Play interactive tourEdit tour
Windows Analysis Report New_1007572_021.xltx
Overview
General Information
Detection
FormBook
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Yara detected FormBook
.NET source code contains potential unpacker
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Execution from Suspicious Folder
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match
Classification
Process Tree |
---|
|
Malware Configuration |
---|
Threatname: FormBook |
---|
{"C2 list": ["www.domoexpra.club/cg53/"], "decoy": ["sugarlushcosmetic.com", "a2net.info", "ximakaya.com", "thevochick.com", "khafto.com", "zsgpbgsbh.icu", "psm-gen.com", "jhxhotei.com", "7991899.com", "nda.today", "fourseasonsvanlines.com", "splediferous.info", "thesqlgoth.com", "newpathequine.com", "advan.digital", "skamanderboats.com", "thejnit.com", "pardusarms.net", "mevasoluciones.com", "biggdogg5n2.com", "anogirl.com", "xinyisanreqi.com", "2mothertruckers.net", "phongvevic.com", "atmosphere.rent", "amabie-net.com", "stocksp24.com", "starseedbeing.com", "icreditmalaysia.com", "inochinokagayaki.net", "christianbooktrailer.com", "gidrot.com", "junglecli.com", "greenportcivic.com", "beyondparenting101.com", "tracisolomon.xyz", "healinghandssalem.com", "hackersincgolf.com", "goselling.solutions", "cumuluspharma.com", "ramblecollections.com", "mac-marine.com", "likeit21.com", "gdlejing.com", "si600.net", "greenhearthome.com", "tourps.com", "lvyi19.com", "frequent420.com", "goodteattirerebates.com", "melanie-gore.com", "comfsresidential.com", "vrgkk.com", "losmaestrosencarpinteria.com", "nikhitaindustries.com", "fresgolens.online", "xpj777.life", "zerkalo-mr-bit-casino.com", "thorsensgrinding.com", "ronniethemole.com", "poundlove.com", "joansv.com", "finneyplace.com", "dakotacntr.com"]}
Yara Overview |
---|
Dropped Files |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
|
Memory Dumps |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 34 entries |
Unpacked PEs |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Formbook | detect Formbook in memory | JPCERT/CC Incident Response Group |
| |
JoeSecurity_FormBook | Yara detected FormBook | Joe Security | ||
Formbook_1 | autogenerated rule brought to you by yara-signator | Felix Bilstein - yara-signator at cocacoding dot com |
| |
Click to see the 13 entries |
Sigma Overview |
---|
Exploits: |
---|
Sigma detected: EQNEDT32.EXE connecting to internet | Show sources |
Source: | Author: Joe Security: |
Sigma detected: File Dropped By EQNEDT32EXE | Show sources |
Source: | Author: Joe Security: |
System Summary: |
---|
Sigma detected: Droppers Exploiting CVE-2017-11882 | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Execution from Suspicious Folder | Show sources |
Source: | Author: Florian Roth: |
Jbx Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus detection for dropped file | Show sources |
Source: | Avira: |
Found malware configuration | Show sources |
Source: | Malware Configuration Extractor: |
Multi AV Scanner detection for dropped file | Show sources |
Source: | ReversingLabs: | |||
Source: | Metadefender: | Perma Link | ||
Source: | ReversingLabs: | |||
Source: | ReversingLabs: | |||
Source: | ReversingLabs: |
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Machine Learning detection for dropped file | Show sources |
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: | ||
Source: | Joe Sandbox ML: |
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: | ||
Source: | Avira: |
Exploits: |
---|
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) | Show sources |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 7_2_0135727D | |
Source: | Code function: | 7_2_01357D7B | |
Source: | Code function: | 9_2_0008727D | |
Source: | Code function: | 9_2_00087D7B |
Networking: |
---|
C2 URLs / IPs found in malware configuration | Show sources |
Source: | URLs: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
E-Banking Fraud: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
System Summary: |
---|
Malicious sample detected (through community Yara rule) | Show sources |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Office equation editor drops PE file | Show sources |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Code function: | 7_2_0135A100 | |
Source: | Code function: | 7_2_0135A050 | |
Source: | Code function: | 7_2_01359F20 | |
Source: | Code function: | 7_2_01359FD0 | |
Source: | Code function: | 7_2_0135A04C | |
Source: | Code function: | 7_2_0135A0FA | |
Source: | Code function: | 7_2_01359F1A | |
Source: | Code function: | 7_2_01359FCA | |
Source: | Code function: | 7_2_009900C4 | |
Source: | Code function: | 7_2_00990048 | |
Source: | Code function: | 7_2_00990078 | |
Source: | Code function: | 7_2_0098F9F0 | |
Source: | Code function: | 7_2_0098F900 | |
Source: | Code function: | 7_2_0098FAD0 | |
Source: | Code function: | 7_2_0098FAE8 | |
Source: | Code function: | 7_2_0098FBB8 | |
Source: | Code function: | 7_2_0098FB68 | |
Source: | Code function: | 7_2_0098FC90 | |
Source: | Code function: | 7_2_0098FC60 | |
Source: | Code function: | 7_2_0098FD8C | |
Source: | Code function: | 7_2_0098FDC0 | |
Source: | Code function: | 7_2_0098FEA0 | |
Source: | Code function: | 7_2_0098FED0 | |
Source: | Code function: | 7_2_0098FFB4 | |
Source: | Code function: | 7_2_009910D0 | |
Source: | Code function: | 7_2_00990060 | |
Source: | Code function: | 7_2_009901D4 | |
Source: | Code function: | 7_2_0099010C | |
Source: | Code function: | 7_2_00991148 | |
Source: | Code function: | 7_2_009907AC | |
Source: | Code function: | 7_2_0098F8CC | |
Source: | Code function: | 7_2_0098F938 | |
Source: | Code function: | 7_2_00991930 | |
Source: | Code function: | 7_2_0098FAB8 | |
Source: | Code function: | 7_2_0098FA20 | |
Source: | Code function: | 7_2_0098FA50 | |
Source: | Code function: | 7_2_0098FBE8 | |
Source: | Code function: | 7_2_0098FB50 | |
Source: | Code function: | 7_2_0098FC30 | |
Source: | Code function: | 7_2_0098FC48 | |
Source: | Code function: | 7_2_00990C40 | |
Source: | Code function: | 7_2_00991D80 | |
Source: | Code function: | 7_2_0098FD5C | |
Source: | Code function: | 7_2_0098FE24 | |
Source: | Code function: | 7_2_0098FFFC | |
Source: | Code function: | 7_2_0098FF34 | |
Source: | Code function: | 9_2_025E00C4 | |
Source: | Code function: | 9_2_025E07AC | |
Source: | Code function: | 9_2_025DFAD0 | |
Source: | Code function: | 9_2_025DFAE8 | |
Source: | Code function: | 9_2_025DFAB8 | |
Source: | Code function: | 9_2_025DFB50 | |
Source: | Code function: | 9_2_025DFB68 | |
Source: | Code function: | 9_2_025DFBB8 | |
Source: | Code function: | 9_2_025DF900 | |
Source: | Code function: | 9_2_025DF9F0 | |
Source: | Code function: | 9_2_025DFED0 | |
Source: | Code function: | 9_2_025DFFB4 | |
Source: | Code function: | 9_2_025DFC60 | |
Source: | Code function: | 9_2_025DFDC0 | |
Source: | Code function: | 9_2_025DFD8C | |
Source: | Code function: | 9_2_025E0048 | |
Source: | Code function: | 9_2_025E0078 | |
Source: | Code function: | 9_2_025E0060 | |
Source: | Code function: | 9_2_025E10D0 | |
Source: | Code function: | 9_2_025E1148 | |
Source: | Code function: | 9_2_025E010C | |
Source: | Code function: | 9_2_025E01D4 | |
Source: | Code function: | 9_2_025DFA50 | |
Source: | Code function: | 9_2_025DFA20 | |
Source: | Code function: | 9_2_025DFBE8 | |
Source: | Code function: | 9_2_025DF8CC | |
Source: | Code function: | 9_2_025DF938 | |
Source: | Code function: | 9_2_025E1930 | |
Source: | Code function: | 9_2_025DFE24 | |
Source: | Code function: | 9_2_025DFEA0 | |
Source: | Code function: | 9_2_025DFF34 | |
Source: | Code function: | 9_2_025DFFFC | |
Source: | Code function: | 9_2_025DFC48 | |
Source: | Code function: | 9_2_025E0C40 | |
Source: | Code function: | 9_2_025DFC30 | |
Source: | Code function: | 9_2_025DFC90 | |
Source: | Code function: | 9_2_025DFD5C | |
Source: | Code function: | 9_2_025E1D80 | |
Source: | Code function: | 9_2_0008A050 | |
Source: | Code function: | 9_2_0008A100 | |
Source: | Code function: | 9_2_00089F20 | |
Source: | Code function: | 9_2_00089FD0 | |
Source: | Code function: | 9_2_0008A04C | |
Source: | Code function: | 9_2_0008A0FA | |
Source: | Code function: | 9_2_00089F1A | |
Source: | Code function: | 9_2_00089FCA |
Source: | Code function: | 4_2_00293288 | |
Source: | Code function: | 4_2_00293286 | |
Source: | Code function: | 4_2_00B565F8 | |
Source: | Code function: | 4_2_00B56608 | |
Source: | Code function: | 4_2_046E6AB0 | |
Source: | Code function: | 4_2_046E53C2 | |
Source: | Code function: | 4_2_046E538B | |
Source: | Code function: | 7_2_0135D166 | |
Source: | Code function: | 7_2_01341030 | |
Source: | Code function: | 7_2_0135E376 | |
Source: | Code function: | 7_2_01342D90 | |
Source: | Code function: | 7_2_0135D773 | |
Source: | Code function: | 7_2_01342FB0 | |
Source: | Code function: | 7_2_0135BFA6 | |
Source: | Code function: | 7_2_01349E30 | |
Source: | Code function: | 7_2_0135E6D5 | |
Source: | Code function: | 7_2_0099E0C6 | |
Source: | Code function: | 7_2_009CD005 | |
Source: | Code function: | 7_2_009B905A | |
Source: | Code function: | 7_2_009A3040 | |
Source: | Code function: | 7_2_0099E2E9 | |
Source: | Code function: | 7_2_00A41238 | |
Source: | Code function: | 7_2_009C63DB | |
Source: | Code function: | 7_2_0099F3CF | |
Source: | Code function: | 7_2_009A2305 | |
Source: | Code function: | 7_2_009A7353 | |
Source: | Code function: | 7_2_009EA37B | |
Source: | Code function: | 7_2_009B1489 | |
Source: | Code function: | 7_2_009D5485 | |
Source: | Code function: | 7_2_009BC5F0 | |
Source: | Code function: | 7_2_009A351F | |
Source: | Code function: | 7_2_009A4680 | |
Source: | Code function: | 7_2_009AE6C1 | |
Source: | Code function: | 7_2_00A42622 | |
Source: | Code function: | 7_2_009AC7BC | |
Source: | Code function: | 7_2_00A2579A | |
Source: | Code function: | 7_2_009D57C3 | |
Source: | Code function: | 7_2_00A3F8EE | |
Source: | Code function: | 7_2_009AC85C | |
Source: | Code function: | 7_2_009C286D | |
Source: | Code function: | 7_2_009A29B2 | |
Source: | Code function: | 7_2_00A4098E | |
Source: | Code function: | 7_2_009B69FE | |
Source: | Code function: | 7_2_00A25955 | |
Source: | Code function: | 7_2_00A53A83 | |
Source: | Code function: | 7_2_00A4CBA4 | |
Source: | Code function: | 7_2_0099FBD7 | |
Source: | Code function: | 7_2_00A2DBDA | |
Source: | Code function: | 7_2_009C7B00 | |
Source: | Code function: | 7_2_00A3FDDD | |
Source: | Code function: | 7_2_009D0D3B | |
Source: | Code function: | 7_2_009ACD5B | |
Source: | Code function: | 7_2_009D2E2F | |
Source: | Code function: | 7_2_009BEE4C | |
Source: | Code function: | 7_2_009B0F3F | |
Source: | Code function: | 7_2_009CDF7C | |
Source: | Code function: | 9_2_02691238 | |
Source: | Code function: | 9_2_025EE2E9 | |
Source: | Code function: | 9_2_025F7353 | |
Source: | Code function: | 9_2_0263A37B | |
Source: | Code function: | 9_2_025F2305 | |
Source: | Code function: | 9_2_025EF3CF | |
Source: | Code function: | 9_2_026163DB | |
Source: | Code function: | 9_2_026963BF | |
Source: | Code function: | 9_2_025F3040 | |
Source: | Code function: | 9_2_0260905A | |
Source: | Code function: | 9_2_0261D005 | |
Source: | Code function: | 9_2_025EE0C6 | |
Source: | Code function: | 9_2_02692622 | |
Source: | Code function: | 9_2_0263A634 | |
Source: | Code function: | 9_2_025FE6C1 | |
Source: | Code function: | 9_2_025F4680 | |
Source: | Code function: | 9_2_026257C3 | |
Source: | Code function: | 9_2_025FC7BC | |
Source: | Code function: | 9_2_0267579A | |
Source: | Code function: | 9_2_0262D47D | |
Source: | Code function: | 9_2_02625485 | |
Source: | Code function: | 9_2_02601489 | |
Source: | Code function: | 9_2_02636540 | |
Source: | Code function: | 9_2_025F351F | |
Source: | Code function: | 9_2_0260C5F0 | |
Source: | Code function: | 9_2_026A3A83 | |
Source: | Code function: | 9_2_02617B00 | |
Source: | Code function: | 9_2_025EFBD7 | |
Source: | Code function: | 9_2_0267DBDA | |
Source: | Code function: | 9_2_0269CBA4 | |
Source: | Code function: | 9_2_025FC85C | |
Source: | Code function: | 9_2_0261286D | |
Source: | Code function: | 9_2_0268F8EE | |
Source: | Code function: | 9_2_02675955 | |
Source: | Code function: | 9_2_026069FE | |
Source: | Code function: | 9_2_0269098E | |
Source: | Code function: | 9_2_025F29B2 | |
Source: | Code function: | 9_2_0260EE4C | |
Source: | Code function: | 9_2_02622E2F | |
Source: | Code function: | 9_2_0261DF7C | |
Source: | Code function: | 9_2_02600F3F | |
Source: | Code function: | 9_2_025FCD5B | |
Source: | Code function: | 9_2_02620D3B | |
Source: | Code function: | 9_2_0268FDDD | |
Source: | Code function: | 9_2_0008D166 | |
Source: | Code function: | 9_2_0008E376 | |
Source: | Code function: | 9_2_0008E6D5 | |
Source: | Code function: | 9_2_0008D773 | |
Source: | Code function: | 9_2_00072D90 | |
Source: | Code function: | 9_2_00079E30 | |
Source: | Code function: | 9_2_0008BFA6 | |
Source: | Code function: | 9_2_00072FB0 |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: | ||
Source: | Matched rule: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Code function: | 5_2_00401000 |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Data Obfuscation: |
---|
.NET source code contains potential unpacker | Show sources |
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: | ||
Source: | .Net Code: |
Source: | Static PE information: |
Source: | Code function: | 4_2_00291A05 | |
Source: | Code function: | 4_2_00B50A5E | |
Source: | Code function: | 4_2_00B53EF9 | |
Source: | Code function: | 4_2_08193125 | |
Source: | Code function: | 4_2_08193D7A | |
Source: | Code function: | 7_2_0135D132 | |
Source: | Code function: | 7_2_0135D772 | |
Source: | Code function: | 7_2_01357160 | |
Source: | Code function: | 7_2_0135781A | |
Source: | Code function: | 7_2_0135D0C8 | |
Source: | Code function: | 7_2_0135781A | |
Source: | Code function: | 7_2_0135D0C8 | |
Source: | Code function: | 7_2_0135D132 | |
Source: | Code function: | 7_2_0134EDBF | |
Source: | Code function: | 7_2_0135C44B | |
Source: | Code function: | 7_2_0135E4EF | |
Source: | Code function: | 7_2_0135D772 | |
Source: | Code function: | 7_2_0099DFB4 | |
Source: | Code function: | 9_2_025EDFB4 | |
Source: | Code function: | 9_2_0008D0C8 | |
Source: | Code function: | 9_2_0008D132 | |
Source: | Code function: | 9_2_0008D0C8 | |
Source: | Code function: | 9_2_0008D132 | |
Source: | Code function: | 9_2_00087160 | |
Source: | Code function: | 9_2_0008D772 | |
Source: | Code function: | 9_2_0008C44B | |
Source: | Code function: | 9_2_0008E4EF | |
Source: | Code function: | 9_2_0008D772 | |
Source: | Code function: | 9_2_0008781A | |
Source: | Code function: | 9_2_0008781A | |
Source: | Code function: | 9_2_0007EDBF |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Source: | File created: | Jump to dropped file |
Boot Survival: |
---|
Drops PE files to the user root directory | Show sources |
Source: | File created: | Jump to dropped file |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion: |
---|
Tries to detect virtualization through RDTSC time measurements | Show sources |
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: | ||
Source: | RDTSC instruction interceptor: |
Source: | Code function: | 7_2_01349A80 |
Source: | Thread delayed: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 7_2_01349A80 |
Source: | Code function: | 7_2_0134ACC0 |
Source: | Code function: | 7_2_00980080 | |
Source: | Code function: | 7_2_009800EA | |
Source: | Code function: | 7_2_009A26F8 | |
Source: | Code function: | 9_2_025F26F8 |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion: |
---|
Allocates memory in foreign processes | Show sources |
Source: | Memory allocated: | Jump to behavior |
Injects a PE file into a foreign processes | Show sources |
Source: | Memory written: | Jump to behavior |
Maps a DLL or memory area into another process | Show sources |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Modifies the context of a thread in another process (thread injection) | Show sources |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Queues an APC in another process (thread injection) | Show sources |
Source: | Thread APC queued: | Jump to behavior |
Sample uses process hollowing technique | Show sources |
Source: | Section unmapped: | Jump to behavior |
Writes to foreign memory regions | Show sources |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality: |
---|
Yara detected FormBook | Show sources |
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Shared Modules1 | Path Interception | Process Injection712 | Masquerading111 | OS Credential Dumping | Security Software Discovery221 | Remote Services | Archive Collected Data1 | Exfiltration Over Other Network Medium | Encrypted Channel1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution1 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Process Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion31 | Security Account Manager | Virtualization/Sandbox Evasion31 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol2 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection712 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol112 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Deobfuscate/Decode Files or Information1 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information4 | Cached Domain Credentials | System Information Discovery113 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Software Packing13 | DCSync | Network Sniffing | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Timestomp1 | Proc Filesystem | Network Service Scanning | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | ReversingLabs | Document-OLE.Exploit.CVE-2017-11882 |
Dropped Files |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | ||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
100% | Joe Sandbox ML | |||
28% | ReversingLabs | ByteCode-MSIL.Spyware.Noon | ||
5% | Metadefender | Browse | ||
2% | ReversingLabs | |||
49% | Metadefender | Browse | ||
86% | ReversingLabs | Win32.Trojan.FormBook | ||
28% | ReversingLabs | ByteCode-MSIL.Spyware.Noon | ||
28% | ReversingLabs | ByteCode-MSIL.Spyware.Noon |
Unpacked PE Files |
---|
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen2 | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.ZPACK.Gen | Download File | ||
100% | Avira | TR/Crypt.XPACK.Gen | Download File | ||
100% | Avira | TR/Dropper.Gen | Download File |
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
inter-trading-service.com | 160.153.129.234 | true | true | unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false | high | |||
false |
| low | ||
false |
| low | ||
false | high | |||
false |
| low |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
160.153.129.234 | inter-trading-service.com | United States | 21501 | GODADDY-AMSDE | true |
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 458850 |
Start date: | 03.08.2021 |
Start time: | 19:47:50 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 1s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | New_1007572_021.xltx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.expl.evad.winXLTX@13/9@2/1 |
EGA Information: | Failed |
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
19:48:44 | API Interceptor | |
19:48:46 | API Interceptor | |
19:49:18 | API Interceptor | |
19:49:43 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
160.153.129.234 | Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
inter-trading-service.com | Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GODADDY-AMSDE | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
C:\Users\user\AppData\Local\Temp\FB_BFF5.tmp.exe | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Created / dropped Files |
---|
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | downloaded |
Size (bytes): | 455168 |
Entropy (8bit): | 7.937198220453206 |
Encrypted: | false |
SSDEEP: | 12288:bHOWiWyFfGU94mxuYfv/PT9WK+dG7VWfQTB:bHQ4mF7ZBMfwB |
MD5: | 41137FD61B9CC0D92225C91660A5902C |
SHA1: | 15D023FD6D344CB18243469A3EE01FEA6BB189AF |
SHA-256: | B04306FA8223C20A1ABAAA6AEB5CABB2A83DC04337BEB2ACFD47784B34B682BC |
SHA-512: | E32EE01FD957EE49F6BFCEFF4BC58B8B695111EF7416F8487398CBFAFD16B2EEAE0B79C41A8071075FD4E09D584CB642393F9E1655A5D70AB3135ADDD2E7ECBA |
Malicious: | true |
Antivirus: |
|
Reputation: | low |
IE Cache URL: | http://inter-trading-service.com/Di4/New_1007572_021.exe |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 11345 |
Entropy (8bit): | 7.599470125749675 |
Encrypted: | false |
SSDEEP: | 192:vPgndNBA4fwufvCYv17N+4exvNEJns295+QEwMWdUDV+yiy3rMB4Lz:vPgndE4f7CG17N+VuJsC5+jwMOWYBmz |
MD5: | CF0E4D3B831F90332E0B61C6EC21B354 |
SHA1: | 1E2DD6780419B138AD9FC2C45B84A51ABC2D6347 |
SHA-256: | FDE032888013EA6CC6D652DBECC1F357F8204A5327C78E84D01057024F956B76 |
SHA-512: | FCE0305E018D7BBB36E64468160894B5BECFCE20FA1EB8521333ECCE42FA850E788680D59C187D1F0B10C9198FBF7A616B2B7D56D66392E916FA2AC3B0CEBA95 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\tynex.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3072 |
Entropy (8bit): | 1.7089931293899303 |
Encrypted: | false |
SSDEEP: | 24:7U6Id6l1iWyyyyyyyyytrUUUUUUUUUUgro:oO |
MD5: | 74BAFB3E707C7B0C63938AC200F99C7F |
SHA1: | 10C5506337845ED9BF25C73D2506F9C15AB8E608 |
SHA-256: | 129450BA06AD589CF6846A455A5B6B5F55E164EE4906E409EB692AB465269689 |
SHA-512: | 5B24DC5ACD14F812658E832B587B60695FB16954FCA006C2C3A7382EF0EC65C3BD1AAF699425C49FF3CCEEF16869E75DD6F00EC189B9F673F08F7E1B80CF7781 |
Malicious: | false |
Antivirus: |
|
Joe Sandbox View: |
|
Preview: |
|
Process: | C:\Users\user\AppData\Local\Temp\tynex.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 186368 |
Entropy (8bit): | 7.314572114292142 |
Encrypted: | false |
SSDEEP: | 3072:4dqYxe9j7g+D8OwXoopyPS5O1lFqRKMhZ6L7Ne61PCbyl2:4kXh8OIoYyq5ILqRKMo7cFN |
MD5: | 48ECE2CA39A9EAE7FCED7418CF071D46 |
SHA1: | 7570995CBF699088A8F208015CB2C92BE5BC837A |
SHA-256: | 4119B29BC938578D5D243DB714D0619228D37C10CCAA52925F9E81A410720D59 |
SHA-512: | E897FDED4B643054796E410CADCC348C1215C934FE70F5407E36E9F10E59E2B10B7EDCBB99D746709AEF8FF498D98D848ADA90FB477EA732A128EE138ED0FD3B |
Malicious: | true |
Yara Hits: |
|
Antivirus: |
|
Preview: |
|
Process: | C:\Users\Public\tynex.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 455168 |
Entropy (8bit): | 7.937198220453206 |
Encrypted: | false |
SSDEEP: | 12288:bHOWiWyFfGU94mxuYfv/PT9WK+dG7VWfQTB:bHQ4mF7ZBMfwB |
MD5: | 41137FD61B9CC0D92225C91660A5902C |
SHA1: | 15D023FD6D344CB18243469A3EE01FEA6BB189AF |
SHA-256: | B04306FA8223C20A1ABAAA6AEB5CABB2A83DC04337BEB2ACFD47784B34B682BC |
SHA-512: | E32EE01FD957EE49F6BFCEFF4BC58B8B695111EF7416F8487398CBFAFD16B2EEAE0B79C41A8071075FD4E09D584CB642393F9E1655A5D70AB3135ADDD2E7ECBA |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2088 |
Entropy (8bit): | 4.507709111934133 |
Encrypted: | false |
SSDEEP: | 48:8LM/XT0ZVXbRrKl4Qh2LM/XT0ZVXbRrKl4Q/:8LM/XuVXbF+4Qh2LM/XuVXbF+4Q/ |
MD5: | 77BC4104B953DB292FAAEF9200B0C23C |
SHA1: | 3F637A9400B4CE8E8214A5D2F390DB06ED2EA869 |
SHA-256: | 5859B1E88CDCCC883D47F0C513CA3CFFE2669992F13CC970EDBCCD17E0DA0332 |
SHA-512: | DFD81A20411DE7A6F95456B59A6EA2DE1917C76DFEC5448ED81B99BD4483AFD90F1DFABF77650704D7D35A1F25C3D03CF49284C080D51012BFE8FD513C37AA5D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 85 |
Entropy (8bit): | 4.185015424439977 |
Encrypted: | false |
SSDEEP: | 3:HgAedaLUlzKMdaLUlmxWgAedaLUlv:HFeaLUhKkaLU/eaLU1 |
MD5: | 618EC37A8CDBB18D2CECC9BD1A804D28 |
SHA1: | 151F4284B4B8D1ABB594107311F9A1147C659623 |
SHA-256: | F83CBD16BFFA7ABBEC581821858358C2BF0B3121D681E0543AA8EA83A37A9D37 |
SHA-512: | F919566E710C8FF55DA6C28CF1E830614FCDDB09199914917FDE11641A7BEE5992EBC2F59F19861C0158C655A14FECC01FC481D18410768A1AA936DFA84FB57C |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fV:vBFFGS |
MD5: | 797869BB881CFBCDAC2064F92B26E46F |
SHA1: | 61C1B8FBF505956A77E9A79CE74EF5E281B01F4B |
SHA-256: | D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185 |
SHA-512: | 1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D |
Malicious: | true |
Preview: |
|
Process: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 455168 |
Entropy (8bit): | 7.937198220453206 |
Encrypted: | false |
SSDEEP: | 12288:bHOWiWyFfGU94mxuYfv/PT9WK+dG7VWfQTB:bHQ4mF7ZBMfwB |
MD5: | 41137FD61B9CC0D92225C91660A5902C |
SHA1: | 15D023FD6D344CB18243469A3EE01FEA6BB189AF |
SHA-256: | B04306FA8223C20A1ABAAA6AEB5CABB2A83DC04337BEB2ACFD47784B34B682BC |
SHA-512: | E32EE01FD957EE49F6BFCEFF4BC58B8B695111EF7416F8487398CBFAFD16B2EEAE0B79C41A8071075FD4E09D584CB642393F9E1655A5D70AB3135ADDD2E7ECBA |
Malicious: | true |
Antivirus: |
|
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.914902908472318 |
TrID: |
|
File name: | New_1007572_021.xltx |
File size: | 18379 |
MD5: | 427e80f30505c596c822c141283a5a70 |
SHA1: | d910f9e9ecf2cb8c68f8fca4121bac4bad757a37 |
SHA256: | d1acfa41b1e1fbc076b41547954e6615132256983b0315c50f8dbb97a0399fbd |
SHA512: | b25f13a6d540a4b20796bee8336b187bcb7c3fc9d8f7c04fbadcc7b897a9b4417336356db2134fc5ce4e230f656ff6eb9337edc993b68674d06ef1fe3138876d |
SSDEEP: | 384:s+ZSGClB7ap+ogsnXqYvEIl59nWPdLGHT7I+6f+0vNtQX:P9G7czBvEIlbEKz0hFtg |
File Content Preview: | PK........L..S................[Content_Types].xmlUT...>..a>..a>..a.TMO.0..#...\....!....# .? k..[.....{.v...6P..M....e{t.t.X@B.|%...(..A..T...qp%.$....C%V.....d......=VbJ....z.Na."x......152.z.........'.4..!nF.0Q....%..2I`Q.w]`......Z.....;*..B..6..&..... |
File Icon |
---|
Icon Hash: | ecc2ca8a8cdcce80 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "/opt/package/joesandbox/database/analysis/458850/sample/New_1007572_021.xltx" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Summary | |
---|---|
Author: | |
Last Saved By: | |
Create Time: | 2021-04-28T14:40:56Z |
Last Saved Time: | 2021-07-29T09:05:14Z |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 15.0300 |
Streams |
---|
Stream Path: \x1OlE10NAtiVe, File Type: data, Stream Size: 1644 |
---|
General | |
---|---|
Stream Path: | \x1OlE10NAtiVe |
File Type: | data |
Stream Size: | 1644 |
Entropy: | 7.65247560699 |
Base64 Encoded: | False |
Data ASCII: | . . t . . ~ . . G . . . # > ( . . . . . . . . . . . . . . . . . . . . . . . . . . P . E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) . D . . . . . . . . . . U . V . . . . . . . . . . . . . { . . . . . . F . . ! . o . 0 . . . . . . b . . . C . . { 1 . . 5 . . . o n , 6 . . . . { . . " h y . B . . ; . . { y . E . . . . p . . . . ? . . l . . . v e . . G . . . . . . K . . ^ . [ . . y I . . . g . . . d . S . f b . k F . T 1 . U . . . . . . h / > . . a / . . . . c . . . r 1 . . . s . . . . N . V |
Data Raw: | a3 16 74 05 03 7e 01 eb 47 0a 01 05 23 3e 28 ec 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 06 45 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 29 c3 44 00 00 00 00 e9 f9 01 00 00 c5 55 0c 56 05 93 80 99 ee b3 e2 1f 90 09 ef e0 de 7b e4 85 f1 c5 c2 aa 46 b5 92 21 fb 6f 9d 30 16 ac b3 d0 c0 f4 62 eb 82 e8 43 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 3, 2021 19:48:49.125675917 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.153186083 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.153314114 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.153964043 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.182463884 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.187442064 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.187589884 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.189138889 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.189239979 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.190680027 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.190752029 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.191246033 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.191324949 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.192192078 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.192255020 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.192260027 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.192281008 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.192322016 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.192329884 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.192694902 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.192742109 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.192790985 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.193257093 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.193325996 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.207211018 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.214283943 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.214360952 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.214461088 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.214534044 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.215810061 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.215857983 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.215893984 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.217226028 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.217253923 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.217286110 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.217309952 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.218938112 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.218966007 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.218991995 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219016075 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219033957 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219048023 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219058037 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219068050 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219072104 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219077110 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219083071 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219098091 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219100952 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.219111919 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.219149113 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.222286940 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.223342896 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.223385096 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.223419905 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.223427057 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.223442078 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.223453999 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.223464966 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.223495007 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.226684093 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.229032993 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.234457970 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.234571934 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.240442038 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.240483999 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.240613937 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.240614891 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.240684032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.242337942 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.242378950 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.242410898 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.242439985 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.243297100 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243325949 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243381023 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243408918 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243408918 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.243426085 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.243446112 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243446112 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.243485928 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.243494987 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.243541002 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.244494915 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245321035 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245352983 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245381117 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245394945 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245403051 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245413065 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245417118 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245429039 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245434046 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245452881 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245470047 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245472908 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245481968 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245505095 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245512962 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245527029 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245538950 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245551109 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245564938 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245584965 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245595932 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245598078 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245618105 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245628119 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.245636940 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.245666981 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.248936892 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.248958111 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249012947 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249428034 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249466896 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249488115 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249501944 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249545097 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249593973 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249598026 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249624014 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249639034 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249650002 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249658108 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249675989 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.249699116 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.249717951 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.254586935 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.254817009 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.257395029 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.259265900 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.261245012 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.261348963 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.262917042 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.268285036 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268356085 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268372059 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.268385887 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268423080 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.268435955 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.268598080 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268634081 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268663883 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.268672943 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.268747091 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.269932985 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.269978046 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270009041 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270037889 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270152092 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270697117 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270735979 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270766020 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270796061 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270796061 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270818949 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270823002 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270836115 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270855904 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270857096 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270890951 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270910978 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270920992 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270931005 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270955086 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.270966053 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.270987034 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.271011114 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.271025896 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.271816015 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.272383928 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.272464037 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.272495031 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.272515059 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.272694111 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.272790909 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.272813082 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.272867918 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276329994 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276376963 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276403904 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276432037 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276444912 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276459932 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276463985 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276468039 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276492119 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276494026 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276520967 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276535034 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276547909 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276567936 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276578903 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276583910 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276608944 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276633024 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276637077 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276642084 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276667118 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276688099 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276695013 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276707888 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276726007 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.276741982 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.276806116 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.282479048 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.285834074 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.285885096 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.285923958 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.285954952 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286119938 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286689043 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286736965 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286772013 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286781073 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286802053 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286813974 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286891937 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286923885 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286937952 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286952972 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.286953926 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.286998987 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.288662910 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.288778067 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.289758921 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.289875984 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296467066 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296535015 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296565056 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296595097 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296636105 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296659946 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296677113 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296706915 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296731949 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296735048 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296752930 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296772957 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.296792984 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.296828032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298237085 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298290014 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298321009 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298351049 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298376083 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298378944 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298401117 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298403978 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298415899 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298420906 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298449993 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298455954 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298480988 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298491955 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298511982 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298516035 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298546076 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298549891 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298579931 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298585892 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298614979 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.298619032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.298652887 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.309267998 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.309433937 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.309449911 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.309535980 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.309756041 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.312664032 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.312969923 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.312995911 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313035011 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313067913 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313090086 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313097000 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313123941 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313128948 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313133955 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313146114 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313153982 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313183069 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313210964 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313239098 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313267946 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313287020 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313318014 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313344955 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313370943 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313400984 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313457966 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313491106 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313561916 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313570976 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313574076 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313576937 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313580036 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313582897 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313585997 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313589096 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313591957 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313596010 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313602924 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313633919 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313664913 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313668013 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313694000 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313707113 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313718081 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313741922 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313765049 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313766956 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313792944 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313824892 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313837051 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313848972 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313930035 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313930988 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313951015 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313971043 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.313988924 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.313992977 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314018965 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314024925 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314058065 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314069033 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314089060 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314116001 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314135075 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314162970 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314167023 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314189911 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314191103 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314217091 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314217091 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314228058 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314244032 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314251900 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314285994 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314297915 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314327002 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314354897 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314361095 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314383984 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314384937 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314407110 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314414978 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314428091 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314445019 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314455032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314476967 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314487934 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314539909 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314553976 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314584017 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314615011 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314619064 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314627886 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314656973 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314691067 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314718962 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314739943 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314749956 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314764977 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314774990 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314807892 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314811945 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.314836979 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.314862967 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.317857027 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.317908049 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.317944050 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.317970991 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.318047047 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.318130016 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323236942 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323277950 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323307991 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323333025 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323359013 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323389053 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323395967 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323414087 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323442936 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323470116 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323492050 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323499918 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323501110 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323509932 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323532104 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323550940 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323559999 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323589087 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323617935 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.323620081 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323626995 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323631048 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.323651075 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.328227997 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328274965 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328304052 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328330994 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328361034 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328389883 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328399897 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.328419924 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328449011 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328479052 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328489065 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.328510046 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.328515053 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.328564882 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.329555988 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329598904 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329637051 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329667091 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329699039 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329730988 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329762936 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329766989 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.329786062 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.329796076 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.329807997 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.329829931 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.333794117 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.333833933 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.333862066 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.333889961 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.333916903 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.333944082 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.334074020 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.334100008 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.340069056 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.340116024 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.340136051 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.340159893 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.340204954 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.340230942 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344383955 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344420910 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344449997 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344459057 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344475031 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344476938 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344506979 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344511032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344528913 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344548941 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344556093 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344559908 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344568968 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344569921 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.344594955 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.344611883 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346108913 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346139908 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346165895 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346189022 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346214056 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346216917 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346235037 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346236944 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346267939 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346301079 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.346306086 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346323967 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346328020 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.346330881 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.347671032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348074913 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348100901 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348187923 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348244905 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348267078 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348295927 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348308086 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348324060 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348325014 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348334074 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348355055 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348371029 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348382950 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348407984 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348412991 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348414898 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348443031 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348448038 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348470926 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348473072 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348503113 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348597050 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348623991 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348644972 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348651886 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348653078 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348680019 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348695993 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348707914 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348711014 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348737001 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348767042 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348797083 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348792076 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348825932 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348855019 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348859072 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348874092 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348876953 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348884106 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348903894 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348907948 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348912954 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348941088 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348959923 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.348969936 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.348978043 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349014044 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349014997 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349042892 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349066019 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349071980 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349081993 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349092960 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349097967 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349101067 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349123001 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349150896 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349175930 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349204063 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349229097 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349250078 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349256039 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349256992 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349258900 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349262953 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349265099 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349283934 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349292994 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349298954 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349311113 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349332094 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349337101 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349348068 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349365950 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349395037 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349415064 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349421978 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349447012 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349450111 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349467993 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349477053 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349503040 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349524975 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349526882 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349549055 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349553108 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349574089 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349579096 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349581003 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349610090 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349611998 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349634886 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349639893 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349641085 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349689007 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349787951 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349817038 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349844933 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349848032 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349858999 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349872112 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349879980 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349896908 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349910021 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349925995 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349953890 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.349956036 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.349982023 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350003958 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350008011 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350009918 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350011110 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350038052 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350059986 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350068092 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350087881 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350096941 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350116014 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350126028 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350145102 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350156069 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350178957 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350183964 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350194931 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350208998 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350236893 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350239038 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350246906 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350258112 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.350263119 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.350295067 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.351903915 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.351998091 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.373917103 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.373971939 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374026060 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374048948 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374097109 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374142885 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374155998 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374159098 CEST | 80 | 49165 | 160.153.129.234 | 192.168.2.22 |
Aug 3, 2021 19:48:49.374217987 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374223948 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374227047 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374229908 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374233007 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.374236107 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.456914902 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:49.479974031 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
Aug 3, 2021 19:48:52.109252930 CEST | 49165 | 80 | 192.168.2.22 | 160.153.129.234 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Aug 3, 2021 19:48:49.033301115 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 3, 2021 19:48:49.071100950 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
Aug 3, 2021 19:48:49.071474075 CEST | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Aug 3, 2021 19:48:49.106981993 CEST | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Aug 3, 2021 19:48:49.033301115 CEST | 192.168.2.22 | 8.8.8.8 | 0xb648 | Standard query (0) | A (IP address) | IN (0x0001) | |
Aug 3, 2021 19:48:49.071474075 CEST | 192.168.2.22 | 8.8.8.8 | 0xb648 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Aug 3, 2021 19:48:49.071100950 CEST | 8.8.8.8 | 192.168.2.22 | 0xb648 | No error (0) | 160.153.129.234 | A (IP address) | IN (0x0001) | ||
Aug 3, 2021 19:48:49.106981993 CEST | 8.8.8.8 | 192.168.2.22 | 0xb648 | No error (0) | 160.153.129.234 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 160.153.129.234 | 80 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Aug 3, 2021 19:48:49.153964043 CEST | 0 | OUT | |
Aug 3, 2021 19:48:49.187442064 CEST | 2 | IN |