Play interactive tour
Edit tourWindows Analysis Report lj3H69Z3Io.dll
Overview
General Information
| Sample Name: | lj3H69Z3Io.dll |
| Analysis ID: | 447090 |
| MD5: | 0bb29556ece1c51c751cb4e7c8752ddc |
| SHA1: | 324cc356a56c68e51f09348e91405001e68e4a08 |
| SHA256: | af1b052362469a67fcd871558b24efa2be44a4b29f88112e5c2d2295a1dc4252 |
| Tags: | dllGoziISFBUrsnif |
| Infos: | |
Most interesting Screenshot:  | |
Detection
Ursnif
| Score: | 96 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Encoded IEX
Yara detected Ursnif
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Mshta Spawning Windows Shell
Suspicious powershell command line found
Writes registry values via WMI
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for the Microsoft Outlook file path
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
Process Tree |
|---|
|
Malware Configuration |
|---|
Threatname: Ursnif |
|---|
{"lang_id": "RU, CN", "RSA Public Key": "RS1bISYM3RiUEB+kp8sXk6GKaUSJTMdHLJSpyFRYeZm6NlcBwtjx2F3paluhib1HCWprL2CGUSXu41FZM2nRjuIHp5Tc3Qvf1bHq8axt1kKB98ZnmfPh2SiQVpHGVA+TOuAe97sVP0cE6xXX2ilAxOJC4Rf34gUi3XolV8kPrfJCHChbu9w1+s7rrVZTOVjBW+TY1D3deVJlDZHvhlBuumQis3pP1XsoLa3Qay006/AhbN9RIoAAij7c7SagXOd4BXA8L9GZCI5rXohvITy2kTk5pHs5LCiTFpT9Pohv1JBotMkOGx7WyBP+G1Cbx4yBjRbbIosmagFN4Hgw4QhKyFdWlAfAWJCgEYrSkeFoNBM=", "c2_domain": ["gtr.antoinfer.com", "app.bighomegl.at"], "botnet": "2500", "server": "580", "serpent_key": "B43ovnLWYCtQUCWU", "sleep_time": "10", "CONF_TIMEOUT": "20", "SetWaitableTimer_value": "10"}Yara Overview |
|---|
Memory Dumps |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| Click to see the 5 entries | ||||
Unpacked PEs |
|---|
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security |
Sigma Overview |
|---|
System Summary: |   |
|---|
| Sigma detected: Encoded IEX | Show sources | ||
| Source: | Author: Florian Roth: | ||
| Sigma detected: MSHTA Spawning Windows Shell | Show sources | ||
| Source: | Author: Michael Haag: | ||
| Sigma detected: Mshta Spawning Windows Shell | Show sources | ||
| Source: | Author: Florian Roth: | ||
| Sigma detected: Non Interactive PowerShell | Show sources | ||
| Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): | ||
Jbx Signature Overview |
|---|
Click to jump to signature section
Show All Signature Results
AV Detection: | |
|---|
| Found malware configuration | Show sources | ||
| Source: | Malware Configuration Extractor: | ||
| Multi AV Scanner detection for domain / URL | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Multi AV Scanner detection for submitted file | Show sources | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | |||
| Source: | Static PE information: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 2_2_6E188626 | |
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
E-Banking Fraud: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
System Summary: | |
|---|
| Writes registry values via WMI | Show sources | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | Code function: | 3_2_6E141B9C | |
| Source: | Code function: | 3_2_6E141EC7 | |
| Source: | Code function: | 3_2_6E142485 | |
| Source: | Code function: | 2_2_6E167CA0 | |
| Source: | Code function: | 2_2_6E16B840 | |
| Source: | Code function: | 2_2_6E1796BD | |
| Source: | Code function: | 2_2_6E17CEC0 | |
| Source: | Code function: | 2_2_6E17FF3F | |
| Source: | Code function: | 2_2_6E175FDD | |
| Source: | Code function: | 2_2_6E186CF9 | |
| Source: | Code function: | 2_2_6E189B9C | |
| Source: | Code function: | 3_2_6E142264 | |
| Source: | Code function: | 3_2_6E16B840 | |
| Source: | Code function: | 3_2_6E1796BD | |
| Source: | Code function: | 3_2_6E17CEC0 | |
| Source: | Code function: | 3_2_6E17FF3F | |
| Source: | Code function: | 3_2_6E175FDD | |
| Source: | Code function: | 42_2_00007FFAEEA1056F | |
| Source: | Code function: | ||
| Source: | Code function: | ||
| Source: | Process created: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Section loaded: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Virustotal: | ||
| Source: | ReversingLabs: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Automated click: | ||
| Source: | Window detected: | ||
| Source: | File opened: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
Data Obfuscation: | |
|---|
| Suspicious powershell command line found | Show sources | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Code function: | 3_2_6E141F7C | |
| Source: | Code function: | 2_2_6E174480 | |
| Source: | Code function: | 2_2_6E142D17 | |
| Source: | Code function: | 2_2_6E174AD9 | |
| Source: | Code function: | 3_2_6E142209 | |
| Source: | Code function: | 3_2_6E142263 | |
| Source: | Code function: | 3_2_6E174480 | |
| Source: | Code function: | 3_2_6E174AD9 | |
| Source: | Code function: | 3_2_6E1BF508 | |
Hooking and other Techniques for Hiding and Protection: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Registry key monitored for changes: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Process information set: | |||
| Source: | Thread delayed: | ||
| Source: | Window / User API: | ||
| Source: | Window / User API: | ||
| Source: | Thread sleep time: | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Code function: | 2_2_6E188626 | |
| Source: | Thread delayed: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Process information queried: | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 2_2_6E141EB0 | |
| Source: | Code function: | 2_2_6E17875F | |
| Source: | Code function: | 3_2_6E141F7C | |
| Source: | Code function: | 2_2_6E17DF99 | |
| Source: | Code function: | 3_2_6E17DF99 | |
| Source: | Code function: | 3_2_6E1BD8B6 | |
| Source: | Code function: | 3_2_6E1BD3EC | |
| Source: | Code function: | 3_2_6E1BD7E5 | |
| Source: | Process token adjusted: | ||
| Source: | Code function: | 2_2_6E17462D | |
| Source: | Code function: | 2_2_6E17875F | |
| Source: | Code function: | 2_2_6E174901 | |
| Source: | Code function: | 3_2_6E17462D | |
| Source: | Code function: | 3_2_6E17875F | |
| Source: | Code function: | 3_2_6E174901 | |
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 2_2_6E174ADB | |
| Source: | Code function: | 2_2_6E18C3CB | |
| Source: | Code function: | 2_2_6E18C643 | |
| Source: | Code function: | 2_2_6E18C68E | |
| Source: | Code function: | 2_2_6E18C729 | |
| Source: | Code function: | 2_2_6E18C7B6 | |
| Source: | Code function: | 2_2_6E18CC36 | |
| Source: | Code function: | 2_2_6E1834FA | |
| Source: | Code function: | 2_2_6E18CD03 | |
| Source: | Code function: | 2_2_6E18C59A | |
| Source: | Code function: | 2_2_6E18CA06 | |
| Source: | Code function: | 2_2_6E18CB2F | |
| Source: | Code function: | 2_2_6E183961 | |
| Source: | Code function: | 3_2_6E141E8A | |
| Source: | Code function: | 3_2_6E18C3CB | |
| Source: | Code function: | 3_2_6E18C643 | |
| Source: | Code function: | 3_2_6E18C68E | |
| Source: | Code function: | 3_2_6E18C729 | |
| Source: | Code function: | 3_2_6E1834FA | |
| Source: | Code function: | 3_2_6E18CD03 | |
| Source: | Code function: | 3_2_6E18CB2F | |
| Source: | Code function: | 3_2_6E183961 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Queries volume information: | ||
| Source: | Code function: | 2_2_6E174828 | |
| Source: | Code function: | 2_2_6E183009 | |
| Source: | Code function: | 3_2_6E141F10 | |
| Source: | Key value queried: | Jump to behavior | ||
Stealing of Sensitive Information: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality: | |
|---|
| Yara detected Ursnif | Show sources | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Mitre Att&ck Matrix |
|---|
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Valid Accounts | Windows Management Instrumentation1 | Path Interception | Process Injection12 | Masquerading1 | OS Credential Dumping | System Time Discovery2 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
| Default Accounts | Command and Scripting Interpreter1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion31 | LSASS Memory | Query Registry1 | Remote Desktop Protocol | Archive Collected Data1 | Exfiltration Over Bluetooth | Ingress Tool Transfer3 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | Native API1 | Logon Script (Windows) | Logon Script (Windows) | Process Injection12 | Security Account Manager | Security Software Discovery21 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | PowerShell1 | Logon Script (Mac) | Logon Script (Mac) | Deobfuscate/Decode Files or Information1 | NTDS | Process Discovery2 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol3 | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Obfuscated Files or Information2 | LSA Secrets | Virtualization/Sandbox Evasion31 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | Rundll321 | Cached Domain Credentials | Application Window Discovery1 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | Remote System Discovery1 | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | File and Directory Discovery2 | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | System Information Discovery45 | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction |
Behavior Graph |
|---|
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetScreenshots |
|---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
|---|
Initial Sample |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 42% | Virustotal | Browse | ||
| 6% | Metadefender | Browse | ||
| 31% | ReversingLabs | Win32.Trojan.Ursnif |
Dropped Files |
|---|
| No Antivirus matches |
|---|
Unpacked PE Files |
|---|
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1108168 | Download File |
Domains |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 8% | Virustotal | Browse |
URLs |
|---|
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe |
Domains and IPs |
|---|
Contacted Domains |
|---|
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| gtr.antoinfer.com | 167.172.38.18 | true | true |
| unknown |
Contacted URLs |
|---|
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown |
URLs from Memory and Binaries |
|---|
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false | high | |||
| true |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false | high | |||
| false |
| unknown | ||
| false |
| unknown | ||
| false | high | |||
| true |
| unknown | ||
| false | high | |||
| true |
| unknown | ||
| true |
| unknown |
Contacted IPs |
|---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
|---|
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 167.172.38.18 | gtr.antoinfer.com | United States | 14061 | DIGITALOCEAN-ASNUS | true |
General Information |
|---|
| Joe Sandbox Version: | 32.0.0 Black Diamond |
| Analysis ID: | 447090 |
| Start date: | 12.07.2021 |
| Start time: | 11:47:07 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 11m 50s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | lj3H69Z3Io.dll |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Run name: | Run with higher sleep bypass |
| Number of analysed new started processes analysed: | 44 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal96.troj.evad.winDLL@26/21@3/1 |
| EGA Information: | Failed |
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
| Warnings: | Show All
|
Simulations |
|---|
Behavior and APIs |
|---|
| Time | Type | Description |
|---|---|---|
| 11:50:05 | API Interceptor |
Joe Sandbox View / Context |
|---|
IPs |
|---|
| No context |
|---|
Domains |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| gtr.antoinfer.com | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
ASN |
|---|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| DIGITALOCEAN-ASNUS | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
JA3 Fingerprints |
|---|
| No context |
|---|
Dropped Files |
|---|
| No context |
|---|
Created / dropped Files |
|---|
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 11846 |
| Entropy (8bit): | 3.772071022404799 |
| Encrypted: | false |
| SSDEEP: | 192:kVdiVp0oXmZyHVFeMjed+e/u7sPS274ItWcr:8diVHXGKVFeMjez/u7sPX4ItWcr |
| MD5: | B0CFB884141A504FD69F7276683ADE80 |
| SHA1: | C2E51279B503A78990E5D4B7F3A7581F70E622C2 |
| SHA-256: | 9943D8BC3E90B60367F7E603FBD0BDDFEE0850AEDFC5F7703CFC6572D727067A |
| SHA-512: | 33D3B2CA92000E33BEF1EFDA855542E7E8E7D54A359ECE97597B61812C985227FD1395715B04EDE6EBDF801D95D3F7FF0411307273C6C74A539E7A7A2FC3EE32 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 283102 |
| Entropy (8bit): | 1.6760534343514886 |
| Encrypted: | false |
| SSDEEP: | 768:pyGNk13fXySEkenTi1fzHsVjIe7wTlpPPJgfZ3vW:7C13KtkenTgzMme7CZP6vW |
| MD5: | DEDE528C566CFE122E79FCB95E98B453 |
| SHA1: | CC2869181B343E931266CF8E1A81B2C5C6F82FA9 |
| SHA-256: | D7B0FF04519A473203844F6F42A68242B979F6062ECB8C0564D446B86DFCE06F |
| SHA-512: | E47874F130A9D3F7849027ED38EEFFAE57A31193F71EF4A857D2CFB0A1BDC56BFBFE855B2388637ADB963D720392659CE540820C03175DDEF2A19F914769B443 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 8288 |
| Entropy (8bit): | 3.693781478029124 |
| Encrypted: | false |
| SSDEEP: | 192:Rrl7r3GLNidl6G9O6Y0Dc6+aJbspgmfTk8GSaCpD189bWusfBym:RrlsNif6G9O6Yuc6+aFspgmfTkrSoWt9 |
| MD5: | 00D6959DEF639E23BBDEA22D9FB541D5 |
| SHA1: | BD6D2939AEB2166874342B5EFC7BE8B5F8E4CE5E |
| SHA-256: | 2C8C1B5CC9E033B9B221EE3C09C00F2A1DDFD954E508EC6D88BC307E81770A5C |
| SHA-512: | 81C79E1C74169C03FB973C10595A7017387D8C06EA7B4D5396C69B0C5AE924CE85453026E2AD7AE75445174A22336F889BBFB83BC3B2DBBAA08517C0147B1188 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\SysWOW64\WerFault.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 4630 |
| Entropy (8bit): | 4.454252543056655 |
| Encrypted: | false |
| SSDEEP: | 48:cvIwSD8zsIJgtWI9rLWSC8BVfa8fm8M4JCdsGtF+o+q8/5jLZ4SrSO6d:uITfOQ6SN/vJg2o2LZDWHd |
| MD5: | D7E128A868D39411E887B16BCD73D528 |
| SHA1: | 05B20E4EDB6230463037A8FE3518323D25E6257D |
| SHA-256: | 148FD0351A83C623452D14669E2FF0780728CE9D1A98CE5FB9BF2C44153DC2B1 |
| SHA-512: | BB0954F39DC0C7D05588D8C431AA4C7D01F254065141811370E27B80E0D5ED5E27E7D839DB4A055F142D80FA20DBE4286081CAD254AC574DD6BBB246D7CD2A10 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 71272 |
| Entropy (8bit): | 2.0430813730204638 |
| Encrypted: | false |
| SSDEEP: | 192:rsZr7ZR2IWptCfyFMDP5tBs8tZWsSeF+sctkLrGhTX:rsrtg/7g/DrKIZRdoSG1 |
| MD5: | 9D36509D1371B943B7E70B443AE651EE |
| SHA1: | F9C8FE09A4B216553CDB321153668070F5534B0A |
| SHA-256: | 5FAFD9306875D0B2D47188D0257EEDD47DF6B07898E13F551DFECA8794F9C7CA |
| SHA-512: | 0579BD7ADF9BF18EE6548AEEB85520033A2BC78B121126BFC836435B267901D624B1A21D6314FC3995C16CD02A0B51991B4930D84EFF19D9BFE26553FDFB1D12 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28156 |
| Entropy (8bit): | 1.9209592167180383 |
| Encrypted: | false |
| SSDEEP: | 96:rOZV7QV6jBSkjx2xW0MYdB6T9UHlu6T9UKA:rOZV7QV6jkkjx2xW0MYdg6HlZ6KA |
| MD5: | 08A2EC1E53466B99883D85514688AACB |
| SHA1: | 38D21A1AEC20F820E3B5F472EFE9C1BCB52BD58C |
| SHA-256: | EE9732C32722F112CA06F4426E8EB53C7BF4AC64E4B41FA0853BF64B44F47650 |
| SHA-512: | 3A519FB682C5FD61EC3346C523399F8237F4040C08E6540665ED8E803D2FA0B42C83AE1F063A39E15D8FB340392C57444EBDA1E558136E654A5C41CA96B50D0D |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28132 |
| Entropy (8bit): | 1.9167304906726585 |
| Encrypted: | false |
| SSDEEP: | 192:rMZTQT6VkqjJ2NWzM7CmqFURslbVAyqXFURslb6A:rMc2ekYkwZq2sRPqX2sR9 |
| MD5: | 14CB643A07EEDE5DD5B0D8EDCB19664D |
| SHA1: | EB5E2D2E77FA9064978C186BD7295E68A0AFB974 |
| SHA-256: | CFFC724CCA28F29B67BE2B0FE03E18569820982F11A414EDDBEE3E73AADB2E4D |
| SHA-512: | 42369ADA80CFA6EA3A26C24B02465C7C960A48DE3C51FA283566AE99477F567968AA556A294318F9A4D6E2DFF9F31A39FCDD401351EB8E7BD9ECAC7ED11EA34C |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 28132 |
| Entropy (8bit): | 1.9171253259160579 |
| Encrypted: | false |
| SSDEEP: | 96:roZTQY6WBSqjB2HGWEMoCmYBPX+QpOAyyBPX+QpgA:roZTQY6WkqjB2HGWEMoCmWOFAyMOnA |
| MD5: | 15FB09671EA9D7BCD2032A803CAAAB7B |
| SHA1: | 6CB1FF9F7C4769023A5382024672C0CB9C43BF4A |
| SHA-256: | 5ACAA36620FEEEE4CDB4B2B90BEC25A09881895C9EAB90BE429D2A71CBFF2313 |
| SHA-512: | BBD4FEEA5B1E24F6E1D10EBBC44FCB795AA65D33CB9ADC24BADB7EDC641AC690673A38857C7E2E4DA4D9BE750770EC23E194C7A05FECB5A318EAC927D9B41E92 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 2472 |
| Entropy (8bit): | 5.982250980856711 |
| Encrypted: | false |
| SSDEEP: | 48:FzX8sjH5x7+2M1nCsfhzQTO0ws/egRj6MvIf7IEJNxYFo9j0XA33naMnjX:FTtjL0CSUSyeKjZIfkEJNxSC3aMjX |
| MD5: | 8E1C6B3059991E2EE6734352372190BB |
| SHA1: | B594480C76884B268FA01093D5635F0C40E41092 |
| SHA-256: | AE34168CF0BC6434C50CF68DE702A6DDBFAF505B119089486A7658D124BB001D |
| SHA-512: | DA2D51108B25B86E8313FD9CC215C4298311566C2716714F88049877A18302411983EFD97BBF2D0FA16949AFE289B7D14D1BA48E82C881C0F81E455C7F8D8312 |
| Malicious: | false |
| IE Cache URL: | http://gtr.antoinfer.com/M70Tzsw1MNAdF/xfm5A_2F/icgFe0hTlDYi8x1LZCDgadb/p8hAogRvpL/JEjshnYytb_2FaVCd/bp1e8aV2PI_2/FY5oP4oo0f6/GeARX2_2FlA_2F/2BhurwBe_2BrsQ1B1bUK7/wilinEmmYIdaZ6lz/71Mw33QzoCtr9s9/ULFilVIFcIxUDJIsEo/crrSiFkaK/6sQSCYti3ETwug18IBlk/b94MQVqQ698rgMibrOo/RMBVkg8AFrK4uT2Dq6pO06/OdceZPFn8QQWz/SARUSfJd/dirYBJB3Uuu4IivFAYs9FmV/Pmcsy6YvBv/Lcgiqf1bUTKnYCeNL/dikDMv66Bty/6H |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 328568 |
| Entropy (8bit): | 5.99992433206317 |
| Encrypted: | false |
| SSDEEP: | 6144:vqe6UKr8LFlthaPmlS35k2kvxzJ5Zkrbnj8fYgx28tGoi881fzWzed1mzzR:CxNr85h2zpk2kvxBAnj8fYy7tlqfzv4t |
| MD5: | B7D8DD06E95C26878DDED89BC8B1C351 |
| SHA1: | ABE87B3BBF15879B24295878FCD47FEAFA79522E |
| SHA-256: | A9A5A7D23082BFFDBD2C5C6A5D4F51CA7831E24A265C7AC403B3A61E92156B80 |
| SHA-512: | D7867439E7923E9606F3E18C6F6DCABB32E2F43C0CA88D7DBD072C9BA08BBECB99D833E05EE9C2A0059E90C39B13D078C4D359C9379EEB30B7116AC54E92D38E |
| Malicious: | false |
| IE Cache URL: | http://gtr.antoinfer.com/Pl9Eori10/TWROVDxUXG0e5P8cvyge/ZU2BrrTT9UbiVqqjDG4/pcVLHkjQ_2FTIEKMeI9p0c/uvvfHn2PMXNEy/YMBxD3SD/aXgaxQm1VvX_2F13h2xPwK_/2Be7i5l50E/A7ENFq4ZupT65ephY/chqySvAke9ce/Kevf8ZZImEj/1Va42IfLQ3XJd9/R1lLLjkYwIWCsGvDlqysG/bJCIxC_2Ba_2FKBG/1sCib9KWGT9006o/pVIAR6x7f8e8pX6JMX/r5dwKRidW/K11bWM2mJHwpxkeOpFZf/WuqCfL3c8woO2jHlv7x/oi4kjIDfCy176FSPyJZhM9/EN_2FkQv43sxx/a |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | downloaded |
| Size (bytes): | 258252 |
| Entropy (8bit): | 5.999862423730958 |
| Encrypted: | false |
| SSDEEP: | 6144:63yTsQRRxJuptv7lwrMK1OB/pBavL9InWGR6nr0Bn/+pd:4mJz2pt7S4/pAvh88r0J+pd |
| MD5: | A7136BB6A6F409A7201BAC5E8F767497 |
| SHA1: | B4FF2BE05450D481F423E57DB2EC58CF38D5AD64 |
| SHA-256: | 148AECDD4400AD290369FE9028D272C1BB96B6173B1489910C1E3472BB4089ED |
| SHA-512: | 16D65E2CE3C9F55D12B91126ED848070D51F85E8F1D7BBD85126632257994E94A49BB2AF5AE7C91DEF5C8ABD703A8071375A7041EADE07733AA95336B45DBA41 |
| Malicious: | false |
| IE Cache URL: | http://gtr.antoinfer.com/4khtvsQ0u/_2Bibxls4V27IXxwFbLo/MVAeZiN_2BcOXrnrV8V/qJdJNxZ6Bgv5NEeycuU5RT/xP63sFYeQbF7V/py7Hi7cb/9YfAdWQtdGthxteTogc4W5n/e4pHdJmwQV/Xb_2ByBc4q7LehmCP/qbPYu2dVkV6R/HcylsChDiT2/MxSzZGJm_2F7kQ/SwyqdbxYkDgH_2FqkftiZ/sgfsFtj_2BtQQ2R6/R1qw5igRxvImwz6/pMeyM_2FrLNrloESyl/5_2BeunOI/9zlfRQun7lnhbsKL_2FH/F_2B8nMOma_2F2fjvu5/bI8nw1gkOTg_2F0CTqoQIr/cSQsg2LKmpe1I/kDimvPNH/SgPLk |
| Preview: |
|
| Process: | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 89 |
| Entropy (8bit): | 4.330498848364286 |
| Encrypted: | false |
| SSDEEP: | 3:oVXU7UHbwap4AW8JOGXnE7UHbwaUUCn:o9U7U0HqE7U0f7 |
| MD5: | 8923686368EACF0D35166E8E5FBF6230 |
| SHA1: | BE12CCC90F24111C713651DDF966D17C036DD973 |
| SHA-256: | EA63ED37CBCC00447D9111C63DFBF458960F199F4AD3B4F4D115694A9C12BBCE |
| SHA-512: | 9499CCCB741DA0E3BD3718A7A65DF5B2F426618372BEFC370E3E85DE26115874282C39F30743120C7AEC8091D6E7F92E3984C4114A7C2016A3EAA4CF23B65B55 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40137 |
| Entropy (8bit): | 0.6697240449739938 |
| Encrypted: | false |
| SSDEEP: | 192:kBqoxKAuqR+CkuH0qmqFURslbDmqFURslbwyqFURslbG:kBqoxKAuqR+CkuH0Nq2sRKq2sRFq2sRG |
| MD5: | E80FAFAEABFED1C29C3CA5968A199FDE |
| SHA1: | A5C7BB98C1ABEAEF1F4461A6075E3DD16AD5EE7B |
| SHA-256: | AEA195DD54E3F699417CF437DD647A6E463CF5624A063AECA8015BE47F6392E9 |
| SHA-512: | E57AF1D5E2DFCE276D807D8177E9AF147E92F37EBF49A5942FFAA06D71DBCD328CFF3905B86C0FE80BD2D6A5AD743AC712F2A21773A060DB7731D6B507D4C71A |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40137 |
| Entropy (8bit): | 0.6697699089679146 |
| Encrypted: | false |
| SSDEEP: | 96:kBqoxKAuvScS+AGcdGYmYBPX+QpsmYBPX+Qp9yYBPX+Qpl:kBqoxKAuqR+AGcdGYmWOPmWOUyWOy |
| MD5: | BC10A728E38CFAC0A1509E546E713776 |
| SHA1: | 1D1E03EF509A195186CCB8F16BEE555B48C31CD7 |
| SHA-256: | 25D4622234AA3791B8805E1DE828A52099893FCF99F10787BE71DE4CFB4211DE |
| SHA-512: | 07F31A44C2A7CA1CD9580022028A433B5EFA09FAAEDAB47033165EE087F4D62F260E16936CC6DEF496959CFF87B9F7C251667EF5274C97C9AFEB52AB477C0013 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 13269 |
| Entropy (8bit): | 0.6181447336708943 |
| Encrypted: | false |
| SSDEEP: | 24:c9lLh9lLh9lIn9lIn9loiF9loe9lW2MSMX5c:kBqoIp/THXa |
| MD5: | FC92A335C1D62A2456E6673361548605 |
| SHA1: | 16C2375D973B93D6000EC138D1BE44A5F96A764C |
| SHA-256: | A6D1F45EFDA0921733F93138393A182CACF6AA7F9F3E68F6C1612818628F58BF |
| SHA-512: | 0C3137E8787990F0863315A1D55A2FA178D49A6FE6855FD20A7ABE9223A90A140F3BF880F44768675540D3EFF984628A5C568DDFCCDECE2A6391B387C6580C2B |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Program Files\internet explorer\iexplore.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 40185 |
| Entropy (8bit): | 0.6768074571934124 |
| Encrypted: | false |
| SSDEEP: | 96:kBqoxKAuvScS++4y7oRB6T9UXB6T9U4B6T9UV:kBqoxKAuqR++4y7oRg6Xg64g6V |
| MD5: | E5503B8DF96487C6F3B8C79F062AB7C6 |
| SHA1: | B23F6ADD6145A767329BD91639752F6E116135AA |
| SHA-256: | 0BD0E7F4D99A9E2927ADAF02B0D990E092D55DCFFFE3862EA8CA898AEA446B56 |
| SHA-512: | 307538560993B495F84273452613079855E4BD9EF9AD181371370F9DCECEBB208030D85B5A023BC621C05FA8A1E32F2F1141A27C146E89887089B8FEAD718D84 |
| Malicious: | false |
| Preview: |
|
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 976 |
| Entropy (8bit): | 5.476465222046756 |
| Encrypted: | false |
| SSDEEP: | 24:BxSAi/yxvBnkx2DOXUWOLCHGIYBtBCWjHjeTKKjX4CIym1ZJXqMOLCHGIYBtBW:BZiGvhkoORFeVjqDYB1ZU0FeW |
| MD5: | 389BE26287790B28A795E72BC5B734EE |
| SHA1: | CA35270C1396ED1DB280A9FC092841867CA3B713 |
| SHA-256: | BC159B05A675680D507C0498115706DE5DF0906B98CBC8E888B48FEAC1AD32E6 |
| SHA-512: | EE6113DC38B4193015353FF798A83F0465DA3AFA713E1698B5C4CD9C96419AD4CDD05D9AAFA017D9DA0BE46631D07657DB1652B32FA5F80EEF3AD476A2B2A4C2 |
| Malicious: | false |
| Preview: |
|
Static File Info |
|---|
General | |
|---|---|
| File type: | |
| Entropy (8bit): | 6.767213059044483 |
| TrID: |
|
| File name: | lj3H69Z3Io.dll |
| File size: | 512000 |
| MD5: | 0bb29556ece1c51c751cb4e7c8752ddc |
| SHA1: | 324cc356a56c68e51f09348e91405001e68e4a08 |
| SHA256: | af1b052362469a67fcd871558b24efa2be44a4b29f88112e5c2d2295a1dc4252 |
| SHA512: | 33d9a2b92f209ed7fea50bc388d34d7cce773217f73d58fda98ad94c13cd64621b92525602e87c016bab424f438ae96655af8d8250d642d9d7fc7a080f936c79 |
| SSDEEP: | 12288:pvlT2EsAw96epX+uHfa7Z5svN/RM2ZcV8TFITzhz3VFVUJcXH4nw7P1N:ZsN96cfKFVUJQu |
| File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......H..5...f...f...f.z.f...f.z.f...f.z.f...f^..g...f^..g8..f^..g...f..}f...f...fv..f...g...f...g...f...g...fRich...f........PE..L.. |
File Icon |
|---|
 | |
| Icon Hash: | 74f0e4ecccdce0e4 |
Static PE Info |
|---|
General | |
|---|---|
| Entrypoint: | 0x10340e7 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x1000000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
| DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
| Time Stamp: | 0x5B2B4D21 [Thu Jun 21 07:00:49 2018 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 6 |
| OS Version Minor: | 0 |
| File Version Major: | 6 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 6 |
| Subsystem Version Minor: | 0 |
| Import Hash: | df95180b6da9d16cb69b63ca8bb7f332 |
Entrypoint Preview |
|---|
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| cmp dword ptr [ebp+0Ch], 01h |
| jne 00007FB6989AB157h |
| call 00007FB6989AB8D5h |
| push dword ptr [ebp+10h] |
| push dword ptr [ebp+0Ch] |
| push dword ptr [ebp+08h] |
| call 00007FB6989AB008h |
| add esp, 0Ch |
| pop ebp |
| retn 000Ch |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [0107B164h] |
| and eax, 1Fh |
| push 00000020h |
| pop ecx |
| sub ecx, eax |
| mov eax, dword ptr [ebp+08h] |
| ror eax, cl |
| xor eax, dword ptr [0107B164h] |
| pop ebp |
| ret |
| push ebp |
| mov ebp, esp |
| mov eax, dword ptr [ebp+08h] |
| push esi |
| mov ecx, dword ptr [eax+3Ch] |
| add ecx, eax |
| movzx eax, word ptr [ecx+14h] |
| lea edx, dword ptr [ecx+18h] |
| add edx, eax |
| movzx eax, word ptr [ecx+06h] |
| imul esi, eax, 28h |
| add esi, edx |
| cmp edx, esi |
| je 00007FB6989AB16Bh |
| mov ecx, dword ptr [ebp+0Ch] |
| cmp ecx, dword ptr [edx+0Ch] |
| jc 00007FB6989AB15Ch |
| mov eax, dword ptr [edx+08h] |
| add eax, dword ptr [edx+0Ch] |
| cmp ecx, eax |
| jc 00007FB6989AB15Eh |
| add edx, 28h |
| cmp edx, esi |
| jne 00007FB6989AB13Ch |
| xor eax, eax |
| pop esi |
| pop ebp |
| ret |
| mov eax, edx |
| jmp 00007FB6989AB14Bh |
| push esi |
| call 00007FB6989ABC56h |
| test eax, eax |
| je 00007FB6989AB172h |
| mov eax, dword ptr fs:[00000018h] |
| mov esi, 01113000h |
| mov edx, dword ptr [eax+04h] |
| jmp 00007FB6989AB156h |
| cmp edx, eax |
| je 00007FB6989AB162h |
| xor eax, eax |
| mov ecx, edx |
| lock cmpxchg dword ptr [esi], ecx |
| test eax, eax |
| jne 00007FB6989AB142h |
| xor al, al |
| pop esi |
| ret |
| mov al, 01h |
| pop esi |
| ret |
| call 00007FB6989ABC25h |
| test eax, eax |
| je 00007FB6989AB159h |
| call 00007FB6989ABA85h |
| jmp 00007FB6989AB16Ah |
| call 00007FB6989AB1A1h |
Rich Headers |
|---|
| Programming Language: |
|
Data Directories |
|---|
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x79890 | 0x80 | .rdata |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0x79910 | 0x8c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x114000 | 0x3530 | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0x778f0 | 0x54 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x77948 | 0x40 | .rdata |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0x51000 | 0x1c4 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Sections |
|---|
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0x4f1c7 | 0x4f200 | False | 0.639085332741 | data | 6.65199808864 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0x51000 | 0x2936e | 0x29400 | False | 0.621620501894 | data | 6.09428205246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0x7b000 | 0x98ad0 | 0x1000 | False | 0.2373046875 | data | 3.49060216778 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .reloc | 0x114000 | 0x3530 | 0x3600 | False | 0.748191550926 | data | 6.69710092848 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Imports |
|---|
| DLL | Import |
|---|---|
| KERNEL32.dll | GetEnvironmentVariableA, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GetCurrentDirectoryA, DeleteFileA, SetConsoleCP, GetStartupInfoA, WriteConsoleW, GetProcessHeap, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetCommandLineA, GetOEMCP, IsValidCodePage, CreateProcessA, GetTickCount, CloseHandle, HeapSize, VirtualProtect, FindNextFileA, FindFirstFileExA, FindClose, HeapReAlloc, WideCharToMultiByte, GetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, MultiByteToWideChar, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetModuleHandleW, GetProcAddress, CompareStringW, LCMapStringW, GetLocaleInfoW, GetStringTypeW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RaiseException, RtlUnwind, InterlockedFlushSList, FreeLibrary, LoadLibraryExW, CreateFileW, GetFileType, ExitProcess, GetModuleHandleExW, GetModuleFileNameA, HeapAlloc, HeapFree, GetACP, GetStdHandle, GetTimeZoneInformation, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, SetStdHandle, WriteFile, GetConsoleCP, GetConsoleMode, SetEndOfFile, ReadFile, ReadConsoleW, SetFilePointerEx, FlushFileBuffers |
| USER32.dll | GetClipboardData, SendMessageA, DestroyWindow, CheckRadioButton, SendDlgItemMessageW, SetClipboardData, SetForegroundWindow |
| ole32.dll | CoTaskMemFree, CoInitialize, CoTaskMemAlloc, CoUninitialize |
| ADVAPI32.dll | RegOpenKeyExA, RegCreateKeyA, RegCloseKey, RegQueryValueExA |
| WTSAPI32.dll | WTSCloseServer, WTSOpenServerA |
| NETAPI32.dll | NetWkstaGetInfo, NetWkstaSetInfo, NetApiBufferFree |
Exports |
|---|
| Name | Ordinal | Address |
|---|---|---|
| Busysection | 1 | 0x1028480 |
| Dealthis | 2 | 0x1028730 |
| Sing | 3 | 0x1028560 |
| Teethshould | 4 | 0x1027390 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library NodeNetwork Behavior |
|---|
Network Port Distribution |
|---|
TCP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 12, 2021 11:50:35.350403070 CEST | 49746 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.350518942 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.377429962 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.377564907 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.378191948 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.383363008 CEST | 80 | 49746 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.386257887 CEST | 49746 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.444061041 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.856986046 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.857157946 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.857954979 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.858062983 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.858160019 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.858230114 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.859390020 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859425068 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859458923 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859486103 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859519005 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859519958 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.859554052 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859568119 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.859596968 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.859599113 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.859646082 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.881598949 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.881700039 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893239021 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893265963 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893285036 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893304110 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893305063 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893316984 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893328905 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893335104 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893351078 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893357038 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893369913 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893379927 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893392086 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893398046 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893409014 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893421888 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893434048 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893441916 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893454075 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893476963 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893495083 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.893794060 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.893858910 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894445896 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894475937 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894510984 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894520044 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894551992 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894556999 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894579887 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894588947 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894599915 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894640923 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.894782066 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.894829035 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.905551910 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.905585051 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.905608892 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.905611992 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.905649900 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.905697107 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.923244953 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.923387051 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929184914 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929235935 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929260969 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929284096 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929296017 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929343939 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929349899 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929399967 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929400921 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929435015 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929470062 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929480076 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929497004 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929532051 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929533958 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929568052 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929593086 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929611921 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929622889 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929658890 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929661036 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929691076 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929717064 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929733038 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929744005 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929784060 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929790020 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929840088 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929867983 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929873943 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929913044 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929933071 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929938078 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.929965019 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.929990053 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930010080 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930028915 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930069923 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930083990 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930114985 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930116892 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930160999 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930164099 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930192947 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930219889 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930244923 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930262089 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930309057 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930310965 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930360079 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930361032 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930408001 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930509090 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930567026 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930569887 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930620909 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930629015 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930670977 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930676937 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930726051 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930747986 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930783987 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930803061 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930830002 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930835009 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930875063 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930887938 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930910110 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930922031 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930938005 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.930954933 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.930988073 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.931008101 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.931046963 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.931057930 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.931086063 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.931088924 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.931134939 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.947626114 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.947663069 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.947684050 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.947750092 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.947782993 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.954004049 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.954073906 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.954094887 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.954148054 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.964946032 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.964971066 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.964989901 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965007067 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965007067 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965028048 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965033054 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965049028 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965058088 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965069056 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965076923 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965089083 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965097904 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965107918 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965125084 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965147018 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965166092 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965200901 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965212107 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965221882 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965254068 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965259075 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965277910 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965298891 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965303898 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965322018 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965348959 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965370893 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965396881 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965447903 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965457916 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965471029 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965490103 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965493917 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965507984 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965516090 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965553045 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965590000 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965607882 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965626001 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965636969 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965642929 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965658903 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965677977 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965687990 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965711117 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965727091 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965728998 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965789080 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965795040 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965837002 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965861082 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965883017 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965902090 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965915918 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965931892 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965933084 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.965956926 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965976954 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.965986967 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966031075 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966032982 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966064930 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966073990 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966083050 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966100931 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966109037 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966131926 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966131926 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966150999 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966159105 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966177940 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966202974 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966221094 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966238976 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966264009 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966264009 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966289043 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966308117 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966376066 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966401100 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966419935 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966425896 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966439009 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966454029 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966473103 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966487885 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966516018 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966562033 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966589928 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966609001 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966630936 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966659069 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966675997 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966702938 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966708899 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966726065 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966730118 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966753006 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966774940 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966826916 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966867924 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966878891 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966886044 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966903925 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966911077 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966922045 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966929913 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966939926 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966953039 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.966958046 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966976881 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.966980934 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967006922 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967012882 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967031002 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967039108 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967072010 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967097044 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967099905 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967138052 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967143059 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967158079 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967175961 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967185974 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967189074 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967247963 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967253923 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967274904 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967282057 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967292070 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.967304945 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.967343092 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:35.979907990 CEST | 49747 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:36.003807068 CEST | 80 | 49747 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:36.379376888 CEST | 49746 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:36.452315092 CEST | 80 | 49746 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:36.495400906 CEST | 80 | 49746 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:36.495429039 CEST | 80 | 49746 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:36.495659113 CEST | 49746 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:36.502006054 CEST | 49746 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:36.533468962 CEST | 80 | 49746 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.099951029 CEST | 49748 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.100111008 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.123934031 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.124139071 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.124752998 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.132069111 CEST | 80 | 49748 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.132668018 CEST | 49748 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.192207098 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613775015 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613816023 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613841057 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613858938 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613877058 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613894939 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.613976002 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.614039898 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.615417004 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.615447044 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.615466118 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.615500927 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.615600109 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.615647078 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.638027906 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.641973972 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656111956 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656212091 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656276941 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656335115 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656400919 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656425953 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656440973 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656497002 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656512976 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656569958 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656584024 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656631947 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656646013 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656692982 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656708956 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656757116 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656770945 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656817913 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656832933 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656897068 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.656940937 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.656999111 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.657233000 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657299042 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657357931 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.657358885 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657412052 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.657447100 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657500029 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.657509089 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657557964 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.657568932 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.657660961 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.666726112 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.666771889 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.666805983 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.666836977 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.666878939 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.681711912 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.681909084 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.700999022 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701040030 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701065063 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701091051 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701114893 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701128006 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701139927 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701173067 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701200962 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701226950 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701231003 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701256990 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701276064 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701280117 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701302052 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701319933 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701334000 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701344967 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701360941 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701379061 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701385021 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701412916 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701431036 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701436043 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701440096 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701456070 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701464891 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701481104 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701491117 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701514959 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701515913 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701539040 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701539993 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701565027 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701565981 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701590061 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701591015 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701617002 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701618910 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701641083 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701643944 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701664925 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701673031 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701689959 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701699972 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701714039 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701730967 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701740026 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701765060 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701787949 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701788902 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701806068 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701817989 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701842070 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701849937 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701867104 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701889038 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701893091 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701916933 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701935053 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701941013 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701958895 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.701966047 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.701991081 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.702002048 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.702018976 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.702030897 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.702045918 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.702066898 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.702107906 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.706465006 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.706571102 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.706588984 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.706667900 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.725811005 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.729343891 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739589930 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739655018 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739696026 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739757061 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739785910 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739798069 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739825010 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739837885 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739860058 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739878893 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739902020 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739917994 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.739922047 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.739957094 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740031958 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740072012 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740075111 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740108967 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740114927 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740155935 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740181923 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740226030 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740226030 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740266085 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740267038 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740304947 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740308046 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740344048 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740345001 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740381002 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740431070 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740472078 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740472078 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740508080 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740509987 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740544081 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740612984 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740653038 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740673065 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740690947 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740690947 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740731001 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740794897 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740823030 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740839005 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740855932 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740879059 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740888119 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740902901 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.740914106 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740961075 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.740966082 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741491079 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741520882 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741544008 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741566896 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741581917 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741591930 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741617918 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741633892 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741641998 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741664886 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741667032 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741692066 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741692066 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741715908 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741717100 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741739035 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741741896 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741761923 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741766930 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741791010 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741808891 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741816044 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741837025 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741842031 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741866112 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741869926 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741890907 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741908073 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741914034 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741939068 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741940022 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741966009 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.741978884 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.741991043 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742006063 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742017984 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742027998 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742043972 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742052078 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742068052 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742075920 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742094040 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742106915 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742122889 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742122889 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742146969 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742147923 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742171049 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742177010 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742201090 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742201090 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742227077 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742229939 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742254972 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742255926 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742280006 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.742280960 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742316008 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.742337942 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.753602028 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.753751993 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.763537884 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.763607979 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.763629913 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.763647079 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.763693094 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.763704062 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.763717890 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.763777018 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764345884 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764389038 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764419079 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764422894 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764472008 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764518976 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764555931 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764561892 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764619112 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764723063 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764739990 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764771938 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764791965 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.764820099 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.764882088 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766486883 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766510010 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766521931 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766539097 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766555071 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766571999 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766587973 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766599894 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766608953 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766629934 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766633034 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766657114 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766680002 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766691923 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766710997 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766716003 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766736031 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766737938 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766762972 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766771078 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766786098 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.766793013 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.766824007 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788352013 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788520098 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788558960 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788600922 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788619041 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788630009 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788664103 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788688898 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788698912 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788712978 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788732052 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788742065 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788760900 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788768053 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788786888 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788791895 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788810015 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788814068 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788832903 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788836956 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788853884 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788872957 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788876057 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788880110 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788897991 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788918972 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788921118 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788943052 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788945913 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788970947 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.788984060 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.788992882 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789014101 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.789016008 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789037943 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789047956 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.789056063 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789072990 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789094925 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789105892 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.789117098 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.789135933 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.789165020 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.845675945 CEST | 49749 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:39.869468927 CEST | 80 | 49749 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:39.940165043 CEST | 49748 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:40.012758017 CEST | 80 | 49748 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:40.044677973 CEST | 80 | 49748 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:40.046310902 CEST | 49748 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:40.047411919 CEST | 49748 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:40.079009056 CEST | 80 | 49748 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.045669079 CEST | 49751 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.046768904 CEST | 49752 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.075151920 CEST | 80 | 49751 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.075179100 CEST | 80 | 49752 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.075267076 CEST | 49751 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.075301886 CEST | 49752 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.079236031 CEST | 49751 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.144665956 CEST | 80 | 49751 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.569724083 CEST | 80 | 49751 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.569760084 CEST | 80 | 49751 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.569911957 CEST | 49751 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.583539963 CEST | 49751 | 80 | 192.168.2.3 | 167.172.38.18 |
| Jul 12, 2021 11:50:43.607239962 CEST | 80 | 49751 | 167.172.38.18 | 192.168.2.3 |
| Jul 12, 2021 11:50:44.909491062 CEST | 49752 | 80 | 192.168.2.3 | 167.172.38.18 |
UDP Packets |
|---|
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| Jul 12, 2021 11:47:48.829904079 CEST | 55984 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:48.844218969 CEST | 53 | 55984 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:49.575894117 CEST | 64185 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:49.588805914 CEST | 53 | 64185 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:50.444897890 CEST | 65110 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:50.457698107 CEST | 53 | 65110 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:51.135425091 CEST | 58361 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:51.152451992 CEST | 53 | 58361 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:51.887213945 CEST | 63492 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:51.900805950 CEST | 53 | 63492 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:52.528899908 CEST | 60831 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:52.541383982 CEST | 53 | 60831 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:47:53.275243044 CEST | 60100 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:47:53.288150072 CEST | 53 | 60100 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:48:38.125777006 CEST | 53195 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:48:38.145030975 CEST | 53 | 53195 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:48:45.875979900 CEST | 50141 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:48:45.891005993 CEST | 53 | 50141 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:48:52.109967947 CEST | 53023 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:48:52.128384113 CEST | 53 | 53023 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:48:54.440200090 CEST | 49563 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:48:54.458015919 CEST | 53 | 49563 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:19.256170988 CEST | 51352 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:19.268765926 CEST | 53 | 51352 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:26.257447958 CEST | 59349 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:26.271101952 CEST | 53 | 59349 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:29.353316069 CEST | 57084 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:29.366463900 CEST | 53 | 57084 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:30.377758980 CEST | 58823 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:30.390820026 CEST | 53 | 58823 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:30.997473955 CEST | 57568 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:31.010245085 CEST | 53 | 57568 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:31.416373014 CEST | 50540 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:31.428563118 CEST | 53 | 50540 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:31.460014105 CEST | 54366 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:31.473962069 CEST | 53 | 54366 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:32.384170055 CEST | 53034 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:32.397990942 CEST | 53 | 53034 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:34.079473019 CEST | 57762 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:34.092161894 CEST | 53 | 57762 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:34.878506899 CEST | 55435 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:34.891482115 CEST | 53 | 55435 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:37.684792995 CEST | 50713 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:37.697760105 CEST | 53 | 50713 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:38.663822889 CEST | 56132 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:38.677670956 CEST | 53 | 56132 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:42.375137091 CEST | 58987 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:42.388612986 CEST | 53 | 58987 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:51.788614035 CEST | 56579 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:51.817504883 CEST | 53 | 56579 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:49:58.254440069 CEST | 60633 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:49:58.272859097 CEST | 53 | 60633 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:28.086664915 CEST | 61292 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:28.112658024 CEST | 53 | 61292 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:33.525783062 CEST | 63619 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:33.543514967 CEST | 53 | 63619 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:35.319444895 CEST | 64938 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:35.333022118 CEST | 53 | 64938 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:38.794644117 CEST | 61946 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:39.075265884 CEST | 53 | 61946 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:41.373944998 CEST | 64910 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:41.408246040 CEST | 53 | 64910 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:43.011351109 CEST | 52123 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:43.024909019 CEST | 53 | 52123 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:44.331665993 CEST | 56130 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:44.350481033 CEST | 53 | 56130 | 8.8.8.8 | 192.168.2.3 |
| Jul 12, 2021 11:50:50.882749081 CEST | 56338 | 53 | 192.168.2.3 | 8.8.8.8 |
| Jul 12, 2021 11:50:50.920412064 CEST | 53 | 56338 | 8.8.8.8 | 192.168.2.3 |
DNS Queries |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
|---|---|---|---|---|---|---|---|
| Jul 12, 2021 11:50:35.319444895 CEST | 192.168.2.3 | 8.8.8.8 | 0xad0f | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jul 12, 2021 11:50:38.794644117 CEST | 192.168.2.3 | 8.8.8.8 | 0x357d | Standard query (0) | A (IP address) | IN (0x0001) | |
| Jul 12, 2021 11:50:43.011351109 CEST | 192.168.2.3 | 8.8.8.8 | 0x5e7e | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
|---|
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| Jul 12, 2021 11:49:31.010245085 CEST | 8.8.8.8 | 192.168.2.3 | 0x78f | No error (0) | www.tm.a.prd.aadg.trafficmanager.net | CNAME (Canonical name) | IN (0x0001) | ||
| Jul 12, 2021 11:50:35.333022118 CEST | 8.8.8.8 | 192.168.2.3 | 0xad0f | No error (0) | 167.172.38.18 | A (IP address) | IN (0x0001) | ||
| Jul 12, 2021 11:50:39.075265884 CEST | 8.8.8.8 | 192.168.2.3 | 0x357d | No error (0) | 167.172.38.18 | A (IP address) | IN (0x0001) | ||
| Jul 12, 2021 11:50:43.024909019 CEST | 8.8.8.8 | 192.168.2.3 | 0x5e7e | No error (0) | 167.172.38.18 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
|---|
|
HTTP Packets |
|---|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49747 | 167.172.38.18 | 80 | C:\Program Files (x86)\Internet Explorer\iexplore.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| Jul 12, 2021 11:50:35.378191948 CEST | 5227 | OUT | |
| Jul 12, 2021 11:50:35.856986046 CEST | 5228 | IN |