW / Operating System Protection Evasion: | |
|---|
| Writes to foreign memory regions | Show sources | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information: | |
|---|
| Yara detected Telegram RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Yara detected AgentTesla | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) | Show sources | ||
| Source: | Key opened: | Jump to behavior | ||
| Tries to harvest and steal ftp login credentials | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Tries to steal Mail credentials (via file access) | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Tries to harvest and steal browser information (history, passwords, etc) | Show sources | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality: | |
|---|
| Yara detected Telegram RAT | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Yara detected AgentTesla | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation211 | DLL Side-Loading1 | Access Token Manipulation1 | Masquerading1 | OS Credential Dumping2 | Security Software Discovery421 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel21 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Native API1 | Boot or Logon Initialization Scripts | Process Injection112 | Disable or Modify Tools11 | Credentials in Registry1 | Process Discovery2 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Non-Standard Port1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | At (Linux) | Logon Script (Windows) | DLL Side-Loading1 | Virtualization/Sandbox Evasion341 | Security Account Manager | Virtualization/Sandbox Evasion341 | SMB/Windows Admin Shares | Data from Local System2 | Automated Exfiltration | Ingress Tool Transfer2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Access Token Manipulation1 | NTDS | Application Window Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Non-Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Process Injection112 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Application Layer Protocol23 | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Information Discovery115 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | DLL Side-Loading1 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 31% | Virustotal | Browse | ||
| 16% | ReversingLabs | Win32.Trojan.Mucc |
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| No Antivirus matches |
|---|
Domains |
|---|
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| crealuz.es | 31.193.225.171 | true | true |
| unknown |
| drive.google.com | 142.250.185.174 | true | false | high | |
| googlehosted.l.googleusercontent.com | 142.250.184.193 | true | false | high | |
| doc-0g-50-docs.googleusercontent.com | unknown | unknown | false | high | |
| mail.crealuz.es | unknown | unknown | true |
| unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| false | high |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| false |
| low | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 142.250.185.174 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
| 142.250.184.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false | |
| 31.193.225.171 | crealuz.es | Spain | 56732 | HOSTINET_ASES | true |
General Information |
|---|
| Joe Sandbox Version: | 33.0.0 White Diamond |
| Analysis ID: | 1374 |
| Start date: | 27.09.2021 |
| Start time: | 20:11:29 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 43s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | ejecutable.exe |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
| Run name: | Suspected Instruction Hammering |
| Number of analysed new started processes analysed: | 6 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.spre.troj.spyw.evad.winEXE@4/3@3/3 |
| EGA Information: |
|
| HDC Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 20:14:16 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 31.193.225.171 | Get hash | malicious | Browse | ||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse | |||
| Get hash | malicious | Browse |
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| HOSTINET_ASES | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 73728 |
| Entropy (8bit): | 3.758760013585961 |
| Encrypted: | false |
| SSDEEP: | 384:qGHsAH0UkOYBOYVOQ0fH8VnRMD+lEofbKWc9JqxYuiAAW2QBRW9TYVVox:pHO9FVISnSSlpDK9SiyBRCcS |
| MD5: | CFA95D988565672C785871A48B529F85 |
| SHA1: | 4D6BED615DFA00E1067E6F95F8EC6C210ADF96A7 |
| SHA-256: | 647D64A623FB1B62175441A0EF016F8B4479A64D620498644F15DD04FDFB3B24 |
| SHA-512: | 0CB69C41DBE7A482F87FAC27EDADC822928D21B6C238EBED2459CD1873B2181734CB67D3A38714C2BAB57FFAEE699CF5EBFF5ABFC3D291B6C36A8E71572CD402 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 98304 |
| Entropy (8bit): | 0.08231524779339361 |
| Encrypted: | false |
| SSDEEP: | 12:DQANJfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQANJff32mNVpP965Ra8KN0MG/lO |
| MD5: | 886A5F9308577FDF19279AA582D0024D |
| SHA1: | CDCCC11837CDDB657EB0EF6A01202451ECDF4992 |
| SHA-256: | BA7EB45B7E9B6990BC63BE63836B74FA2CCB64DCD0C199056B6AE37B1AE735F2 |
| SHA-512: | FF0692E52368708B36C161A4BFA91EE01CCA1B86F66666F7FC4979C6792D598FF7720A9FAF258F61439DAD61DB55C50D992E99769B1E4D321EC5B98230684BC5 |
| Malicious: | false |
| Reputation: | low |
| Preview: |
|
| Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 30 |
| Entropy (8bit): | 3.964735178725505 |
| Encrypted: | false |
| SSDEEP: | 3:IBVFBWAGRHneyy:ITqAGRHner |
| MD5: | 9F754B47B351EF0FC32527B541420595 |
| SHA1: | 006C66220B33E98C725B73495FE97B3291CE14D9 |
| SHA-256: | 0219D77348D2F0510025E188D4EA84A8E73F856DEB5E0878D673079D05840591 |
| SHA-512: | C6996379BCB774CE27EEEC0F173CBACC70CA02F3A773DD879E3A42DA554535A94A9C13308D14E873C71A338105804AFFF32302558111EE880BA0C41747A08532 |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 5.839989984815213 |
| TrID: |
|
| File name: | ejecutable.exe |
| File size: | 90112 |
| MD5: | e1034cf41226f321428de243d9248219 |
| SHA1: | 613dd5838e227f6a6587b25d9e947dcdbe59223d |
| SHA256: | 276e2e964b739fdb0aaefc10f3144cf9484ee0e55a3e131293eefbaaf12ec47f |
| SHA512: | 38b355821a3e250599807d3b1513a99c571698732d5ceb9fdbfc4923e3a3fb1119bc33e66b3adaf393f271b5b1ad54ee465fcd8009b8bb87518b2fab2c9d1913 |
| SSDEEP: | 1536:t1OkpNVDEOhpf7WIbnqOyCqOQwqX7gTE:tAkfVDEERS9RCqA8X |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i.......................*..............Rich....................PE..L......Q.................0... ...............@....@........ |
File Icon |
|---|
 | |
| Icon Hash: | 821ca88c8e8c8c00 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x4012c8 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
| DLL Characteristics: | |
| Time Stamp: | 0x5192C0A3 [Tue May 14 22:54:27 2013 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 4 |
| OS Version Minor: | 0 |
| File Version Major: | 4 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 4 |
| Subsystem Version Minor: | 0 |
| Import Hash: | e73b8c032c82c64991ebe487a7ffcd43 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| push 00410090h |
| call 00007F3768691AF3h |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| xor byte ptr [eax], al |
| add byte ptr [eax], al |
| dec eax |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add byte ptr [eax], al |
| add ch, dh |
| xchg eax, ebp |
| push esi |
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x137c4 | 0x28 | .text |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x15000 | 0x568 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x230 | 0x20 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x1000 | 0xe8 | .text |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x12c2c | 0x13000 | False | 0.529399671053 | data | 6.33909939895 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .data | 0x14000 | 0xcf4 | 0x1000 | False | 0.00634765625 | data | 0.0 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x15000 | 0x568 | 0x1000 | False | 0.133544921875 | data | 1.45958450876 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Resources |
|---|
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_ICON | 0x15440 | 0x128 | GLS_BINARY_LSB_FIRST | ||
| RT_GROUP_ICON | 0x1542c | 0x14 | data | ||
| RT_VERSION | 0x150f0 | 0x33c | data | Chinese | Taiwan |
Imports |
|---|
| DLL | Import |
|---|---|
| MSVBVM60.DLL | _CIcos, _adj_fptan, __vbaFreeVar, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, __vbaFreeObjList, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaAryDestruct, __vbaObjSet, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, __vbaFpR8, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaAryConstruct2, __vbaObjVar, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, EVENT_SINK_QueryInterface, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, __vbaFPException, _CIlog, __vbaNew2, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, __vbaStrCopy, _adj_fdivr_m32, _adj_fdiv_r, __vbaVarTstNe, __vbaStrToAnsi, __vbaFpI4, __vbaLateMemCallLd, _CIatan, __vbaStrMove, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj |
Version Infos |
|---|
| Description | Data |
|---|---|
| Translation | 0x0404 0x04b0 |
| LegalCopyright | ChatSwipe |
| InternalName | KLTRINGESTREGERNE |
| FileVersion | 4.04.0001 |
| CompanyName | ChatSwipe |
| LegalTrademarks | ChatSwipe |
| Comments | ChatSwipe |
| ProductName | ChatSwipe |
| ProductVersion | 4.04.0001 |
| FileDescription | ChatSwipe |
| OriginalFilename | KLTRINGESTREGERNE.exe |
Possible Origin |
|---|
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| Chinese | Taiwan |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 27, 2021 20:14:08.313544035 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.313620090 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.313788891 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.329735041 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.329792976 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.380918026 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.381078005 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.381120920 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.384078026 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.384423971 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.504847050 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.504901886 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.505578041 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.505700111 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.508196115 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.550013065 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.882023096 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.882214069 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.882280111 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.882414103 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.882443905 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.882538080 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.882618904 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.882675886 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.931478024 CEST | 49787 | 443 | 192.168.11.20 | 142.250.185.174 |
| Sep 27, 2021 20:14:08.931535006 CEST | 443 | 49787 | 142.250.185.174 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.025799036 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.025865078 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.026102066 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.026420116 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.026459932 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.078454971 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.078660965 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.080652952 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.080890894 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.084311008 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.084322929 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.084677935 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.084796906 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.085117102 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.126002073 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.335294962 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.335536003 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.335578918 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.335611105 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.335663080 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.335879087 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.336198092 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.336390972 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.337605953 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.337759972 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.337785959 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.337816000 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.337860107 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.337946892 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.338064909 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.338295937 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.338514090 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.338567019 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.338766098 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.344944954 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.345202923 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.345216036 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.345247984 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.345568895 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.345602989 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.345776081 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.346041918 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.346232891 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.346270084 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.346471071 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.346615076 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.346873999 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.346915007 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.347070932 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.347235918 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.347387075 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.347419977 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.347595930 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.347842932 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.347989082 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.348015070 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.348217964 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.348565102 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.348793030 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.348823071 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.349056959 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.349345922 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.349858999 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.349893093 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.350110054 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.350123882 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.350159883 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.350378036 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.350637913 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.350800991 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.350827932 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.351066113 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.351221085 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.351380110 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.351394892 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.351418018 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.351598978 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.351624966 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.351768017 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.352108955 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.352262020 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.352268934 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.352289915 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.352458000 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.352475882 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.353007078 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.353169918 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.353179932 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.353199959 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.353370905 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.353909016 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.354090929 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.354131937 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.354186058 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.354330063 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.354363918 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.354965925 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355108023 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355197906 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355278969 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.355317116 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355329037 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.355338097 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.355586052 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.355674982 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355835915 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355837107 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.355860949 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.355988979 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.356009007 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.356024027 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.356184006 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.356507063 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.356745005 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.356746912 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.356779099 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357002974 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.357093096 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.357105970 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357542992 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357567072 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.357590914 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357712984 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357805014 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.357806921 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357836962 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.357923985 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.358083963 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.358246088 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.358429909 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.358452082 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.358582020 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.358602047 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.358629942 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.358719110 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.358736038 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.359071970 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.359236002 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.359325886 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.359338999 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.359375000 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.359384060 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.359472036 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.359486103 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.359935045 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360079050 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360162020 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.360167980 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360188961 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360228062 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.360353947 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.360723019 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360886097 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.360889912 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.360918999 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.361049891 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.361074924 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.361090899 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.361399889 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.361692905 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.361884117 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.361913919 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362015009 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362361908 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.362394094 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362586975 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362699032 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362757921 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.362782001 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.362802029 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.363101006 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364157915 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364315033 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364377975 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364406109 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364492893 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364495039 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364567041 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364587069 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364605904 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364636898 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364736080 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364743948 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364748955 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364770889 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364907026 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364918947 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.364933968 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.364952087 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.365087986 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.365106106 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.365447044 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.365600109 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.365619898 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.365643024 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.365745068 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.365756989 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.365771055 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.365957975 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.366004944 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366240025 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.366332054 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366485119 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.366517067 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366544008 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366682053 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.366719007 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366880894 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.366919994 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.366942883 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367049932 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367069960 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367098093 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367248058 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367259979 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367278099 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367289066 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367304087 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367465019 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367495060 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367717028 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367746115 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367929935 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.367959976 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.367989063 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.368076086 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.368124008 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.368139982 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.368331909 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.368443012 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.368467093 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.368542910 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.368743896 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.368757963 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.368874073 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369071007 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369086981 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369103909 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369272947 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369415998 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369460106 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369481087 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369560957 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369652033 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369709969 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369729996 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369822025 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369864941 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.369960070 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.369986057 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370110035 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370218039 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370244026 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370249033 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370269060 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370343924 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370390892 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370443106 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370474100 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370594978 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370625019 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370663881 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370764017 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370785952 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370809078 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370826006 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370935917 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.370955944 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370970011 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.370985985 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371102095 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371119976 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371138096 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371151924 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371270895 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371285915 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371313095 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371443033 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371465921 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371496916 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371603966 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371623039 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371650934 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371670961 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371810913 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.371833086 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371857882 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371953011 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.371993065 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372010946 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372026920 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372088909 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372116089 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372198105 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372203112 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372221947 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372297049 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372349977 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372361898 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372375011 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372539997 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372603893 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372766018 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.372788906 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.372998953 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373027086 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.373055935 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373147964 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.373163939 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.373178005 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373339891 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373403072 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.373420000 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373524904 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.373903990 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.374084949 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.374134064 CEST | 443 | 49788 | 142.250.184.193 | 192.168.11.20 |
| Sep 27, 2021 20:14:09.374142885 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:14:09.374404907 CEST | 49788 | 443 | 192.168.11.20 | 142.250.184.193 |
| Sep 27, 2021 20:15:40.469265938 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.515856028 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.516000032 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.636559963 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.637027979 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.684393883 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.684870958 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.735232115 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.739583015 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.796701908 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.796736956 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.796757936 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.796768904 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.796978951 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.799315929 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.801559925 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.816596031 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.848459005 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.848704100 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.863226891 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.863420010 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:40.864311934 CEST | 587 | 49789 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.864451885 CEST | 49789 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.147517920 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.198178053 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.198502064 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.256752014 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.256997108 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.313265085 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.313596010 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.368127108 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.368705988 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.428886890 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.428976059 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.429039955 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.429085016 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.429411888 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.431227922 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.433585882 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.485301971 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.534415960 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.577949047 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.628894091 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.629394054 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.681047916 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.681595087 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.706558943 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.760273933 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.760298014 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.760559082 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.760581970 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
| Sep 27, 2021 20:15:42.761111021 CEST | 587 | 49790 | 31.193.225.171 | 192.168.11.20 |
| Sep 27, 2021 20:15:42.761267900 CEST | 49790 | 587 | 192.168.11.20 | 31.193.225.171 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Sep 27, 2021 20:13:18.582467079 CEST | 57990 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:13:18.591799974 CEST | 53 | 57990 | 1.1.1.1 | 192.168.11.20 |
| Sep 27, 2021 20:13:18.685797930 CEST | 51518 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:13:18.847676039 CEST | 53 | 51518 | 1.1.1.1 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.289891005 CEST | 54587 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:14:08.299207926 CEST | 53 | 54587 | 1.1.1.1 | 192.168.11.20 |
| Sep 27, 2021 20:14:08.990601063 CEST | 59422 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:14:09.024334908 CEST | 53 | 59422 | 1.1.1.1 | 192.168.11.20 |
| Sep 27, 2021 20:15:40.327378988 CEST | 52027 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:15:40.418462038 CEST | 53 | 52027 | 1.1.1.1 | 192.168.11.20 |
| Sep 27, 2021 20:20:43.051867962 CEST | 62062 | 53 | 192.168.11.20 | 1.1.1.1 |
| Sep 27, 2021 20:20:43.060532093 CEST | 53 | 62062 | 1.1.1.1 | 192.168.11.20 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Sep 27, 2021 20:14:08.289891005 CEST | 192.168.11.20 | 1.1.1.1 | 0xd52c | Standard query (0) | A (IP address) | IN (0x0001) | |
| Sep 27, 2021 20:14:08.990601063 CEST | 192.168.11.20 | 1.1.1.1 | 0xe63f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Sep 27, 2021 20:15:40.327378988 CEST | 192.168.11.20 | 1.1.1.1 | 0xeeb4 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Sep 27, 2021 20:14:08.299207926 CEST | 1.1.1.1 | 192.168.11.20 | 0xd52c | No error (0) | 142.250.185.174 | A (IP address) | IN (0x0001) | ||
| Sep 27, 2021 20:14:09.024334908 CEST | 1.1.1.1 | 192.168.11.20 | 0xe63f | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | ||
| Sep 27, 2021 20:14:09.024334908 CEST | 1.1.1.1 | 192.168.11.20 | 0xe63f | No error (0) | 142.250.184.193 | A (IP address) | IN (0x0001) | ||
| Sep 27, 2021 20:15:40.418462038 CEST | 1.1.1.1 | 192.168.11.20 | 0xeeb4 | No error (0) | crealuz.es | CNAME (Canonical name) | IN (0x0001) | ||
| Sep 27, 2021 20:15:40.418462038 CEST | 1.1.1.1 | 192.168.11.20 | 0xeeb4 | No error (0) | 31.193.225.171 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
|---|
|
HTTPS Proxied Packets |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.11.20 | 49787 | 142.250.185.174 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-09-27 18:14:08 UTC | 0 | OUT | |
| 2021-09-27 18:14:08 UTC | 0 | IN | |
| 2021-09-27 18:14:08 UTC | 1 | IN | |
| 2021-09-27 18:14:08 UTC | 1 | IN |
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 1 | 192.168.11.20 | 49788 | 142.250.184.193 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| 2021-09-27 18:14:09 UTC | 1 | OUT | |
| 2021-09-27 18:14:09 UTC | 2 | IN |