Edit tour
Windows
Analysis Report
61ee6edf7de65.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
Antivirus / Scanner detection for submitted sample
System process connects to network (likely due to code injection or exploit)
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Writes or reads registry keys via WMI
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Sigma detected: Suspicious Rundll32 Activity
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Found large amount of non-executed APIs
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 912 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\61e e6edf7de65 .dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6348 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\61e e6edf7de65 .dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 4848 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\61ee 6edf7de65. dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 4824 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - control.exe (PID: 6104 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - rundll32.exe (PID: 2944 cmdline:
"C:\Window s\system32 \rundll32. exe" Shell 32.dll,Con trol_RunDL L -h MD5: 73C519F050C20580F8A62C849D49215A)
- mshta.exe (PID: 6808 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Wulb='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Wulb).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\MarkC hart'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 3728 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name meew olqgy -val ue gp; new -alias -na me wuuiocp tps -value iex; wuui ocptps ([S ystem.Text .Encoding] ::ASCII.Ge tString((m eewolqgy " HKCU:Softw are\AppDat aLow\Softw are\Micros oft\54E807 03-A337-A6 B8-CDC8-87 3A517CAB0E ").UtilDia gram)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 2796 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 5812 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\hddjt5k h\hddjt5kh .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 7104 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESA9AF.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\hdd jt5kh\CSCA C4C40391E0 044BAAD217 F7E1F4E48A .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 4408 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\32ysuxe g\32ysuxeg .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6312 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESC843.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\32y suxeg\CSCD D69F677ABA 1437DBA6EE 4792C92D38 A.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3440 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5224 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\61ee6edf 7de65.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 3640 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 5632 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - cmd.exe (PID: 6152 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\61ee6edf 7de65.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5104 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 5860 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 3092 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 6176 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \442E.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6956 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- mshta.exe (PID: 6024 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Vn1t='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Vn1t).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\MarkC hart'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 5408 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name vxlt ksnx -valu e gp; new- alias -nam e fgysecca lw -value iex; fgyse ccalw ([Sy stem.Text. Encoding]: :ASCII.Get String((vx ltksnx "HK CU:Softwar e\AppDataL ow\Softwar e\Microsof t\54E80703 -A337-A6B8 -CDC8-873A 517CAB0E") .UtilDiagr am)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 5428 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6292 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\qmanv25 g\qmanv25g .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 3272 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESCEBB.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\qma nv25g\CSC8 3689403A12 4ABD8F80AE 4A2C14BFB. TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 4636 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\vn3zgr4 g\vn3zgr4g .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6592 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESE6D7.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\vn3 zgr4g\CSCD 86376609B0 744ABB5692 8FEBE923C3 .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "bkFTFgKp65D5Jru5rf49R+GXnNukXGpZwjIwkjTtlHtgZk7oxIROD9a73bCW6q+N//ka8JpBA5kzPLmOYX0Yasr3Rl/9Zuz9f2VWaX0efOwZY2QKrOoQ67764YcBo8lsKwkYr7PpHkMHQxnMs6NEKJ6J1N6xfUndxmGR7l13Aaosa8p5sAWD3DLmA1KYT+Yo7POW4hnwwj/vfsWt00ns0kdIj1rxgp6FgYSdcYrFJsGyw1c4V2WgskLjtOH2H4NxYnKJgMX4ugqjKvCIFcuUg9umN2tNFjXLFbc81b/KRkQqTX8MMan6JAeAyuM92LJfIu2ZUFHAyr0vE+Uoz2nr6m8vyE3ODdwccpisKQUEL5E=", "c2_domain": ["giporedtrip.at", "habpfans.at"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "OejOdTRHaO03XbEm", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, calc no*ad *terminal* *debug*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "20000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 29 entries |
System Summary |
---|
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link |
Source: | Avira: |
Source: | Code function: | 3_2_00F278F2 |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_04B3B190 | |
Source: | Code function: | 1_2_04B3B2F7 | |
Source: | Code function: | 1_2_04B4D39D | |
Source: | Code function: | 3_2_059EB190 | |
Source: | Code function: | 3_2_059FD39D | |
Source: | Code function: | 3_2_059EB2F7 |
Source: | Code function: | 1_2_04B4FD82 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Process created: |
Source: | ASN Name: | ||
Source: | ASN Name: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 3_2_00F278F2 |
System Summary |
---|
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: | ||
Source: | WMI Queries: |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 1_2_04B50CB2 | |
Source: | Code function: | 1_2_04B42CB8 | |
Source: | Code function: | 1_2_04B4F4D0 | |
Source: | Code function: | 1_2_04B51DEA | |
Source: | Code function: | 1_2_04B32D25 | |
Source: | Code function: | 1_2_04B3F641 | |
Source: | Code function: | 1_2_04B368B2 | |
Source: | Code function: | 1_2_04B501A5 | |
Source: | Code function: | 1_2_04B43924 | |
Source: | Code function: | 3_2_00F280D0 | |
Source: | Code function: | 3_2_00F24BB3 | |
Source: | Code function: | 3_2_00F2436E | |
Source: | Code function: | 3_2_05A01D92 | |
Source: | Code function: | 3_2_05A01DEA | |
Source: | Code function: | 3_2_059E2D25 | |
Source: | Code function: | 3_2_05A00CB2 | |
Source: | Code function: | 3_2_059F2CB8 | |
Source: | Code function: | 3_2_059FF4D0 | |
Source: | Code function: | 3_2_05A01418 | |
Source: | Code function: | 3_2_059EF641 | |
Source: | Code function: | 3_2_05A001A5 | |
Source: | Code function: | 3_2_059F3924 | |
Source: | Code function: | 3_2_059E68B2 | |
Source: | Code function: | 3_2_05A07358 |
Source: | Code function: | 1_2_04B49499 |
Source: | Code function: | 1_2_04B3D4F4 | |
Source: | Code function: | 1_2_04B3E4DC | |
Source: | Code function: | 1_2_04B3B45A | |
Source: | Code function: | 1_2_04B44560 | |
Source: | Code function: | 1_2_04B4BEBC | |
Source: | Code function: | 1_2_04B4D6E3 | |
Source: | Code function: | 1_2_04B53E7D | |
Source: | Code function: | 1_2_04B3A7FE | |
Source: | Code function: | 1_2_04B40FE0 | |
Source: | Code function: | 1_2_04B3AFD1 | |
Source: | Code function: | 1_2_04B36F70 | |
Source: | Code function: | 1_2_04B470AC | |
Source: | Code function: | 1_2_04B3ECE9 | |
Source: | Code function: | 1_2_04B52588 | |
Source: | Code function: | 1_2_04B31D70 | |
Source: | Code function: | 1_2_04B33EBE | |
Source: | Code function: | 1_2_04B4F0CC | |
Source: | Code function: | 1_2_04B4A1FC | |
Source: | Code function: | 1_2_04B4595B | |
Source: | Code function: | 1_2_04B4630F | |
Source: | Code function: | 3_2_00F24AAF | |
Source: | Code function: | 3_2_00F22F8D | |
Source: | Code function: | 3_2_00F2373D | |
Source: | Code function: | 3_2_00F282F5 | |
Source: | Code function: | 3_2_059F4560 | |
Source: | Code function: | 3_2_059EE4DC | |
Source: | Code function: | 3_2_059ED4F4 | |
Source: | Code function: | 3_2_059EB45A | |
Source: | Code function: | 3_2_059EAFD1 | |
Source: | Code function: | 3_2_059EA7FE | |
Source: | Code function: | 3_2_059F0FE0 | |
Source: | Code function: | 3_2_059E6F70 | |
Source: | Code function: | 3_2_059FBEBC | |
Source: | Code function: | 3_2_059FD6E3 | |
Source: | Code function: | 3_2_05A03E7D | |
Source: | Code function: | 3_2_059F70AC | |
Source: | Code function: | 3_2_05A02588 | |
Source: | Code function: | 3_2_059E1D70 | |
Source: | Code function: | 3_2_059EECE9 | |
Source: | Code function: | 3_2_059E3EBE | |
Source: | Code function: | 3_2_059FA1FC | |
Source: | Code function: | 3_2_059F595B | |
Source: | Code function: | 3_2_059FF0CC | |
Source: | Code function: | 3_2_059F630F |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior | ||
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 1_2_04B50929 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 1_2_032E29D6 | |
Source: | Code function: | 1_2_032E620F | |
Source: | Code function: | 1_2_032E5A06 | |
Source: | Code function: | 1_2_032E501F | |
Source: | Code function: | 1_2_032E302C | |
Source: | Code function: | 1_2_032E5625 | |
Source: | Code function: | 1_2_04B57357 | |
Source: | Code function: | 3_2_00F280CF | |
Source: | Code function: | 3_2_00F27D59 | |
Source: | Code function: | 3_2_00F35625 | |
Source: | Code function: | 3_2_00F3302C | |
Source: | Code function: | 3_2_00F3501F | |
Source: | Code function: | 3_2_00F35A06 | |
Source: | Code function: | 3_2_00F3620F | |
Source: | Code function: | 3_2_00F329D6 | |
Source: | Code function: | 3_2_05A06DD9 | |
Source: | Code function: | 3_2_05A07357 |
Source: | Code function: | 1_2_04B4653E |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep count: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 1_2_04B3B190 | |
Source: | Code function: | 1_2_04B3B2F7 | |
Source: | Code function: | 1_2_04B4D39D | |
Source: | Code function: | 3_2_059EB190 | |
Source: | Code function: | 3_2_059FD39D | |
Source: | Code function: | 3_2_059EB2F7 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 1_2_04B4FD82 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 1_2_04B4653E |
Source: | Process token adjusted: | Jump to behavior | ||
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 1_2_032E00B5 | |
Source: | Code function: | 1_2_032E0DA5 | |
Source: | Code function: | 1_2_032E0695 | |
Source: | Code function: | 3_2_00F300B5 | |
Source: | Code function: | 3_2_00F30695 | |
Source: | Code function: | 3_2_00F30DA5 |
Source: | Code function: | 1_2_04B38C50 | |
Source: | Code function: | 3_2_059E8C50 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior | ||
Source: | Domain query: | |||
Source: | Network Connect: | Jump to behavior | ||
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | |||
Source: | Thread register set: |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: | |||
Source: | Thread created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 1_2_04B474AD |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 1_2_04B3DB44 |
Source: | Code function: | 1_2_04B39677 |
Source: | Code function: | 1_2_04B495CA |
Source: | Code function: | 1_2_04B44560 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 2 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 2 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 12 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 21 Virtualization/Sandbox Evasion | Cached Domain Credentials | 1 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 21 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
24% | Virustotal | Browse | ||
100% | Avira | HEUR/AGEN.1211191 |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1108168 | Download File | ||
100% | Avira | HEUR/AGEN.1108168 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
giporedtrip.at | 91.203.174.38 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false | high |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
211.40.39.251 | unknown | Korea Republic of | 3786 | LGDACOMLGDACOMCorporationKR | true | |
138.36.3.134 | unknown | Brazil | 264562 | TEXNETSERVICOSDECOMUNICACAOEMINFORMATICALTDBR | true | |
91.203.174.38 | giporedtrip.at | Uzbekistan | 47141 | LITTEL-ASRU | true | |
121.136.102.4 | unknown | Korea Republic of | 4766 | KIXS-AS-KRKoreaTelecomKR | true | |
61.98.7.132 | unknown | Korea Republic of | 9318 | SKB-ASSKBroadbandCoLtdKR | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 558657 |
Start date: | 24.01.2022 |
Start time: | 11:09:22 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 15m 33s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 61ee6edf7de65.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 45 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@48/34@6/6 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, UsoClient.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115
- Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, client.wns.windows.com, fs.microsoft.com, store-images.s-microsoft.com, ctldl.windowsupdate.com, store-images.s-microsoft.com-c.edgekey.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
- Execution Graph export aborted for target mshta.exe, PID 6024 because there are no executed function
- Execution Graph export aborted for target mshta.exe, PID 6808 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size exceeded maximum capacity and may have missing disassembly code.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
11:10:30 | API Interceptor | |
11:10:39 | API Interceptor | |
11:10:44 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
211.40.39.251 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TEXNETSERVICOSDECOMUNICACAOEMINFORMATICALTDBR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
LGDACOMLGDACOMCorporationKR | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:Axoe5FpOMxoe5Pib4GVsm5emdKVFn3eGOVpN6K3bkkjo5HgkjDt4iWN3yBGHh9sO:6fib4GGVoGIpN6KQkj2Akjh4iUxs14fr |
MD5: | 1F1446CE05A385817C3EF20CBD8B6E6A |
SHA1: | 1E4B1EE5EFCA361C9FB5DC286DD7A99DEA31F33D |
SHA-256: | 2BCEC12B7B67668569124FED0E0CEF2C1505B742F7AE2CF86C8544D07D59F2CE |
SHA-512: | 252AD962C0E8023419D756A11F0DDF2622F71CBC9DAE31DC14D9C400607DF43030E90BCFBF2EE9B89782CC952E8FB2DADD7BDBBA3D31E33DA5A589A76B87C514 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 408 |
Entropy (8bit): | 5.01293234302818 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJAsNiWVMRSRa+eNMjSSRrjEzxevVSRNveKP8nQe3CGy:V/DTLDfuH0Wl9eg5r4NevU1eKPJeyGy |
MD5: | 35EAB9A45B1CC09A0099A179AD3DCFE5 |
SHA1: | 42939AC7047BC372300FDD21624100E5C9F83B7F |
SHA-256: | EEEECB79A83F234A098D4E685F9649E562EE2C5180DA03CE782DF3F95D7EB5A7 |
SHA-512: | 03DB096CD43E298A526507BE3252F718516E26ECB50400D052B9C26E76EB89F950770696F2034FD9031E3421EE5F7E225D985BFD92CC51338EC19854C85017C1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.22338928296367 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fcBzxs7+AEszIN723fcQx:p37Lvkmb6K2aEBWZETaEQx |
MD5: | DBEC98CFE2AE1215A758F472B026FF34 |
SHA1: | 4605DD9744FEB806A00FD8E6CCB25F275B577C73 |
SHA-256: | 70696285444D57D8BEDBA105CDA7481AA7CF4D62EFC79C1454B7EF659C1ED5C3 |
SHA-512: | FDD7838716515157ADB10B9F446B31298EEE82077F34EFF970618F45E42C593E1626D293B4C5C7E812B92CE06C1C51D6E8BFEA42A5A8BE1D72620B51B39DDAEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.623929794032503 |
Encrypted: | false |
SSDEEP: | 48:6WgXE7S5FwYXok+G/W8JU1AZX1ulO3a3/4q:lr7S5ekf+YeqK |
MD5: | F163C1D1CECCF46250870200E14C6929 |
SHA1: | B880A02F929418A0BD6F42F97AC509BB0588BC84 |
SHA-256: | 673DA59906C2CA9646D29EC32569658519AFDA87BC3E730AD591344C3F1CE861 |
SHA-512: | DDE28C0AAEC0D08B9B24E4633375C53AB08B2AEFB00520226DD5AD6215B1E82A438DBB10C7AEAF90A505E4BCAF1F951FDEFA0470A95009D8F96DB78A7692C024 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.317124959482677 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aEWETaE5KaM5DqBVKVrdFAMBJTH:Akka6CtE+cKxDcVKdBJj |
MD5: | D7548F253CD5F22DC97E67EE293CE7CE |
SHA1: | 7786139CF9874997146067249B9A194A1D3939ED |
SHA-256: | 1A87A592B08B172333924B6E5CA8FC7C3CA00778B01225E805B9359A0BDAF964 |
SHA-512: | EA0B648ED19690B0028DCACCD2E0714F4B0ACA2DC4FAF11EA31A31B0F6705DD1A5CDCE9BA3B54E98C09850D7B3BAB3B8D55D574F83E53E30863A9C7588362578 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1086397726225687 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryEXnak7Ynqq/XwPN5Dlq5J:+RI+ycuZhNOXnakS/XwPNnqX |
MD5: | D112602496AF629102D67B4B882A7DA0 |
SHA1: | 71FB2977E08E3D38CAE1E0C4D17AF4B7F81CDFFE |
SHA-256: | 8D0A39E3B8AE49DCBD14D32C1BE64B1DB33A7223A7D8E3270C54D41F4B236A12 |
SHA-512: | FDA136B3AD8351A7C7C5C401FC94D62089E4996A488435B3CC68595933B1C0801366F5EFA4E9FCC6CE8AE1667E17F3C9F5401523BE9A1C31F0EB76FB744FFDEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.996791252234021 |
Encrypted: | false |
SSDEEP: | 24:HkFm9na7CIVaHEhKdNwI+ycuZhNYakSkPNnq9Sd:2c2Kdm1ulYa3kq9C |
MD5: | 52DBB7ABE93AAC35F9B00E0041FAC3F5 |
SHA1: | EE0D79AB73BAB6E34E69C8D062B319DBD5E4CB6D |
SHA-256: | 599822F45B466D37E66ECD283E3087F01A43C68AA0F85D91D853EA15D7979D76 |
SHA-512: | 9DBB88BF368342A9D3E579B59505A68814BDE76D30451409801EB328883997A701B8D7EE294AD087DBE46D052687E315BD69B3DD98FE4BB1EE3EC75A5B2A58A4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 4.006521464895929 |
Encrypted: | false |
SSDEEP: | 24:HxFm9ma0yuaH3hKdNwI+ycuZhNOXnakS/XwPNnq9Sd:wJrRKdm1ulO3a3/4q9C |
MD5: | 1D8558748ED793C6050F5A2E5572D113 |
SHA1: | 27D070489053E58906D376D760150CE715E88C86 |
SHA-256: | 007D15A992CB63B600232A1E43C4C430271CB6B513E8538CC25C4B2C544BA65E |
SHA-512: | B5A37C47C86180073DF88121AF5B4A37FD0B024A0C94C7F14AEBF9AD8BE12362FD648109A7723F157A4091BAD2D5A3E7C84007C0B2A44EE3E0627C14B51A643B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.988707873560221 |
Encrypted: | false |
SSDEEP: | 24:H3Fm9Uatw9cRqOaH1fhKdNwI+ycuZhNXakSpPNnq9Sd:0tTRqLV5Kdm1ulXa3Lq9C |
MD5: | F9AE76ADEB946619CCD136219AB83EBC |
SHA1: | FCB9A6777045F64617F751F96957B235A47A757B |
SHA-256: | B79D63E16A61C19E5EE50230B0143BE2C4AD2DF81EC7B4FEEFF432025ACDBDDA |
SHA-512: | 9DF724F487DAEBE62AD4702C4BF25FE175B232E24BE71F4E35206A117DF1665255299108EA83ADE96DAC2D8CD5C7181AADBCB6688BEBDA805626BFD21F0E141B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1336 |
Entropy (8bit): | 3.9940771285616306 |
Encrypted: | false |
SSDEEP: | 24:H5Fm9na/9bXm/aHvhKdNwI+ycuZhNDBakSgmPNnq9Sd:5/9b/pKdm1ulDBa3gaq9C |
MD5: | 98893A1D42AF866B0F54D4FE368CBD5E |
SHA1: | B77C376C7769D47862458D89755015A3FA49B1E3 |
SHA-256: | 2C720A7C79425332A9E0E88242C1EB733F1C8A677833F78CA412B3953F6A3D29 |
SHA-512: | 3B9247CCD6A1E0FD9F04791FD3EF4E874B0115BF99A9696747A63C70480E81FE03AC2653231CD298C904DDDAEEA9257437060D3211356FE204C5196EAA868995 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1130003120917578 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryGak7YnqqkPN5Dlq5J:+RI+ycuZhNYakSkPNnqX |
MD5: | EDBBDC9948E1C647F92420624B606E4D |
SHA1: | E3DDECF117CC5C8B855538733A2E6DD9AB13F989 |
SHA-256: | F0FDDCBF33459AC7738A011F4D9EAF4CA133B9F7303F78C2BA791E9F101B9E4E |
SHA-512: | 3EE0BE7961D34BFCFBCACE071561855E00C1C2935D10F45CA0C088869E31EC76F7743174F04507A425804E023CCBA82E907FDF8FDDF136C69E0C8677E5ED1F34 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 404 |
Entropy (8bit): | 5.019892496194437 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJyLHMRSR7a1maLXKqoSRa+rVSSRnA/fQTbIOktwy:V/DTLDfucj3aLXKqj9rV5nA/IT8ORy |
MD5: | 04CA9F3DD2F71BC69A66232592BD29B7 |
SHA1: | 12724CB97FE30A8B84901648B3653B9AC8FB2F73 |
SHA-256: | DBC22FFC06EBCB8F7E00BB962CA175EFFBBDF0DEBE7A2E4D288A8735C5C27DB1 |
SHA-512: | 383C82A91A354A95E9887E9731852788F466C461EA58A016532E4B07A3E19A97C525B4B579B86A4681BF3DBACFA6B65C8F11032B904737C287A6A5498E4EEB4E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.267076526526121 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723f4BcHUzxs7+AEszIN723f4B2x:p37Lvkmb6K2aEWZETaB |
MD5: | C9383FA41DC988BDB143785D8AF21F8E |
SHA1: | 50F307AA50C261190CF8483EA752DA26C0BABC4C |
SHA-256: | 0D83097E96BED92D0D80BCE70B500D61C4A177690BC173B97B2743BA6AE346EE |
SHA-512: | 6AEFD2A95C449DD2AFC0CA0A96E4B99678E4EFDC6B40A5B23F9044962B28D723C321A5075C96A24C967FE9F9B3154C6E08EBAB67C24F0541316665E6C5E4A728 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.623285217450161 |
Encrypted: | false |
SSDEEP: | 24:etGSuW8OmU0t3lm85nt4tdalqQg6ASS41lI+tkZfQB85tVUWI+ycuZhNYakSkPNq:6uQXQ3r5eXa1+xJQyB31ulYa3kq |
MD5: | 3D44991528B31B2492D087F27228A85D |
SHA1: | 4DB4C06B60812F7EE5F4AA6E0CFF86C625E9E5CF |
SHA-256: | 26CF5106FC2D30A9A605EC56AE32BE1BF6224318DE9320F0A9873F21DE341CED |
SHA-512: | 3A804AB0119490C015CACAA29452D07B3A6BA673DEA71B11FB87D25A1F2886A888B84D77975D1284890731A194D1C2E453B299F45166181B15797B23B7FC3E12 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.329634713423145 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2alETakKaM5DqBVKVrdFAMBJTH:Akka6ClE+kKxDcVKdBJj |
MD5: | 4F092FEEE1A852153F061DEA7821027D |
SHA1: | 2DA69C503AC965ED588A818FEBA4A2CCD7F1B4F7 |
SHA-256: | 3A56BC18D26E454422E4DF81A2489EEDFD223F5855DBA7E40FD335D942F3EC73 |
SHA-512: | C39D6307A1EC663FD52186B35C979769612876C1F90BA200DEAA0726650DDF41E0EE6AA9F938323B59EE1D1362ABCF2B8A6941AE5F9780C16502148FC2661BEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1113362183779265 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grySlAak7YnqqhllPN5Dlq5J:+RI+ycuZhNXakSpPNnqX |
MD5: | A88F00BBFDBFE259B40183FFC75D9408 |
SHA1: | 414BF62BCA044231DACA7752347698DBAA00E67B |
SHA-256: | C1B75F5C9B64488B0DBE50A2B867C85E3F9E9304CC2E13DDBAE1C39D4011C9AE |
SHA-512: | 794758EB33B865CBE03B977AB5DF6EC5DB5C0EADFC281483D51AD103E1F8D2C89FDE163A9B395574077041D79EFD629427FEB3544AB07C1A7860D136BF7ECCD5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 404 |
Entropy (8bit): | 5.019892496194437 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJyLHMRSR7a1maLXKqoSRa+rVSSRnA/fQTbIOktwy:V/DTLDfucj3aLXKqj9rV5nA/IT8ORy |
MD5: | 04CA9F3DD2F71BC69A66232592BD29B7 |
SHA1: | 12724CB97FE30A8B84901648B3653B9AC8FB2F73 |
SHA-256: | DBC22FFC06EBCB8F7E00BB962CA175EFFBBDF0DEBE7A2E4D288A8735C5C27DB1 |
SHA-512: | 383C82A91A354A95E9887E9731852788F466C461EA58A016532E4B07A3E19A97C525B4B579B86A4681BF3DBACFA6B65C8F11032B904737C287A6A5498E4EEB4E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.2488548966565 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723flw5iqzxs7+AEszIN723flw5ihLx:p37Lvkmb6K2atwPWZETatwgLx |
MD5: | 24931FFAE4DF7D6305385238DAD359FC |
SHA1: | FAB90F49021F1D60CB1E0606D926E7B677E48A87 |
SHA-256: | 61C2556798DFD3E26294CE2733EDC01C9406378272490722F1EF1D86C4A6EA99 |
SHA-512: | B3022A35DF07D97BB735F9C2B6BAC183FAEEEFF1914DD53ED35E148BBDAA2C09B148642244E86B91DEBC9A7CA4862CA61AD72A144048651D6A33CE1203E91862 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6253773115307077 |
Encrypted: | false |
SSDEEP: | 24:etGShW8OmU0t3lm85nt4tdalqQg6AYmS41lI+tkZfx1BpDVUWI+ycuZhNXakSpPE:6hQXQ3r5eXa19RxJx1t31ulXa3Lq |
MD5: | 8C5A6F27CC97FC8390400D7974C611CF |
SHA1: | 3C9C53FCEBD7599B86A1E07845C514EF16D0D6D1 |
SHA-256: | 1A9E722F89B142169DDC62341CDB475307FD856EE957177C81FE6D2AAA7106FD |
SHA-512: | 8B18D37847067790CBE2A7598A0A0F12F9AB50C513E3BBCBFB69CB4CC7A27BA0D31E860BA32CB4D5DA7B760D587DF211B909EC21F9546EFBFC97C37E5CF8C2EB |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.328469441015724 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2atwMETatwDKaM5DqBVKVrdFAMBJTH:Akka6Ct5E+tAKxDcVKdBJj |
MD5: | 07018FFECE88CF001CB9D4AAC806AD94 |
SHA1: | 262110DE21684CEB1CF38B9AD2F8D0DE8BDD1FCA |
SHA-256: | 35535ED1DD51A2A54393C8E524F90E5D6E9B46AEE5DD8C54E794F619A1367580 |
SHA-512: | DD7AE380CE2468208A753244D70FF68DF4CB363EAE58D786223177AAB66AAB8669166C7498B419D84EAD00887825C790770A7AD975D8EFF31D7BB6F7A5A4692D |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.100104757369302 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryh3DVak7YnqqC3DaPN5Dlq5J:+RI+ycuZhNDBakSgmPNnqX |
MD5: | D954C33EBD78A0402D93912E9C840B10 |
SHA1: | B03DB0FBAA26849B99F4850034E9EBC80C70EA3A |
SHA-256: | 19FA8C1D11BF9A098961D905F621191401AD5993D19DA204584C94CD42943E95 |
SHA-512: | 6728C021468AA6BEA0C79BFB0DFA1D2A7897540E3F3CA255D55CEC5BE94FE236B1A57989E8F67E66D31C8BD704CE783A01D6603F7EC42A5BAAA2A5A31D0515DB |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 408 |
Entropy (8bit): | 5.01293234302818 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJAsNiWVMRSRa+eNMjSSRrjEzxevVSRNveKP8nQe3CGy:V/DTLDfuH0Wl9eg5r4NevU1eKPJeyGy |
MD5: | 35EAB9A45B1CC09A0099A179AD3DCFE5 |
SHA1: | 42939AC7047BC372300FDD21624100E5C9F83B7F |
SHA-256: | EEEECB79A83F234A098D4E685F9649E562EE2C5180DA03CE782DF3F95D7EB5A7 |
SHA-512: | 03DB096CD43E298A526507BE3252F718516E26ECB50400D052B9C26E76EB89F950770696F2034FD9031E3421EE5F7E225D985BFD92CC51338EC19854C85017C1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 375 |
Entropy (8bit): | 5.219912626484364 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2N723fkVmn0zxs7+AEszIN723fkVYBH:p37Lvkmb6K2acG0WZETaca |
MD5: | 34A773F7B8389B7C20FDB6FF12917D5C |
SHA1: | D3A2E967E8DD581C15AB7E9F21B53473D176D39E |
SHA-256: | C704F25B7D106E06E3B26916B131E334000A13A10224DBC5F91F7D2819B82B00 |
SHA-512: | 5693BDE5AD8AB502C9A29FF73CBC65D9E00DA43AA7905DACE7E79B201BF049E1E6D6CAB1856ED8438C0404F6DEFA850004BEE45A1F90A6E09FC5CEF27E97EA0A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.62501849036444 |
Encrypted: | false |
SSDEEP: | 48:6ngXE7S5FwYXok+tW8J7dZX1ulDBa3gaq:0r7S5ekHAe3K |
MD5: | B63AB26774F1392792102FA250376086 |
SHA1: | D5AC0F6E7CA124ABDA2D5DF72E07D029D9F83AAD |
SHA-256: | D3948F33A5E41D61F208E5920DDD49E43448BF6423876208F012BA908F116B6A |
SHA-512: | 19E648C604D16438B972741CAEA22524AD8E1A215CED59DC88ACC296897A9DAB614296C2E322F85BE7B3FD77BE2BCC25E01468E8237ACDF1B90C85B8B2E35345 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 872 |
Entropy (8bit): | 5.312830604004008 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6K2aRVETa6KaM5DqBVKVrdFAMBJTH:Akka6C3E+6KxDcVKdBJj |
MD5: | C16EB51C1D3455F1E5429F10376280E2 |
SHA1: | A8918021B5639615568E17FAB327A661353D7FAE |
SHA-256: | E0EB56671CE6EE4F722CBA06BB8BF577B0C55180E5D6841E56242A29550FF22A |
SHA-512: | CC6CFE8088BECB6CFD92D790E20546582B9973F7782FA67BE6F7757E0602A491CB7D9A4CD697745729A19AEFABEB34FCA1CBD5320930E41C5CB1371E4CF735C3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 838 |
Entropy (8bit): | 3.073236880282747 |
Encrypted: | false |
SSDEEP: | 12:8glVm/3BVSXvk44X3ojsqzKtnWNaVgiNL4t2Y+xIBjK:8p/BHYVKVWiV57aB |
MD5: | CA1C201059C5BFD5900F5EB2466883CC |
SHA1: | BF3670A8C06A4FABC5C410F368E178B353F9166C |
SHA-256: | E5717E89B0D46C5E89F39410FA7A9DE94AA6A3301F8AC920F84F1A7179554085 |
SHA-512: | 2273AF46D41B9698B23AEADD8EFBEF80017CFD465B4347CFB99C2FEAE371F39A511288AA64AAFA2E35DD2AD883D8E43D70A65E62C18977C6C6D85E3153041D4C |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220124\PowerShell_transcript.216554.+JTGvHZ_.20220124111050.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1375 |
Entropy (8bit): | 5.365567609663631 |
Encrypted: | false |
SSDEEP: | 24:BxSACh7vBVLdx2DOXUWApN56LCHzcd4XWbHjeTKKjX4CIym1ZJXa7gpN56LCHzch:BZCZvTLdoOo59z44GbqDYB1Zg7o59z4D |
MD5: | 603D401F7EAC08FC8B327D0EF2561455 |
SHA1: | 149854D9F7CB2305CF57F6688256F250121D6FC5 |
SHA-256: | B92DEAD3AECF556A4049EC4A4728B901E7F873F0DC303F546955A7429372829E |
SHA-512: | 8EA181C98205E902B4BEC5B63D58FB035E8ACB4EA761918DAA9218A10EDD488CAF299B6DCE7316E29031EA92CB180F37A9B2FB23E3D315A128C489F2C5AC934F |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220124\PowerShell_transcript.216554.38uu7uYg.20220124111043.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1379 |
Entropy (8bit): | 5.357208023916629 |
Encrypted: | false |
SSDEEP: | 24:BxSACXi7vBVLdx2DOXUWOOtLCHWft4XWsHjeTKKjX4CIym1ZJXaDOtLCHWft4Z16:BZC6vTLdoOPey4GsqDYB1ZgCey4ZpZZG |
MD5: | 713FE5DF4FF7D1A11AB057EDE7222C0A |
SHA1: | 57FB59FB06F2CBA46581854E79BBD18FBE370B60 |
SHA-256: | 61DCDB2A6CB6B53776A9E0A74F8440EAC5ABF42BA88CFC18A97FCF02DC355830 |
SHA-512: | BE8244E7E9D994AD4F6127808AFE1C5941A86F6C43A3501F30DC2F58BE0135A251E11FC557DA4705E883907BAF71D17950E355862E43CC36AE60A424BC0D41B1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 231 |
Entropy (8bit): | 5.4165391723637075 |
Encrypted: | false |
SSDEEP: | 6:QHMK1sS4VIpgKLMV4VsS+LgyKBM34H6xH83F1tu4r9iyej3:QsQsS4ij4a+S+LgyaI4HYcA4cyej3 |
MD5: | 84FABF1BB283E4633523CA8D54A205F7 |
SHA1: | 5F2826AB0B537DD3FFD5980DFE392C6CAD3588FD |
SHA-256: | BE23CC7E43D20E68AAF00213869083E04A1020BAB5B1EA6F9F14FC6CA7F4CCFD |
SHA-512: | 66FC2FE9DEB4EB9DC66F855D729E7953BB59838BB4F14AF7C1B0BB82999B5E5D09AA0D01ECA2551937E033D9BA771822BAF82C77E9E76CDF5655FA55715DC050 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.042994221038388 |
TrID: |
|
File name: | 61ee6edf7de65.dll |
File size: | 97280 |
MD5: | b6f0fc5638a110abac1a54805f77e786 |
SHA1: | f7eff5f67b1b794759ec0ba9b0d6a3bd5cd59bfe |
SHA256: | 06e26611fe5cf2fb04cfa894f9cb24edc0ab8306cf42c979b2c776372d07d1cf |
SHA512: | b92f671821476bb041bd96a38b1ff300365d12d2fb6bec6266cfbd0f7613a3551807ddc3887ebee13911843322c3274af2a65ca1c38291b45506b433cccd15a8 |
SSDEEP: | 1536:2V4a+Lezr4lBJMMTQH41pf951L6e9IImUTKpobwjB52DXjaWVghVBDmC6eUd:i8or4TJMKz951feKTKobwjkGWqNmfd |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............v...v...v.......v...v...v.......v....?..v.......v..Rich.v..........PE..L......a...........!.........\......0........0..... |
Icon Hash: | 30696968ccaacc4c |
Entrypoint: | 0x10001630 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x10000000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x61EDF5E1 [Mon Jan 24 00:42:09 2022 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 16fee73a0bcca61f5b30bccb8ad3cbcf |
Instruction |
---|
push ebp |
mov ebp, esp |
sub esp, 00000354h |
mov byte ptr [ebp-01h], 0000007Fh |
mov dword ptr [ebp-0Ch], 0000661Fh |
mov dword ptr [ebp-000000B0h], 000028DFh |
mov eax, dword ptr [ebp-0Ch] |
mov dword ptr [ebp-000000ECh], eax |
cmp dword ptr [ebp-000000ECh], 0000661Fh |
je 00007FA384C4F347h |
jmp 00007FA384C506D1h |
mov ecx, 000002EBh |
mov word ptr [ebp-08h], cx |
cmp dword ptr [ebp-0Ch], 00004BFFh |
jnle 00007FA384C4F380h |
movsx edx, word ptr [ebp-08h] |
or edx, 00000301h |
mov word ptr [ebp-08h], dx |
mov eax, dword ptr [ebp-0Ch] |
push eax |
mov ecx, dword ptr [ebp-0Ch] |
push ecx |
mov edx, dword ptr [ebp-0Ch] |
push edx |
mov eax, dword ptr [ebp-0Ch] |
push eax |
call 00007FA384C4F1F8h |
add esp, 10h |
mov ecx, dword ptr [ebp-0Ch] |
shl ecx, 0Dh |
mov dword ptr [ebp-0Ch], ecx |
movsx edx, byte ptr [ebp-01h] |
xor edx, 43h |
mov byte ptr [ebp-01h], dl |
jmp 00007FA384C5065Dh |
lea eax, dword ptr [ebp-08h] |
mov dword ptr [ebp-14h], eax |
movsx ecx, byte ptr [ebp-01h] |
sub ecx, 5Dh |
mov byte ptr [10004000h], cl |
mov dword ptr [ebp-000000ACh], 000037A9h |
mov edx, dword ptr [ebp-0Ch] |
mov dword ptr [ebp-1Ch], edx |
mov eax, dword ptr [ebp-1Ch] |
add eax, 000055AFh |
mov dword ptr [ebp-0Ch], eax |
mov ecx, dword ptr [ebp-1Ch] |
and ecx, 00007739h |
mov dword ptr [ebp-0Ch], ecx |
mov edx, dword ptr [ebp-000000ACh] |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x3354 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x6000 | 0x14350 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x1b000 | 0x264 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x31ec | 0x1c | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x3000 | 0x1ec | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x1a6e | 0x1c00 | False | 0.516322544643 | data | 5.7793588503 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x3000 | 0xe12 | 0x1000 | False | 0.402587890625 | data | 4.808493385 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x4000 | 0x1c8 | 0x200 | False | 0.060546875 | data | 0.203681906087 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.CRT | 0x5000 | 0x14 | 0x200 | False | 0.052734375 | SysEx File - Oberheim | 0.229276782846 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x6000 | 0x14350 | 0x14400 | False | 0.655478395062 | data | 5.94341931663 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x1b000 | 0x264 | 0x400 | False | 0.556640625 | data | 4.50253277193 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_ICON | 0x6180 | 0x4228 | dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_RCDATA | 0xa948 | 0xfa07 | data | English | United States |
RT_GROUP_ICON | 0xa3a8 | 0x14 | data | English | United States |
RT_VERSION | 0xa520 | 0x428 | data | English | United States |
RT_MANIFEST | 0xa3c0 | 0x15a | ASCII text, with CRLF line terminators | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | GetSystemInfo, GetCurrentThreadId, GetCurrentProcessId, InitializeCriticalSection, QueryPerformanceFrequency, HeapCreate, GetVersion, GetProcessHeap, CreateTimerQueue, GetLogicalDrives |
USER32.dll | GetDlgItemTextA, CheckDlgButton, CheckRadioButton, IsDlgButtonChecked, SendDlgItemMessageA, DefDlgProcA, OpenClipboard, CloseClipboard, SetClipboardData, GetClipboardData, EnumClipboardFormats, EmptyClipboard, CharUpperA, CharLowerBuffA, SetFocus, GetActiveWindow, SetTimer, KillTimer, EnableWindow, LoadAcceleratorsA, DestroyAcceleratorTable, TranslateAcceleratorA, GetSystemMetrics, SetDlgItemInt, GetSystemMenu, CreatePopupMenu, DestroyMenu, CheckMenuItem, EnableMenuItem, GetSubMenu, AppendMenuA, RemoveMenu, TrackPopupMenu, InsertMenuItemA, SetMenuItemInfoA, SetActiveWindow, InvalidateRect, RedrawWindow, SetWindowTextA, GetWindowTextA, GetClientRect, GetWindowRect, MessageBoxA, SetCursor, GetCursorPos, ClientToScreen, ChildWindowFromPoint, GetSysColor, GetSysColorBrush, GetWindowLongA, SetWindowLongA, FindWindowA, CheckMenuRadioItem, LoadCursorA, DestroyCursor, LoadIconA, DestroyIcon, IsDialogMessageA, GetDlgItem, EndDialog, DialogBoxParamA, CreateDialogParamA, SetWindowPlacement, GetWindowPlacement, SetWindowPos, MoveWindow, DestroyWindow, IsMenu, IsWindow, GetClassInfoA, UnregisterClassA, RegisterClassA, CallWindowProcA, PostQuitMessage, PostMessageA, SendMessageA, DispatchMessageA, TranslateMessage, GetMessageA, wsprintfA, wvsprintfA, SetDlgItemTextA, GetMenu |
GDI32.dll | GetStockObject, DeleteObject, SelectObject, SetBkMode, SetTextColor, GetObjectA, CreateFontIndirectA |
COMDLG32.dll | GetOpenFileNameA, GetOpenFileNameW, GetSaveFileNameA, GetFileTitleW, ChooseColorW |
ADVAPI32.dll | RegSetValueA, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueA, GetUserNameA, RegCloseKey, RegCreateKeyA, RegDeleteKeyA, RegOpenKeyExA, RegQueryValueExA |
VERSION.dll | GetFileVersionInfoW, VerInstallFileW |
Description | Data |
---|---|
LegalCopyright | Copyright Magnificenc gynaecologis automobil directionall codeword |
InternalName | Lecture |
FileVersion | 7.125.80.2 |
CompanyName | Descendan greyin |
LegalTrademarks | Chapter earthin highwayma acri |
Comments | Maladroi fallibilit |
ProductName | Garbag cribbag |
ProductVersion | 7.125.80.2 |
FileDescription | Formul flintlock adjudicate emi invigilator menarch |
OriginalFilename | Anhydrou |
Translation | 0x081a 0x081a |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
01/24/22-11:10:28.654587 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
01/24/22-11:10:31.338927 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
01/24/22-11:10:33.943277 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
01/24/22-11:10:34.818253 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
01/24/22-11:10:34.818253 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
01/24/22-11:10:40.364011 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
01/24/22-11:10:40.364011 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
01/24/22-11:10:42.969883 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
01/24/22-11:10:42.969883 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2022 11:10:28.501708984 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:28.653794050 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:28.653944969 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:28.654587030 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.021668911 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.617388964 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.617482901 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.617667913 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.793988943 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.794249058 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.794270992 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.794287920 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.794648886 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.989986897 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990014076 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990029097 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990221977 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.990263939 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990375042 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.990405083 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990451097 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990523100 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:29.990571976 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.990771055 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:29.991640091 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.225807905 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.225888968 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.225934029 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.225975037 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226013899 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226221085 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.226231098 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226316929 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226349115 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.226433992 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226519108 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.226632118 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226676941 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226718903 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226741076 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.226835966 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.226902962 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.227022886 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.227065086 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.227128029 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.227277040 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.282614946 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.440176964 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440228939 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440268993 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440305948 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440435886 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.440474033 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440514088 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440548897 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440583944 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.440630913 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.440886974 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440931082 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.440970898 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441006899 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441045046 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.441107988 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441167116 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.441431046 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441468954 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441567898 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.441710949 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441751003 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441788912 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441896915 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.441955090 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.441994905 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442122936 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.442167044 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442209005 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442234993 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.442590952 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442641020 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442658901 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442663908 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.442718029 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.442838907 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442877054 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.442975998 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.443073034 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.481662035 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.481699944 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.481914043 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.623564005 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.623603106 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.623629093 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.623719931 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.623766899 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.623858929 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.623995066 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624021053 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624109030 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.624300003 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624697924 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624722958 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624743938 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.624783039 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.624820948 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.625017881 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.625400066 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.625446081 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.625488997 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.625488997 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.625536919 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.626454115 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626508951 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626586914 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.626631975 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626827002 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626869917 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626900911 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.626900911 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.626955032 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.627043962 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627312899 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627362013 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627384901 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.627461910 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627530098 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.627744913 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627774954 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627799034 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627831936 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.627902985 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.627955914 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.628051996 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628307104 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628335953 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628362894 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.628479958 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628531933 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.628670931 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628700018 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.628746033 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.629041910 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629163980 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629201889 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629230022 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.629378080 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629467010 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.629508972 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629704952 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629736900 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.629877090 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.630028009 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.630251884 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.630316019 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.632010937 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.664469957 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.664503098 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.664608955 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.664625883 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.664678097 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.664824009 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.808624029 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.808692932 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.808733940 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.808803082 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.809060097 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.809150934 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.809470892 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.809729099 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.809812069 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.810287952 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.810528040 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.810564041 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.810652018 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.810682058 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.810758114 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.811085939 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.811259031 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.811330080 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.811503887 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.811528921 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.811593056 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.812787056 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.812809944 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.812900066 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.814244986 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814376116 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814402103 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814467907 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.814630985 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814713001 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.814872980 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814896107 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814918041 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.814974070 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.815157890 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815221071 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.815248966 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815272093 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815327883 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.815439939 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815692902 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815713882 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815736055 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815768003 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.815938950 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815963030 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.815979958 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.816006899 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.816116095 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816260099 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816309929 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.816489935 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816510916 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816531897 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816569090 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.816714048 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.816766024 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.818451881 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818550110 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818567991 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818629980 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.818799019 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818825006 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818860054 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.818974972 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.818998098 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.819058895 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.857254028 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.857465029 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.857481003 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.857517958 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:30.857614994 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:30.859052896 CET | 49760 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:31.059248924 CET | 80 | 49760 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:31.125230074 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:31.337980032 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:31.338177919 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:31.338927031 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:31.612552881 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.407470942 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.407571077 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.407594919 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.407613993 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.408921003 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.623816013 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623848915 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623871088 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623893976 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623917103 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623938084 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.623939991 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.623955965 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.624037027 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.636045933 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.636198044 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.837368965 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837430000 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837486029 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837533951 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837574005 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.837716103 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.837724924 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837775946 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837821007 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.837877035 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.838080883 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.838128090 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.838165998 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.838170052 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.838213921 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.838253021 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.838259935 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.838344097 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:32.845320940 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.845628023 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:32.845777988 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.051265001 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051316977 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051342010 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051366091 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051388025 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051465034 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.051562071 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.051623106 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051649094 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051704884 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.051763058 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051812887 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051837921 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.051856995 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052076101 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052088976 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052119017 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052145004 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052169085 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052208900 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052258968 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052284002 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052293062 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052303076 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052373886 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052613974 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052638054 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052661896 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052699089 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052772045 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.052793980 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052818060 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052838087 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.052932024 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.053117990 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.053188086 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.054692984 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.054718971 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.054740906 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.054764986 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.054819107 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.054903984 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265311003 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265352011 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265443087 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265445948 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265463114 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265482903 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265528917 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265687943 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265706062 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265736103 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265738010 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265752077 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265769958 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265786886 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265820980 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.265923977 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265973091 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.265990973 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266026020 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.266241074 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266273975 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266299963 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.266438961 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266458035 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266475916 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266489029 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.266587019 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.266618013 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266634941 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266693115 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.266752005 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266768932 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266802073 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.266818047 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.267010927 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.267034054 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.267056942 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.267067909 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.267105103 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.267126083 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.267960072 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.267987013 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268007994 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268033028 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268070936 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268075943 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268091917 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268102884 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268126965 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268167973 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268176079 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268182993 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268198967 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268215895 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268285990 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268313885 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268368959 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268388987 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268414974 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268467903 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268605947 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268657923 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268683910 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268719912 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.268855095 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.268920898 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.269084930 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.269110918 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.269126892 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.269180059 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.269196033 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.269253016 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479356050 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479396105 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479420900 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479448080 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479475021 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479532957 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479574919 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479660034 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479691029 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479717970 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479746103 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479751110 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479773045 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479810953 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479837894 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479862928 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.479909897 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479938030 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.479979992 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480195045 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480227947 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480257034 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480283976 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480287075 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480313063 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480334044 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480340958 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480384111 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480622053 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480652094 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480679989 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480710983 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480745077 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480775118 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480803967 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480829954 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480858088 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480886936 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.480887890 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.480931997 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481144905 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481174946 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481230974 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481282949 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481312037 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481359005 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481363058 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481391907 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481434107 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481482029 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481513977 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481556892 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481622934 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481648922 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481676102 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481693029 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481754065 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481770992 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481796980 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481825113 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481868982 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481873989 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.481935024 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.481937885 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.482022047 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.482052088 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.482079029 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.482101917 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.482148886 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.482152939 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.482176065 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.482243061 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.630475044 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:33.693638086 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693670034 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693698883 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693758965 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.693794012 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693820000 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693841934 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.693856955 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.693914890 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.694060087 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694084883 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694108009 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694142103 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.694344997 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694407940 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.694567919 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694591045 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694647074 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.694968939 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.694993019 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695015907 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695039988 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695055962 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695064068 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695087910 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695105076 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695142031 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695229053 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695255995 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695277929 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695313931 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695477962 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695502043 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695535898 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695537090 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695597887 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695632935 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695657969 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695697069 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695714951 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.695719957 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695760012 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.695779085 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696039915 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696064949 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696089029 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696105003 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696151018 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696263075 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696289062 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696310997 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696351051 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696455002 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696501970 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696520090 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696533918 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696595907 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696613073 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696727991 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696751118 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696773052 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.696789026 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.696837902 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.697112083 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697134972 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697156906 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697181940 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697202921 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.697205067 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697223902 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697242022 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.697243929 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.697288036 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.697316885 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.697380066 CET | 49761 | 80 | 192.168.2.6 | 138.36.3.134 |
Jan 24, 2022 11:10:33.908590078 CET | 80 | 49761 | 138.36.3.134 | 192.168.2.6 |
Jan 24, 2022 11:10:33.931099892 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:33.931273937 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:33.943276882 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:34.359397888 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:34.444097042 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:34.676918030 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:34.677923918 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:34.818253040 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:35.138386965 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.138427019 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.138771057 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:35.335761070 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:35.439353943 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.439441919 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.439483881 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.439524889 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.439554930 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:35.439584970 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:35.740029097 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740051031 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740212917 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:35.740343094 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740360975 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740375996 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740391970 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740405083 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740422010 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:35.740514994 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:35.740526915 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041043043 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041102886 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041143894 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041181087 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041218996 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041259050 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041297913 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041311979 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041328907 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041333914 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041369915 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041429043 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041440964 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041490078 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041547060 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041564941 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041606903 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041646004 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041668892 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.041702986 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041764021 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.041779041 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.048060894 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:36.048105955 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:36.048137903 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:36.048264980 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:36.048312902 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:36.082916021 CET | 49763 | 80 | 192.168.2.6 | 61.98.7.132 |
Jan 24, 2022 11:10:36.095789909 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342402935 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342453003 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342493057 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342533112 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342571974 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342598915 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342612982 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342632055 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342653036 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342694044 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342700958 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342734098 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342756033 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342776060 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342824936 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342832088 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.342884064 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342941999 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.342983007 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343019962 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343046904 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343059063 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343059063 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343105078 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343147993 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343159914 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343204021 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343241930 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343269110 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343293905 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343302965 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343338013 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343375921 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343414068 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343452930 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343463898 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343476057 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343504906 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343523026 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343561888 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.343616009 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.343723059 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.396876097 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.396930933 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.397058964 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.400468111 CET | 80 | 49763 | 61.98.7.132 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644253016 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644311905 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644357920 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644395113 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644433975 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644474030 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644491911 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644512892 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644546032 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644556999 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644575119 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644588947 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644630909 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644673109 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644685030 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644689083 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644711971 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644752026 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644793034 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644820929 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644833088 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644869089 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644874096 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644923925 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.644928932 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.644970894 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645009995 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645037889 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645051003 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645092010 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645123959 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645165920 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645191908 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645198107 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645241976 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645283937 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645323992 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645364046 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645376921 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645382881 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645397902 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645430088 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645467997 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645507097 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645526886 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645530939 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645545959 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645584106 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645615101 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645653963 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645664930 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645668983 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645693064 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645731926 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645768881 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645768881 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645812035 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645875931 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645924091 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645930052 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.645934105 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.645975113 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646014929 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646066904 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646105051 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646116972 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.646122932 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.646146059 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646183014 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.646219015 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.697671890 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.697735071 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.697869062 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.767476082 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947616100 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947717905 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947741985 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947757959 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947773933 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947792053 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947799921 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947809935 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947827101 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947844982 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947860956 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947864056 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947876930 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947892904 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947902918 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947909117 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947926998 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947933912 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947943926 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947959900 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947976112 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.947983980 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.947994947 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948009968 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948010921 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948026896 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948043108 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948050022 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948060036 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948080063 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948096991 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948112965 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948113918 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948131084 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948147058 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948163033 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948163986 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948179960 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948195934 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948199034 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948219061 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948235989 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948252916 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948257923 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948265076 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948273897 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948291063 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948306084 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948307037 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948322058 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948335886 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948339939 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948359013 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948370934 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948374987 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948391914 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948402882 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948406935 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948422909 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948431969 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948440075 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948457003 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.948478937 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.948507071 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:36.999281883 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.999332905 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:36.999371052 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:37.173676968 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:39.761287928 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:39.761316061 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:39.761380911 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:39.761678934 CET | 49762 | 80 | 192.168.2.6 | 211.40.39.251 |
Jan 24, 2022 11:10:40.062263966 CET | 80 | 49762 | 211.40.39.251 | 192.168.2.6 |
Jan 24, 2022 11:10:40.185411930 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:40.362911940 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:40.363249063 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:40.364011049 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:40.756695032 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.148180008 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.148247004 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.150137901 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.340403080 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.340434074 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.340513945 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.340668917 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.340698957 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.340755939 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.540930033 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.540988922 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.541012049 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.541090012 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.541309118 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.541389942 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.541902065 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.542088985 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.542114973 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.542138100 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.542191982 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.542248011 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.737471104 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.737513065 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.737626076 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.737633944 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.737660885 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.737750053 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.737888098 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.738014936 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.738042116 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.738075972 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.740643024 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.740741014 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.740784883 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.740811110 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.740895987 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.740916014 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.741249084 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.741321087 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.741329908 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.741357088 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.741380930 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.741420984 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.783411026 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.907357931 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907396078 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907422066 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907442093 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907465935 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907485008 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.907494068 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907526970 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907553911 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907567978 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.907579899 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907602072 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.907603979 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907669067 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.907686949 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907713890 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.907761097 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.909991026 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910020113 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910043955 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910065889 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910094023 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910115957 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910115004 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910137892 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910147905 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910162926 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910172939 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910187960 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910212994 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910217047 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910267115 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910456896 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910480022 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910532951 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.910542011 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910784960 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.910837889 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.911490917 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.911525011 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.911690950 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:41.946309090 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.946366072 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:41.946640015 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.072170019 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072227001 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072268009 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072288990 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.072314978 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072374105 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.072541952 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072601080 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.072659969 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.072938919 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073174000 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073230982 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073232889 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.073273897 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073322058 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.073482990 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073527098 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073579073 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.073637962 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073775053 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073837996 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.073846102 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073931932 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073970079 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.073986053 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.074311018 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074368000 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.074434996 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074482918 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074522018 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074526072 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.074563026 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074608088 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.074644089 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074678898 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.074726105 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.074867010 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075303078 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075396061 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.075422049 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075475931 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075516939 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075531960 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.075685978 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075736046 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.075790882 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075833082 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.075947046 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.075963974 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076219082 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076282978 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.076344013 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076385021 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076430082 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.076486111 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076646090 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076699972 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.076744080 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076848030 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.076898098 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.077008009 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077049971 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077090025 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077095985 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.077342987 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077382088 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077397108 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.077569008 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.077619076 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.077675104 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.127175093 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.127186060 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.127233028 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.127285004 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.276878119 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.276957035 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277008057 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277024031 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.277106047 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277199030 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.277492046 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277592897 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277646065 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277659893 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.277920961 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.277977943 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278018951 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.278031111 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278104067 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.278175116 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278264999 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278331995 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.278659105 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278795004 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278855085 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278858900 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.278944969 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.278995037 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279006958 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.279198885 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279263020 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279294014 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.279323101 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279381990 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.279470921 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279525042 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279587984 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.279854059 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.279982090 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280040026 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280061960 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.280100107 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280169010 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280177116 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.280282021 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280369997 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.280484915 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280541897 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280615091 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.280653000 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280742884 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280797005 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280811071 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.280884027 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.280939102 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.281244040 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281308889 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281368017 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.281372070 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281433105 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281531096 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.281531096 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281699896 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281754971 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281769037 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.281814098 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.281876087 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.282058954 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.282115936 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.282179117 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.282181025 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.282334089 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.282402992 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.326090097 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.326159000 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.326227903 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.326284885 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.377223015 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.462966919 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463022947 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463066101 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463128090 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.463130951 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463191986 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.463746071 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463813066 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463851929 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.463881016 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.463942051 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464020014 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464021921 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.464167118 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464225054 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.464441061 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464479923 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464540005 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.464596987 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464761972 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464804888 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464839935 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.464840889 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.464894056 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.465241909 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465423107 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465487003 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.465586901 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465627909 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465681076 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.465748072 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465792894 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465831041 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.465842962 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.465990067 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466064930 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.466185093 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466223955 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466285944 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.466310978 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466600895 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466656923 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466675997 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.466696024 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.466758966 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.466825962 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467009068 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467051029 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467081070 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.467175961 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467235088 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.467298985 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467443943 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467521906 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.467735052 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467777014 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467817068 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467829943 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.467847109 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467904091 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.467916012 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.467983007 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.468158007 CET | 49764 | 80 | 192.168.2.6 | 91.203.174.38 |
Jan 24, 2022 11:10:42.626596928 CET | 80 | 49764 | 91.203.174.38 | 192.168.2.6 |
Jan 24, 2022 11:10:42.693377972 CET | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Jan 24, 2022 11:10:42.968909979 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Jan 24, 2022 11:10:42.969054937 CET | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Jan 24, 2022 11:10:42.969882965 CET | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Jan 24, 2022 11:10:43.436990023 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Jan 24, 2022 11:10:44.144296885 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Jan 24, 2022 11:10:44.144351006 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Jan 24, 2022 11:10:44.144385099 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Jan 24, 2022 11:10:44.144496918 CET | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Jan 24, 2022 11:10:44.145169973 CET | 49765 | 80 | 192.168.2.6 | 121.136.102.4 |
Jan 24, 2022 11:10:44.420598984 CET | 80 | 49765 | 121.136.102.4 | 192.168.2.6 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 24, 2022 11:10:28.414808035 CET | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:28.483218908 CET | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
Jan 24, 2022 11:10:31.052858114 CET | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:31.122343063 CET | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
Jan 24, 2022 11:10:33.445388079 CET | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:33.609316111 CET | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
Jan 24, 2022 11:10:34.169456959 CET | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:34.354336977 CET | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
Jan 24, 2022 11:10:40.163948059 CET | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:40.183387041 CET | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
Jan 24, 2022 11:10:42.621546030 CET | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
Jan 24, 2022 11:10:42.691263914 CET | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 24, 2022 11:10:28.414808035 CET | 192.168.2.6 | 8.8.8.8 | 0xe190 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 24, 2022 11:10:31.052858114 CET | 192.168.2.6 | 8.8.8.8 | 0x930a | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 24, 2022 11:10:33.445388079 CET | 192.168.2.6 | 8.8.8.8 | 0x78b9 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 24, 2022 11:10:34.169456959 CET | 192.168.2.6 | 8.8.8.8 | 0x8b6 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 24, 2022 11:10:40.163948059 CET | 192.168.2.6 | 8.8.8.8 | 0xea12 | Standard query (0) | A (IP address) | IN (0x0001) | |
Jan 24, 2022 11:10:42.621546030 CET | 192.168.2.6 | 8.8.8.8 | 0x8a50 | Standard query (0) | A (IP address) | IN (0x0001) |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:28.483218908 CET | 8.8.8.8 | 192.168.2.6 | 0xe190 | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:31.122343063 CET | 8.8.8.8 | 192.168.2.6 | 0x930a | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:33.609316111 CET | 8.8.8.8 | 192.168.2.6 | 0x78b9 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:34.354336977 CET | 8.8.8.8 | 192.168.2.6 | 0x8b6 | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:40.183387041 CET | 8.8.8.8 | 192.168.2.6 | 0xea12 | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 121.136.102.4 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 222.236.49.123 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 151.251.30.69 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 37.34.176.37 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 138.36.3.134 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 91.203.174.38 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 211.169.6.249 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 61.98.7.132 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 186.182.55.44 | A (IP address) | IN (0x0001) | ||
Jan 24, 2022 11:10:42.691263914 CET | 8.8.8.8 | 192.168.2.6 | 0x8a50 | No error (0) | 211.40.39.251 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49760 | 91.203.174.38 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 24, 2022 11:10:28.654587030 CET | 1047 | OUT | |
Jan 24, 2022 11:10:29.617388964 CET | 1048 | IN |