Edit tour
Windows
Analysis Report
SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe
Overview
General Information
Detection
NanoCore, GuLoader
Score: | 84 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Sigma detected: NanoCore
Yara detected GuLoader
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Uses dynamic DNS services
Uses 32bit PE files
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard
Classification
- System is w10x64native
- SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe (PID: 6320 cmdline:
C:\Users\u ser\Deskto p\Securite Info.com.G en.Variant .Nemesis.1 3378.9376. 21815.exe MD5: 5F570885A22CF0A74CA454EA710BCD2E) - CasPol.exe (PID: 2752 cmdline:
C:\Users\u ser\Deskto p\Securite Info.com.G en.Variant .Nemesis.1 3378.9376. 21815.exe MD5: 7BAE06CBE364BB42B8C34FCFB90E3EBD) - conhost.exe (PID: 7924 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
- cleanup
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_DelphiSystemParamCount | Detected Delphi use of System.ParamCount() | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_2 | Yara detected GuLoader | Joe Security | ||
JoeSecurity_GuLoader_3 | Yara detected GuLoader | Joe Security |
AV Detection |
---|
Source: | Author: Joe Security: |
E-Banking Fraud |
---|
Source: | Author: Joe Security: |
Stealing of Sensitive Information |
---|
Source: | Author: Joe Security: |
Remote Access Functionality |
---|
Source: | Author: Joe Security: |
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Source: | Static PE information: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Static PE information: |
Source: | Code function: | 1_2_004065C5 | |
Source: | Code function: | 1_2_00405990 | |
Source: | Code function: | 1_2_00402862 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Networking |
---|
Source: | DNS query: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | UDP traffic detected without corresponding DNS query: | ||
Source: | UDP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | Code function: | 1_2_00405425 |
Source: | Static PE information: |
Source: | Code function: | 1_2_00403373 |
Source: | Code function: | 1_2_00404C62 | |
Source: | Code function: | 1_2_00406ADD | |
Source: | Code function: | 1_2_004072B4 | |
Source: | Code function: | 1_2_02B8002E | |
Source: | Code function: | 1_2_02B81AA8 | |
Source: | Code function: | 1_2_02B61695 | |
Source: | Code function: | 1_2_02B602FC | |
Source: | Code function: | 1_2_02B65EC9 | |
Source: | Code function: | 1_2_02B6023B | |
Source: | Code function: | 1_2_02B60601 | |
Source: | Code function: | 1_2_02B6060E | |
Source: | Code function: | 1_2_02B6020B | |
Source: | Code function: | 1_2_02B6026C | |
Source: | Code function: | 1_2_02B65E4D | |
Source: | Code function: | 1_2_02B657B1 | |
Source: | Code function: | 1_2_02B60BAE | |
Source: | Code function: | 1_2_02B66F95 | |
Source: | Code function: | 1_2_02B603F6 | |
Source: | Code function: | 1_2_02B60BD4 | |
Source: | Code function: | 1_2_02B66FC4 | |
Source: | Code function: | 1_2_02B65B33 | |
Source: | Code function: | 1_2_02B6731D | |
Source: | Code function: | 1_2_02B60B73 | |
Source: | Code function: | 1_2_02B60370 | |
Source: | Code function: | 1_2_02B60B7A | |
Source: | Code function: | 1_2_02B66F66 | |
Source: | Code function: | 1_2_02B65B6D | |
Source: | Code function: | 1_2_02B66342 | |
Source: | Code function: | 1_2_02B60348 | |
Source: | Code function: | 1_2_02B82CB9 | |
Source: | Code function: | 1_2_02B60C83 | |
Source: | Code function: | 1_2_02B6008F | |
Source: | Code function: | 1_2_02B60489 | |
Source: | Code function: | 1_2_02B60CFB | |
Source: | Code function: | 1_2_02B600D5 | |
Source: | Code function: | 1_2_02B604C0 | |
Source: | Code function: | 1_2_02B60CC8 | |
Source: | Code function: | 1_2_02B60001 | |
Source: | Code function: | 1_2_02B81C0F | |
Source: | Code function: | 1_2_02B60472 | |
Source: | Code function: | 1_2_02B60057 | |
Source: | Code function: | 1_2_02B60C50 | |
Source: | Code function: | 1_2_02B65C5D | |
Source: | Code function: | 1_2_02B821BC | |
Source: | Code function: | 1_2_02B801AC | |
Source: | Code function: | 1_2_02B73D96 | |
Source: | Code function: | 1_2_02B60191 | |
Source: | Code function: | 1_2_02B671E9 | |
Source: | Code function: | 1_2_02B601DD | |
Source: | Code function: | 1_2_02B69DC3 | |
Source: | Code function: | 1_2_02B829CF | |
Source: | Code function: | 1_2_02B815C3 | |
Source: | Code function: | 1_2_02B8052A | |
Source: | Code function: | 1_2_02B60D2C | |
Source: | Code function: | 1_2_02B6692C | |
Source: | Code function: | 1_2_02B67113 | |
Source: | Code function: | 1_2_02B6011C | |
Source: | Code function: | 1_2_02B60572 | |
Source: | Code function: | 1_2_02B6015A | |
Source: | Code function: | 1_2_02B66945 | |
Source: | Code function: | 1_2_02B60542 |
Source: | Code function: | 1_2_02B84AFC | |
Source: | Code function: | 1_2_02B839D6 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | File read: | Jump to behavior |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | LNK file: |
Source: | Code function: | 1_2_00403373 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | Code function: | 1_2_004020FE |
Source: | File read: | Jump to behavior |
Source: | Code function: | 1_2_004046E6 |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File source: |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Data Obfuscation |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 1_2_10002E0E | |
Source: | Code function: | 1_2_02B6870E | |
Source: | Code function: | 1_2_02B62E86 | |
Source: | Code function: | 1_2_02B67E56 | |
Source: | Code function: | 1_2_02B677DC | |
Source: | Code function: | 1_2_02B630CC | |
Source: | Code function: | 1_2_02B640D0 | |
Source: | Code function: | 1_2_02B640D0 | |
Source: | Code function: | 1_2_02B640D0 | |
Source: | Code function: | 1_2_02B605C3 |
Source: | Code function: | 1_2_10001B18 |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Code function: | 1_2_02B60AA2 |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_004065C5 | |
Source: | Code function: | 1_2_00405990 | |
Source: | Code function: | 1_2_00402862 |
Source: | Thread delayed: | Jump to behavior |
Source: | System information queried: | Jump to behavior |
Source: | API call chain: | graph_1-13697 | ||
Source: | API call chain: | graph_1-13701 |
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior | ||
Source: | File opened: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_10001B18 |
Source: | Code function: | 1_2_02B60AA2 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_02B80E92 | |
Source: | Code function: | 1_2_02B82CB9 | |
Source: | Code function: | 1_2_02B69DC3 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 1_2_02B80EBA |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: |
Source: | Code function: | 1_2_02B66C0A |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_00403373 |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Native API | 1 DLL Side-Loading | 1 Access Token Manipulation | 1 Masquerading | OS Credential Dumping | 221 Security Software Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 11 Encrypted Channel | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 System Shutdown/Reboot |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 112 Process Injection | 1 Disable or Modify Tools | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 1 Clipboard Data | Exfiltration Over Bluetooth | 1 Non-Standard Port | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | 1 DLL Side-Loading | 131 Virtualization/Sandbox Evasion | Security Account Manager | 131 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Ingress Tool Transfer | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Access Token Manipulation | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 2 Non-Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 112 Process Injection | LSA Secrets | 3 File and Directory Discovery | SSH | Keylogging | Data Transfer Size Limits | 113 Application Layer Protocol | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Hidden Files and Directories | Cached Domain Credentials | 15 System Information Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Obfuscated Files or Information | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 DLL Side-Loading | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | ReversingLabs | Win32.Downloader.Minix |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
3% | ReversingLabs | |||
0% | Virustotal | Browse | ||
3% | Metadefender | Browse | ||
0% | ReversingLabs | |||
1% | Virustotal | Browse | ||
4% | Metadefender | Browse |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
1% | Virustotal | Browse |
⊘No Antivirus matches
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
mastersure042.duckdns.org | 91.193.75.140 | true | true |
| unknown |
drive.google.com | 142.250.186.78 | true | false | high | |
googlehosted.l.googleusercontent.com | 172.217.16.193 | true | false | high | |
doc-10-90-docs.googleusercontent.com | unknown | unknown | false | high |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false | high |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
91.193.75.140 | mastersure042.duckdns.org | Serbia | 209623 | DAVID_CRAIGGG | true | |
142.250.186.78 | drive.google.com | United States | 15169 | GOOGLEUS | false | |
172.217.16.193 | googlehosted.l.googleusercontent.com | United States | 15169 | GOOGLEUS | false |
IP |
---|
127.0.0.1 |
Joe Sandbox Version: | 36.0.0 Rainbow Opal |
Analysis ID: | 736731 |
Start date and time: | 2022-11-03 07:19:30 +01:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 17s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301 |
Run name: | Suspected Instruction Hammering |
Number of analysed new started processes analysed: | 16 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal84.troj.evad.winEXE@4/7@23/4 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, ecs.office.com, wdcpalt.microsoft.com, client.wns.windows.com, login.live.com, wdcp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtAllocateVirtualMemory calls found.
- Report size getting too big, too many NtDeviceIoControlFile calls found.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtSetInformationFile calls found.
Time | Type | Description |
---|---|---|
07:22:08 | API Interceptor |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
DAVID_CRAIGGG | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
37f463bf4616ecd445d4a1937da06e19 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ligtorn\Pantry\Jessie\Sentinels\Behavioural\SetupHelper.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
C:\Users\user\AppData\Local\Temp\nsbA35F.tmp\System.dll | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ligtorn\Pantry\Agrafferne\Hjernearbejder.Mes
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 29009 |
Entropy (8bit): | 7.992971996572874 |
Encrypted: | true |
SSDEEP: | 768:NTG4pBCkWRRNsNBaAYbI3dQT/tJWqX7THfFO4PaSmUZeNue11f:NS4pBbWRR6NBa9E3dI/WqrbFLPa2U31N |
MD5: | 3165628E559E4C71AD58389A882A44C7 |
SHA1: | 65DB3BC9931B59BAB3B49BC0A383873D9503EAD2 |
SHA-256: | E6F69E5ED26145EB0B9AD53FF02752578D16A1D6E340ED9B341132EFBEFF9A34 |
SHA-512: | CBE8C725E73CBD7819483B094824861533CC2338CEA3B25674D03C00D8F153716C5920E8E8A88192C8808F9FC16672D1674672397C541866827E3BC30083E1DF |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ligtorn\Pantry\Agrafferne\input-mouse-symbolic.svg
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1159 |
Entropy (8bit): | 4.771334618443714 |
Encrypted: | false |
SSDEEP: | 24:t4Col+1ecdmaT7C7vPHqouTMT3X+E744AeWrGMwU0CICx:QcdmaT7C7nqoqg3uE744Ae3MwUNx |
MD5: | 6ABC1ECB25C92CFDB963EA764BA01B00 |
SHA1: | 2DD0D27B47EE7C77D4FFF4BA069804666214C462 |
SHA-256: | 6F263C116AEB1C8B9CC2B58CB717087C08D3D70D7B4F39A79BE108DC454385F5 |
SHA-512: | C9457DCC24D6AAB73C2F813CEE9218777813CDEE438790ACBBAAD7CCDB04538045E3CE78762F2200CE390396534E3E9D5E668148A1EA961E21006E3465BA1735 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ligtorn\Pantry\Jessie\Sentinels\Behavioural\SetupHelper.exe
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 409720 |
Entropy (8bit): | 6.608973549518863 |
Encrypted: | false |
SSDEEP: | 12288:DTWCBabqAS+XjHeOudiXDfoSzc52jHLiinD0XbFITkk:uRvS+XjHFudyPHf0Xbmok |
MD5: | 20AE886E07C3A21B187823EF2367E5FC |
SHA1: | 8E217654DB7EBD99040EEB5387E0EE1A03DEE4F1 |
SHA-256: | AD4485A9D7A7DE8A78B183B820E932E44DBFF11AF7D584005351878E35146458 |
SHA-512: | ECC1C4588E5DD4004712D9F6AEAC1CBFB2BFA5258899878878AB9C47676D9306A4FD4D92E8594B7DCB7F07A65673923144992C3618979F69146755CA02E13F73 |
Malicious: | false |
Yara Hits: |
|
Antivirus: | |
Joe Sandbox View: | |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Ligtorn\Pantry\Systemkvaliteternes.Jug
Download File
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 154398 |
Entropy (8bit): | 7.20503336878212 |
Encrypted: | false |
SSDEEP: | 3072:js12w2Uq479uSd9iXb8FERFfW3093Qre84GFkRMG4vihP:02w27Ku+iwy9Ytur4vsP |
MD5: | 1E6F0B6A7479BC35ABB19BEC8A6C66FF |
SHA1: | F85A912925B345EF073A6E6BDBAD5099FC777F79 |
SHA-256: | A5029F422FEA64C4C7DF6ACC6EF04AAB4D93E5C72C1572B8FDD9621278532E03 |
SHA-512: | 8C7D29BD13B3AC980AF4D9841F667D157A1F7EFFA7CBAE164CE867A87D5C1EA05A2558864D595ACD57B4594ED02211942188371C21C09B86129551905513BCD6 |
Malicious: | false |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11776 |
Entropy (8bit): | 5.659384359264642 |
Encrypted: | false |
SSDEEP: | 192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz |
MD5: | 8B3830B9DBF87F84DDD3B26645FED3A0 |
SHA1: | 223BEF1F19E644A610A0877D01EADC9E28299509 |
SHA-256: | F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37 |
SHA-512: | D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03 |
Malicious: | false |
Antivirus: | |
Joe Sandbox View: |
|
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8 |
Entropy (8bit): | 3.0 |
Encrypted: | false |
SSDEEP: | 3:0St:pt |
MD5: | B9A99DD89B2B74FA3D0DB489A9441F60 |
SHA1: | D10A9398FC0186720F25C85406C9162F1AF53C27 |
SHA-256: | F107BEC012DA220E92554B8801535F7FA92C949C7E2DBB4E588B80F7A723466C |
SHA-512: | 22975136BDB95133318A25BDFC5AAB82EB592ACBE56B01418A2EBD0225E8933D89D7AD164153C2CB27DB32402021D2C3DFC81D9B1AE3F5ABDE629CAE203DE0FF |
Malicious: | true |
Preview: |
Process: | C:\Users\user\Desktop\SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1648 |
Entropy (8bit): | 3.085836381315963 |
Encrypted: | false |
SSDEEP: | 24:8i6/rWLgD4/BOmRCBecGlodQAC+eTv/8AdizZwa/kjJT:8ZCgDsvRCLGloPCLEKiNwswT |
MD5: | 394618606785FD3F683F7A6ADA540F44 |
SHA1: | 5B60259981F74037841F4B5196D732AD0FF570AB |
SHA-256: | 3148C86B36AF9B4F40E97D7FAB519A883B07B3D9D55F619ED07E22B16233C266 |
SHA-512: | 1ED6603DF13D09981A761CCDEADCAA514BC83683107FE2D6A814306FD973B52522C2160EE56AAE524DE32CDF83718CFC68564D0C2C836BEDFE7F8FE8CE5D6DD6 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.683733070429602 |
TrID: |
|
File name: | SecuriteInfo.com.Gen.Variant.Nemesis.13378.9376.21815.exe |
File size: | 531480 |
MD5: | 5f570885a22cf0a74ca454ea710bcd2e |
SHA1: | 82e8aa91a64dd2e0f1c18317518e9e2914387967 |
SHA256: | a1dbe6c38c03059bd197cde9e455e03875c32dd034cc6c229c4c62b2d1753eaf |
SHA512: | 0b5ab3698c43d3fe69375b5cd6c48853fc2069f693da1858eacba79db4afbae51624292b4acc311fe76f267e832dfc05062a5776a26f65c08590ae5138ef60b9 |
SSDEEP: | 12288:tOHcKlaPVnLmr22GAsKK/tLOsQ/2V82BKZ70EHH:tgcKliVar22GCMtPymQH |
TLSH: | 8DB4F290FB91C4D2EDB503B85E77DCF129ABBD7D70B0420D224A39696AB3352106F94B |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...6.uY.................f......... |
Icon Hash: | 74e8c4ccdcccc0e8 |
Entrypoint: | 0x403373 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE |
Time Stamp: | 0x59759536 [Mon Jul 24 06:35:34 2017 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 4 |
OS Version Minor: | 0 |
File Version Major: | 4 |
File Version Minor: | 0 |
Subsystem Version Major: | 4 |
Subsystem Version Minor: | 0 |
Import Hash: | b34f154ec913d2d2c435cbd644e91687 |
Signature Valid: | false |
Signature Issuer: | OU="truts Femetagershuset Strangulerendes ", E=Placeringsmssigt@Aiders.Ba, O=Skvadre, L=Tullygally, S=Northern Ireland, C=GB |
Signature Validation Error: | A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider |
Error Number: | -2146762487 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 8D20C24B85839068FFE77A9B0E43442A |
Thumbprint SHA-1: | 510509682B2BB050F41F78498A1B87F673D0540D |
Thumbprint SHA-256: | 58D9F4474CF9AC7B148864CF2DC476F50AD1C3B094EC4A93D61BF46D8E2C617F |
Serial: | FCD368E4C01BC4FC |
Instruction |
---|
sub esp, 000002D4h |
push ebx |
push esi |
push edi |
push 00000020h |
pop edi |
xor ebx, ebx |
push 00008001h |
mov dword ptr [esp+14h], ebx |
mov dword ptr [esp+10h], 0040A2E0h |
mov dword ptr [esp+1Ch], ebx |
call dword ptr [004080A8h] |
call dword ptr [004080A4h] |
and eax, BFFFFFFFh |
cmp ax, 00000006h |
mov dword ptr [00434EECh], eax |
je 00007F32F432E0A3h |
push ebx |
call 00007F32F4331339h |
cmp eax, ebx |
je 00007F32F432E099h |
push 00000C00h |
call eax |
mov esi, 004082B0h |
push esi |
call 00007F32F43312B3h |
push esi |
call dword ptr [00408150h] |
lea esi, dword ptr [esi+eax+01h] |
cmp byte ptr [esi], 00000000h |
jne 00007F32F432E07Ch |
push 0000000Ah |
call 00007F32F433130Ch |
push 00000008h |
call 00007F32F4331305h |
push 00000006h |
mov dword ptr [00434EE4h], eax |
call 00007F32F43312F9h |
cmp eax, ebx |
je 00007F32F432E0A1h |
push 0000001Eh |
call eax |
test eax, eax |
je 00007F32F432E099h |
or byte ptr [00434EEFh], 00000040h |
push ebp |
call dword ptr [00408044h] |
push ebx |
call dword ptr [004082A0h] |
mov dword ptr [00434FB8h], eax |
push ebx |
lea eax, dword ptr [esp+34h] |
push 000002B4h |
push eax |
push ebx |
push 0042B208h |
call dword ptr [00408188h] |
push 0040A2C8h |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8608 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6b000 | 0x1c6f8 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x81508 | 0x710 | .rsrc |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8000 | 0x2b0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x65ef | 0x6600 | False | 0.6750919117647058 | data | 6.514810500836391 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x8000 | 0x149a | 0x1600 | False | 0.43803267045454547 | data | 5.007075185851696 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xa000 | 0x2aff8 | 0x600 | False | 0.5162760416666666 | data | 4.036693470004838 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.ndata | 0x35000 | 0x36000 | 0x0 | False | 0 | empty | 0.0 | IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.rsrc | 0x6b000 | 0x1c6f8 | 0x1c800 | False | 0.3971011513157895 | data | 5.769513251643276 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x6b2b0 | 0x10828 | Device independent bitmap graphic, 128 x 256 x 32, image size 67584 | English | United States |
RT_ICON | 0x7bad8 | 0x7125 | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x82c00 | 0x25a8 | Device independent bitmap graphic, 48 x 96 x 32, image size 9600 | English | United States |
RT_ICON | 0x851a8 | 0x10a8 | Device independent bitmap graphic, 32 x 64 x 32, image size 4224 | English | United States |
RT_ICON | 0x86250 | 0x988 | Device independent bitmap graphic, 24 x 48 x 32, image size 2400 | English | United States |
RT_ICON | 0x86bd8 | 0x468 | Device independent bitmap graphic, 16 x 32 x 32, image size 1088 | English | United States |
RT_DIALOG | 0x87040 | 0x120 | data | English | United States |
RT_DIALOG | 0x87160 | 0xf8 | data | English | United States |
RT_DIALOG | 0x87258 | 0xa0 | data | English | United States |
RT_DIALOG | 0x872f8 | 0x60 | data | English | United States |
RT_GROUP_ICON | 0x87358 | 0x5a | data | English | United States |
RT_MANIFEST | 0x873b8 | 0x33e | XML 1.0 document, ASCII text, with very long lines (830), with no line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | SetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW |
USER32.dll | GetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage |
GDI32.dll | SelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor |
SHELL32.dll | SHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW |
ADVAPI32.dll | AdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW |
COMCTL32.dll | ImageList_Create, ImageList_AddMasked, ImageList_Destroy |
ole32.dll | OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 3, 2022 07:22:06.104052067 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.104077101 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.104285002 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.125946999 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.125966072 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.159946918 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.160141945 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.160685062 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.160917997 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.284450054 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.285581112 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.285882950 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.289532900 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.332398891 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.680895090 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.681197882 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.681219101 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.681294918 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.681361914 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.681483030 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.681483030 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.681503057 CET | 443 | 49840 | 142.250.186.78 | 192.168.11.20 |
Nov 3, 2022 07:22:06.681638956 CET | 49840 | 443 | 192.168.11.20 | 142.250.186.78 |
Nov 3, 2022 07:22:06.780091047 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.780183077 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.780476093 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.780817986 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.780883074 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.836155891 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.836443901 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.836443901 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.838258982 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.838484049 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.842258930 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.842293978 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.842972040 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:06.843183041 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.843549967 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:06.884386063 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.077380896 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.077605963 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.077661991 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.077703953 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.077898026 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.078182936 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.078449965 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.078926086 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.079174995 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.079174995 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.079854965 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.080113888 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.080113888 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.080188036 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.080466986 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.082560062 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.082863092 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.082925081 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.083193064 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.085501909 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.085747004 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.085764885 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.085819006 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.085997105 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.086019039 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.086070061 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.086313009 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.086313009 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.086365938 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.086647987 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.086908102 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.087121964 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.087157011 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.087227106 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.087277889 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.087445021 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.087747097 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.087913990 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.087954044 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.088252068 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.088283062 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.088473082 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.088514090 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.088660002 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.088710070 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.088903904 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.089050055 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.089106083 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.089137077 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.089301109 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.089576006 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.089776993 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.089845896 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.089907885 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.089937925 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.090102911 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.090365887 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.090573072 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.090585947 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.090645075 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.090929985 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.090929985 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.091291904 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.091490984 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.091583967 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.091641903 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.091871977 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.092058897 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.092087984 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.092219114 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.092263937 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.092343092 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.092618942 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.092618942 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.092811108 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.093168020 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.093224049 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.093504906 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094182968 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094422102 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094424009 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094461918 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094594955 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094595909 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094614983 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094640017 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094821930 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094821930 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.094840050 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.094861984 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.095015049 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.095174074 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.095174074 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.095206022 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.095438957 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.095465899 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.095660925 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.095860004 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.095860004 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.095901012 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.096214056 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.096370935 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.096569061 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.096605062 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.096716881 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.096807003 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.096828938 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.096852064 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.097018957 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.097018957 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.097316980 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.097647905 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.097702026 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.097882032 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.097991943 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098047972 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.098148108 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098334074 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098368883 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.098547935 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.098659039 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098715067 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.098754883 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098942041 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.098972082 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099134922 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.099160910 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099369049 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099447966 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.099476099 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099618912 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.099620104 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.099652052 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099976063 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.099980116 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.100013018 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.100322962 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.100347996 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.100389004 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.100739956 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.100794077 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101001024 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101175070 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101252079 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.101253033 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.101289034 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101404905 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101604939 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101633072 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.101640940 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101656914 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.101824999 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.101886988 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102001905 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102114916 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102291107 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.102291107 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.102313995 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102358103 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.102526903 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102550030 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.102569103 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102758884 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.102833986 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.102853060 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103008032 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103075027 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103075027 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103075027 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103105068 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103251934 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103316069 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103429079 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103450060 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103468895 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103586912 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103672028 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103779078 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103795052 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.103949070 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103949070 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103949070 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.103969097 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.104219913 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.104358912 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.104475021 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.104608059 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.104720116 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105191946 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105237961 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105391026 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105571032 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105571032 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105691910 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105803013 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105803013 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.105808020 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105823040 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.105849981 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106031895 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106043100 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106065035 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106232882 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106245995 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106437922 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106497049 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106683969 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106683969 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106698990 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106852055 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106935024 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.106950998 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106950998 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.106967926 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107141972 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107157946 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107239962 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107259035 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107388020 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107433081 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107472897 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107600927 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107600927 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107625961 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107794046 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107794046 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107820988 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107846022 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.107889891 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.107908964 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108071089 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108083963 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108108997 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108244896 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108244896 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108263016 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108382940 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108437061 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108453989 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108628035 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108644962 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108745098 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108803034 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.108819008 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.108968973 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109122038 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109273911 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109314919 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.109330893 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109508038 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.109508038 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.109524012 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109533072 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109637976 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109760046 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109787941 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.109788895 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.109805107 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.109890938 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.110076904 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.110076904 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.110269070 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.110269070 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:07.110291004 CET | 443 | 49841 | 172.217.16.193 | 192.168.11.20 |
Nov 3, 2022 07:22:07.110421896 CET | 49841 | 443 | 192.168.11.20 | 172.217.16.193 |
Nov 3, 2022 07:22:08.611685991 CET | 49842 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:09.621212959 CET | 49842 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:11.636447906 CET | 49842 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:15.651154995 CET | 49842 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:26.415853977 CET | 49844 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:27.429826975 CET | 49844 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:29.444947004 CET | 49844 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:33.459829092 CET | 49844 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:44.345773935 CET | 49846 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:45.347752094 CET | 49846 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:47.362911940 CET | 49846 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:22:51.377754927 CET | 49846 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:19.392076969 CET | 49852 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:20.402610064 CET | 49852 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:22.417761087 CET | 49852 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:26.432399035 CET | 49852 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:36.137001991 CET | 49853 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:37.148859978 CET | 49853 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:39.164077997 CET | 49853 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:43.178745985 CET | 49853 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:53.327042103 CET | 49855 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:54.332618952 CET | 49855 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:23:56.347698927 CET | 49855 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:00.362405062 CET | 49855 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:30.296247005 CET | 49859 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:31.308762074 CET | 49859 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:33.324003935 CET | 49859 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:37.338728905 CET | 49859 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:46.980000019 CET | 49861 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:47.992600918 CET | 49861 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:50.007767916 CET | 49861 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:24:54.022555113 CET | 49861 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:03.678822041 CET | 49862 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:04.692224026 CET | 49862 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:06.707253933 CET | 49862 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:10.721962929 CET | 49862 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:39.627424955 CET | 49866 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:40.637242079 CET | 49866 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:42.652507067 CET | 49866 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:46.667275906 CET | 49866 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:57.479132891 CET | 49867 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:25:58.492800951 CET | 49867 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:00.492306948 CET | 49867 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:04.506989956 CET | 49867 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:14.805486917 CET | 49870 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:15.817159891 CET | 49870 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:17.832159996 CET | 49870 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:21.846966982 CET | 49870 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:50.893275023 CET | 49874 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:51.902858019 CET | 49874 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:53.918149948 CET | 49874 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:26:57.932811975 CET | 49874 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:08.804995060 CET | 49875 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:09.820765018 CET | 49875 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:11.836194992 CET | 49875 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:15.850709915 CET | 49875 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:25.738163948 CET | 49876 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:26.738899946 CET | 49876 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:28.754169941 CET | 49876 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:27:32.768826962 CET | 49876 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:00.613584995 CET | 49881 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:01.621855974 CET | 49881 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:03.637151957 CET | 49881 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:07.651741982 CET | 49881 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:17.263108015 CET | 49882 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:18.274539948 CET | 49882 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:20.289840937 CET | 49882 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:24.304409981 CET | 49882 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:33.914041996 CET | 49883 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:34.927254915 CET | 49883 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:36.942250967 CET | 49883 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:28:40.957233906 CET | 49883 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:08.797992945 CET | 49887 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:09.810059071 CET | 49887 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:11.825140953 CET | 49887 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:15.839953899 CET | 49887 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:25.468081951 CET | 49888 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:26.478364944 CET | 49888 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:28.493432045 CET | 49888 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:32.508106947 CET | 49888 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:42.120014906 CET | 49889 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:43.130920887 CET | 49889 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:45.146136999 CET | 49889 | 4235 | 192.168.11.20 | 91.193.75.140 |
Nov 3, 2022 07:29:49.160748005 CET | 49889 | 4235 | 192.168.11.20 | 91.193.75.140 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Nov 3, 2022 07:22:06.085922956 CET | 61318 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 3, 2022 07:22:06.094679117 CET | 53 | 61318 | 1.1.1.1 | 192.168.11.20 |
Nov 3, 2022 07:22:06.739177942 CET | 51603 | 53 | 192.168.11.20 | 1.1.1.1 |
Nov 3, 2022 07:22:06.778670073 CET | 53 | 51603 | 1.1.1.1 | 192.168.11.20 |
Nov 3, 2022 07:22:08.496257067 CET | 56734 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:22:08.606661081 CET | 53 | 56734 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:22:26.404068947 CET | 62640 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:22:26.414750099 CET | 53 | 62640 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:22:44.232770920 CET | 54927 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:22:44.344129086 CET | 53 | 54927 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:23:19.280148029 CET | 59679 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:23:19.391164064 CET | 53 | 59679 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:23:36.026688099 CET | 54456 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:23:36.136117935 CET | 53 | 54456 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:23:53.214232922 CET | 49315 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:23:53.325628042 CET | 53 | 49315 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:24:30.186912060 CET | 62241 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:24:30.295273066 CET | 53 | 62241 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:24:46.870704889 CET | 64115 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:24:46.979331970 CET | 53 | 64115 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:25:03.569710016 CET | 62163 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:25:03.677933931 CET | 53 | 62163 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:25:39.514545918 CET | 56130 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:25:39.626437902 CET | 53 | 56130 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:25:57.369896889 CET | 56178 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:25:57.478291035 CET | 53 | 56178 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:26:14.694293022 CET | 62107 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:26:14.804553032 CET | 53 | 62107 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:26:50.780349016 CET | 58719 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:26:50.892088890 CET | 53 | 58719 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:27:08.693469048 CET | 60362 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:27:08.804120064 CET | 53 | 60362 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:27:25.725686073 CET | 49555 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:27:25.737281084 CET | 53 | 49555 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:28:00.501806974 CET | 62669 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:28:00.612746000 CET | 53 | 62669 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:28:17.151650906 CET | 63153 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:28:17.262226105 CET | 53 | 63153 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:28:33.804290056 CET | 63202 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:28:33.913090944 CET | 53 | 63202 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:29:08.687299013 CET | 51854 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:29:08.797080994 CET | 53 | 51854 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:29:25.355581045 CET | 52846 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:29:25.467226028 CET | 53 | 52846 | 8.8.4.4 | 192.168.11.20 |
Nov 3, 2022 07:29:42.008141994 CET | 57976 | 53 | 192.168.11.20 | 8.8.4.4 |
Nov 3, 2022 07:29:42.119210958 CET | 53 | 57976 | 8.8.4.4 | 192.168.11.20 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Nov 3, 2022 07:22:06.085922956 CET | 192.168.11.20 | 1.1.1.1 | 0xc7f7 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:22:06.739177942 CET | 192.168.11.20 | 1.1.1.1 | 0xb56c | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:22:08.496257067 CET | 192.168.11.20 | 8.8.4.4 | 0x97dc | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:22:26.404068947 CET | 192.168.11.20 | 8.8.4.4 | 0x1c64 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:22:44.232770920 CET | 192.168.11.20 | 8.8.4.4 | 0xac6d | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:23:19.280148029 CET | 192.168.11.20 | 8.8.4.4 | 0x6871 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:23:36.026688099 CET | 192.168.11.20 | 8.8.4.4 | 0x60be | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:23:53.214232922 CET | 192.168.11.20 | 8.8.4.4 | 0xc8b3 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:24:30.186912060 CET | 192.168.11.20 | 8.8.4.4 | 0xf8a5 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:24:46.870704889 CET | 192.168.11.20 | 8.8.4.4 | 0x66a8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:25:03.569710016 CET | 192.168.11.20 | 8.8.4.4 | 0xe79f | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:25:39.514545918 CET | 192.168.11.20 | 8.8.4.4 | 0x4d08 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:25:57.369896889 CET | 192.168.11.20 | 8.8.4.4 | 0x42fe | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:26:14.694293022 CET | 192.168.11.20 | 8.8.4.4 | 0xe123 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:26:50.780349016 CET | 192.168.11.20 | 8.8.4.4 | 0x4bbd | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:27:08.693469048 CET | 192.168.11.20 | 8.8.4.4 | 0xbb4b | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:27:25.725686073 CET | 192.168.11.20 | 8.8.4.4 | 0xdfc8 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:28:00.501806974 CET | 192.168.11.20 | 8.8.4.4 | 0x8e30 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:28:17.151650906 CET | 192.168.11.20 | 8.8.4.4 | 0x6830 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:28:33.804290056 CET | 192.168.11.20 | 8.8.4.4 | 0x3d83 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:29:08.687299013 CET | 192.168.11.20 | 8.8.4.4 | 0x307 | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:29:25.355581045 CET | 192.168.11.20 | 8.8.4.4 | 0x4fab | Standard query (0) | A (IP address) | IN (0x0001) | false | |
Nov 3, 2022 07:29:42.008141994 CET | 192.168.11.20 | 8.8.4.4 | 0x79fd | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Nov 3, 2022 07:22:06.094679117 CET | 1.1.1.1 | 192.168.11.20 | 0xc7f7 | No error (0) | 142.250.186.78 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:22:06.778670073 CET | 1.1.1.1 | 192.168.11.20 | 0xb56c | No error (0) | googlehosted.l.googleusercontent.com | CNAME (Canonical name) | IN (0x0001) | false | ||
Nov 3, 2022 07:22:06.778670073 CET | 1.1.1.1 | 192.168.11.20 | 0xb56c | No error (0) | 172.217.16.193 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:22:08.606661081 CET | 8.8.4.4 | 192.168.11.20 | 0x97dc | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:22:26.414750099 CET | 8.8.4.4 | 192.168.11.20 | 0x1c64 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:22:44.344129086 CET | 8.8.4.4 | 192.168.11.20 | 0xac6d | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:23:19.391164064 CET | 8.8.4.4 | 192.168.11.20 | 0x6871 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:23:36.136117935 CET | 8.8.4.4 | 192.168.11.20 | 0x60be | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:23:53.325628042 CET | 8.8.4.4 | 192.168.11.20 | 0xc8b3 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:24:30.295273066 CET | 8.8.4.4 | 192.168.11.20 | 0xf8a5 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:24:46.979331970 CET | 8.8.4.4 | 192.168.11.20 | 0x66a8 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:25:03.677933931 CET | 8.8.4.4 | 192.168.11.20 | 0xe79f | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:25:39.626437902 CET | 8.8.4.4 | 192.168.11.20 | 0x4d08 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:25:57.478291035 CET | 8.8.4.4 | 192.168.11.20 | 0x42fe | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:26:14.804553032 CET | 8.8.4.4 | 192.168.11.20 | 0xe123 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:26:50.892088890 CET | 8.8.4.4 | 192.168.11.20 | 0x4bbd | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:27:08.804120064 CET | 8.8.4.4 | 192.168.11.20 | 0xbb4b | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:27:25.737281084 CET | 8.8.4.4 | 192.168.11.20 | 0xdfc8 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:28:00.612746000 CET | 8.8.4.4 | 192.168.11.20 | 0x8e30 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:28:17.262226105 CET | 8.8.4.4 | 192.168.11.20 | 0x6830 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:28:33.913090944 CET | 8.8.4.4 | 192.168.11.20 | 0x3d83 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:29:08.797080994 CET | 8.8.4.4 | 192.168.11.20 | 0x307 | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:29:25.467226028 CET | 8.8.4.4 | 192.168.11.20 | 0x4fab | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false | ||
Nov 3, 2022 07:29:42.119210958 CET | 8.8.4.4 | 192.168.11.20 | 0x79fd | No error (0) | 91.193.75.140 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.11.20 | 49840 | 142.250.186.78 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-03 06:22:06 UTC | 0 | OUT | |
2022-11-03 06:22:06 UTC | 0 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.11.20 | 49841 | 172.217.16.193 | 443 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
2022-11-03 06:22:06 UTC | 1 | OUT | |
2022-11-03 06:22:07 UTC | 2 | IN |