Edit tour
Windows
Analysis Report
3r0Cgcbr8c
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Sigma detected: Suspicious Remote Thread Created
Machine Learning detection for sample
Allocates memory in foreign processes
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Internet Provider seen in connection with other malware
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Sigma detected: Suspicious Csc.exe Source File Folder
Compiles C# or VB.Net code
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 6460 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\3r0 Cgcbr8c.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6468 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\3r0 Cgcbr8c.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6488 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\3r0C gcbr8c.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 1928 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F)
- mshta.exe (PID: 6256 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Soxq='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Soxq).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6608 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name gjvy fiw -value gp; new-a lias -name huwuvwioi -value ie x; huwuvwi oi ([Syste m.Text.Enc oding]::AS CII.GetStr ing((gjvyf iw "HKCU:S oftware\Ap pDataLow\S oftware\Mi crosoft\54 E80703-A33 7-A6B8-CDC 8-873A517C AB0E").Url sReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 2360 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 4724 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\0hvnxdz w.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6140 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESE3E.tmp " "c:\User s\user\App Data\Local \Temp\CSC1 476D443668 54E63BD1CA 8712B7CCE9 2.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 5776 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\iig1jap h.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6840 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES2B5B.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 8E8486282E A843C08CB8 749684F1E6 9.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 2336 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\3r0Cgcbr 8c.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5508 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - RuntimeBroker.exe (PID: 4168 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5)
- cleanup
{"RSA Public Key": "qFDlImn6y2g7LUs2ldWLbbcpZqbPo2Ns9Np7r7i4Mwoe6wqx9QvLXkHYOfGu/YpOzT+6eh745fokdz9wyPHoNa0hndDzfECX/D+aXUCRPw6ED0CTYgN/1Zl2Te2oBe4/Ijr+Meag6OuapWMwsi2Im1yyZiGritm6eF1eCmhqnx0G6cCvnTgwv4DFP3ZsQR9OOMr66XDyATvQzAULb2ROtgO0uJifetSoyg/BBa57FBG8f3qZo6B3/c3mJUIeWb579f2z2QYoV2Bwj9Cm8iZUGOOegn/prFEUQn5QgaRZFSk6mbkcQ+Rsq/Xy3wcd+G9JFKU3/QgqOA/jtjsS+fFPp2Pl8LsM8NaoiRTJvWvlul8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "hopexmder.net", "94.140.114.144", "94.140.112.49", "94.140.112.121"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, calc no*ad *terminal* *debug*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 18 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Timestamp: | 04/28/22-10:35:34.699978 04/28/22-10:35:34.699978 |
SID: | 2033203 |
Source Port: | 49750 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-10:35:54.821196 04/28/22-10:35:54.821196 |
SID: | 2033203 |
Source Port: | 49755 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-10:35:55.836318 04/28/22-10:35:55.836318 |
SID: | 2033204 |
Source Port: | 49755 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Networking |
---|
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Network Connect: | Jump to behavior |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Process information queried: | Jump to behavior |
Source: | Thread delayed: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process queried: | Jump to behavior |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | 1 Windows Management Instrumentation | Path Interception | 812 Process Injection | 1 Masquerading | 1 Input Capture | 11 Security Software Discovery | Remote Services | 1 Email Collection | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 1 Command and Scripting Interpreter | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 31 Virtualization/Sandbox Evasion | LSASS Memory | 2 Process Discovery | Remote Desktop Protocol | 1 Input Capture | Exfiltration Over Bluetooth | 1 Non-Application Layer Protocol | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | 812 Process Injection | Security Account Manager | 31 Virtualization/Sandbox Evasion | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 11 Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Rundll32 | NTDS | 1 Application Window Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 File Deletion | LSA Secrets | 1 Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | 1 File and Directory Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | Compile After Delivery | DCSync | 13 System Information Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
31% | ReversingLabs | Win32.Infostealer.Dridex | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.140.115.8 | unknown | Latvia | 43513 | NANO-ASLV | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 617154 |
Start date and time: 28/04/202210:34:16 | 2022-04-28 10:34:16 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 40s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 3r0Cgcbr8c (renamed file extension from none to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 32 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@21/17@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.107.42.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, settings-win.data.microsoft.com, store-images.s-microsoft.com-c.edgekey.net, arc.msn.com, e12564.dspb.akamaiedge.net, login.live.com, store-images.s-microsoft.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6256 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
10:35:30 | API Interceptor | |
10:36:08 | API Interceptor |
⊘No context
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NANO-ASLV | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 64 |
Entropy (8bit): | 0.9260988789684415 |
Encrypted: | false |
SSDEEP: | 3:Nlllulb/lj:NllUb/l |
MD5: | 13AF6BE1CB30E2FB779EA728EE0A6D67 |
SHA1: | F33581AC2C60B1F02C978D14DC220DCE57CC9562 |
SHA-256: | 168561FB18F8EBA8043FA9FC4B8A95B628F2CF5584E5A3B96C9EBAF6DD740E3F |
SHA-512: | 1159E1087BC7F7CBB233540B61F1BDECB161FF6C65AD1EFC9911E87B8E4B2E5F8C2AF56D67B33BC1F6836106D3FEA8C750CC24B9F451ACF85661E0715B829413 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.282936552806951 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23f/3zxs7+AEszIWXp+N23f/RAn:p37Lvkmb6KHX3WZE8Xyn |
MD5: | 9947AC7485445B4829E578281C5B77B7 |
SHA1: | A17954ACA53ACF072F8043307F6384B034E5AC21 |
SHA-256: | EFDB6F4867ACD44BE15B14863AC2837223E13D0D12C34C48D6F71FDB7EA2B32D |
SHA-512: | A3B5685B751C1CA32D61B8DE597E48E804CD29ABE30B1339E4795232FC2C4193E151AA6B43BB3D5E3DFE875B4C6D3608C6536C0E34EC93047E03051154EE6272 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.618420487850574 |
Encrypted: | false |
SSDEEP: | 24:etGSo8OmU0t3lm85xWAseO4zkQ64pfUPtkZf04jVUWI+ycuZhN6GakSNXPNnq:6iXQ3r5xNO3QfUuJ04x31ulDa3fq |
MD5: | C2E73EB34E95456E5277E7FC3955C190 |
SHA1: | F4B507A73E3E7117AD9C785883AE6FC71B10411B |
SHA-256: | 294D925E4F212BAD44A3AA93A9AF61106CB852B7CC71FB4F436BD0B8C135244C |
SHA-512: | 5341331781D246222396291D73C96DD1463625AE83AE1C0B4E44A23F13359FF8CD388EA4EB18A88BECC28257795A131A82F59A676CC93EBD454A7C234C4EE01F |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.334966927585591 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KHUE8iuKaM5DqBVKVrdFAMBJTH:Akka6AUE8bKxDcVKdBJj |
MD5: | 9E41D48E95FDAB89B596FD48DBBFB577 |
SHA1: | F92F8FAB942D249DC0DA6F8EB90FF85B0435AD5D |
SHA-256: | BA7A90A6E3E5B4C31B8451F114ADB6E74040042D3775788AF0BFA19884B84BE3 |
SHA-512: | 4AEDA5916A2340F8CCDEEB8799F6B726207CB0D7B006B82A9573C8A62CDE14B36DBD489941B4BB8C014CBF8CB2065A14C6E4BC201DABC33D6BF4AED7B18CDA62 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.111804369817748 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grycGak7YnqqNXPN5Dlq5J:+RI+ycuZhN6GakSNXPNnqX |
MD5: | A9AAC13F45AEC38517F515F1420BB844 |
SHA1: | 61DAF1D4987FEEDED455FA207D6031AFAABE2259 |
SHA-256: | 242B4C09B27F6A2971A7EF716B6753A3A268DD9399A273377C8765C4F190FFE4 |
SHA-512: | 055A51E0D52DB263BECFBA1A82BED3EA5A6152946363D01992FC97E7110758A038185081A3703C086E0F237162BF16488D78903D7D6ACF547D53A31298C26218 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.0936832187569197 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyOak7YnqqpPPN5Dlq5J:+RI+ycuZhNYOakSpPPNnqX |
MD5: | 626554E33CAFF838CB3456F63356AD17 |
SHA1: | 03339CE3C58E71E38886253CDA0462EA0FB77D3C |
SHA-256: | 43FC7B06F45D0C714B523BAD14CF9AF2D32753B5927A222087AAC8EBD8314938 |
SHA-512: | 60EEEA2DF43D34122CAA93E66EB6569A47F03ED2460FB75B13AF5B298C07DC6BFDC42CD2F1576FA41990AC1F48DEF51380EB2FC861CDCBDF34D11B19840BCE61 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.967734488198009 |
Encrypted: | false |
SSDEEP: | 24:HhnW9Q3L1YzxhH3KhKdNWI+ycuZhNYOakSpPPNnq9hgd:F53WPQKd41ulva3Tq9y |
MD5: | 47EA204FA896EFF74F35A764FCDA2239 |
SHA1: | 809344296B44CA4B2904DA997177BFC77C3838E3 |
SHA-256: | 5F59516BE8D13F4D4B895008F1126C8AC4636470ED24923996B196967F58B1E5 |
SHA-512: | B0B9D8A6C2E8829A88B9518B34790C8674C11631894CC670ED5B26DF54326DBFB72852F8D924C0621680D930E389BAA83317588B7363763BBBF19108EB41B382 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9909392086985362 |
Encrypted: | false |
SSDEEP: | 24:H5nW9rIXn0tHkhKdNwI+ycuZhN6GakSNXPNnq9hgd:tWIX0tWKdm1ulDa3fq9y |
MD5: | 5A952B21BE2225287BF36013F025A323 |
SHA1: | A032F64DA66EF882018032C0567B1DED6068965E |
SHA-256: | 8BB030DAECC8D7C0CC193D9802079C12B58B74E603D31CD8F1E0BB09AF321F45 |
SHA-512: | 86B2D35A21618B6E7FCD38BA08B9F4B8AC4B7B40929A1C863288E370C9979ABA40545433C77AAC158531E65476E919B15247B9F7DFAAFEBE16428A2478A87C35 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.2624571012830605 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fpCv+zxs7+AEszIWXp+N23fpCr:p37Lvkmb6KHh6+WZE8hw |
MD5: | 90582BBD6FECF2EEB1D68C1D3AEAA988 |
SHA1: | B9E28246329AA5361CCA0CB830F19A8793ED5B13 |
SHA-256: | C4B4F9B01A6A6CE18984707479476F446E1B716385D277E6DD3124AD51FF2A19 |
SHA-512: | 56283D9ED90EE7A70C1DF64BB7126655585DF158A5A3659E34F60177A3CD3D99446D2A952B91017C5A59602965F7DFFE6EB26F8A881EC6010E6B15A5B406D237 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.599121810883609 |
Encrypted: | false |
SSDEEP: | 24:etGSQ/u2Bg85z7xlfwZD6ngdWqtkZfJ3WI+ycuZhNYOakSpPPNnq:6hYb5hFCD6KWdJJm1ulva3Tq |
MD5: | 3A65EBCBAD9310214FA09ED76C2EEE82 |
SHA1: | B13EEF3AC3B406D8EC7864CEB3C4A0D6FFE8C00C |
SHA-256: | 64098B7FF694CF305939FC8E50834C9987A68BBAE436C54724C43EB3C193FB97 |
SHA-512: | 38C189CF9A09561B5C067C3ED7E8A59E2E96ABDA6A877E31A198DEC2A8F0049CB5702C4BFAB1E41B4E60D41A7B496369FCD4F80719CCC5579DF902A66A862354 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.327356502060016 |
Encrypted: | false |
SSDEEP: | 12:xKIR37Lvkmb6KHh6+WZE8hlKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KHgE8vKaM5DqBVKVrdFAMBJTH |
MD5: | 1FE7D32CD430F3D281508774EF866974 |
SHA1: | BF68155F1B6C4F17703C93965691041644A184DD |
SHA-256: | 2F810628887297BCAC4B584EC05C0AFBF0DA54EC71F72F7799EFD0CAF2AA42B9 |
SHA-512: | 19EE43F6C0E96CBF2F418E82D8A34C3D4DF6B3D33673F4259BB3F34CF40AA4EECEAEFD1704BF98AA8588011B88952506B30AC30164620BF1E4EC33E1FD76BC8D |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220428\PowerShell_transcript.468325.WGQFiXaw.20220428103607.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1359 |
Entropy (8bit): | 5.402787818446981 |
Encrypted: | false |
SSDEEP: | 24:BxSA6xvBn0x2DOXUWTxBLCHt24qWhaHjeTKKjX4CIym1ZJX6xBLCHt24xGnxSAZY:BZmvh0oO9St24tQqDYB1Z4St24WZZY |
MD5: | 7EA2700411697C593C63588C5832DB6C |
SHA1: | C9604B80D4B03D398E92CD09E473A2D220911EB7 |
SHA-256: | 3A74B17DC938C75BAE95B1F0DF0EED087F9D42E4C46BBC744207473E2FB035D2 |
SHA-512: | 701B89B615D7CF1CD0B9BED9566818C371550DCF96404B618DF42FBE0017CFA147C20223BA493144536BD96AA984C8E5B5C62ABEBD12D8ADDA4FAD9C79C72FDF |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.098003438778268 |
TrID: |
|
File name: | 3r0Cgcbr8c.dll |
File size: | 618496 |
MD5: | 9c2ba02350538f6a4392c85f44550949 |
SHA1: | bf9d4375e2ad199794db8fb4887b148dc628b4f9 |
SHA256: | 4216810c4c1d5c0ef229668e1b7180a02610369674a2b9af93fbc9854eaccfa7 |
SHA512: | 5b85ec7a24135e6acea56b77c4d41ad3fad94fe3658994b0322681ac7a2027354fae349aa26297b624175f8b40a1624f3fa4a5eadf1ed6bbf9b6c2d1edf4d355 |
SSDEEP: | 6144:ikJ+L6r9rRPtmE1cbedjdgVZljLg1RKmXL0Am6AZjJrabuFGGGGGGGGHGGGGGGGK:xZxrRPtxMExmZ1gn0TjJMk |
TLSH: | FAD4F144843039A6CC06F33A4291C1675A14762D933BB0DF35E43F5FBA5A5EADAB0B78 |
File Content Preview: | MZ......................@...................................,...........!..L.!This program cannot be run in DOS mode....$........I.R.(n..(n..(n......(n..z...(n..P...(n.fLj..(n..vl..(n..z...(n..P...(n.._...(n..z...(n..z...(n......(n.fLk..(n..z...(n..z...(n |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 928e2ff757fbe1899e9ee7be5124aa26 |
Instruction |
---|
jmp 00007F69DCAEF6FDh |
jmp 00007F69DCB1FE98h |
jmp 00007F69DCAEF443h |
jmp 00007F69DCAEF0BEh |
jmp 00007F69DCAEF4C9h |
jmp 00007F69DCAEEF14h |
jmp 00007F69DCB252AFh |
jmp 00007F69DCAEF01Ah |
jmp 00007F69DCB187B5h |
jmp 00007F69DCB28510h |
jmp 00007F69DCB2415Bh |
jmp 00007F69DCB29626h |
jmp 00007F69DCAEEFA1h |
jmp 00007F69DCB1995Ch |
jmp 00007F69DCB2BB87h |
jmp 00007F69DCB23092h |
jmp 00007F69DCB1A98Dh |
jmp 00007F69DCB2DD68h |
jmp 00007F69DCAEF193h |
jmp 00007F69DCB2A8AEh |
jmp 00007F69DCB20F89h |
jmp 00007F69DCB1B9A4h |
jmp 00007F69DCB2A6EFh |
jmp 00007F69DCAEF42Ah |
jmp 00007F69DCB262D5h |
jmp 00007F69DCB1DD90h |
jmp 00007F69DCB2DC4Bh |
jmp 00007F69DCB1CCE6h |
jmp 00007F69DCAEF421h |
jmp 00007F69DCAEEF7Ch |
jmp 00007F69DCB27407h |
jmp 00007F69DCB2CBA2h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8a000 | 0xa0 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8b000 | 0xc100 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x98000 | 0xfe0 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x40000 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8a2b0 | 0x210 | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3ef30 | 0x3f000 | False | 0.375992063492 | data | 4.45674705156 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x40000 | 0x3fa8a | 0x40000 | False | 0.815296173096 | data | 7.22837563201 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x80000 | 0x93b7 | 0x7000 | False | 0.321881975446 | data | 5.41614354134 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x8a000 | 0x9ab | 0x1000 | False | 0.207763671875 | data | 2.53154389782 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8b000 | 0xc100 | 0xd000 | False | 0.465106670673 | data | 5.38059585556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x98000 | 0x17a0 | 0x2000 | False | 0.236572265625 | data | 3.87012606078 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x8b510 | 0x666 | data | English | United States |
RT_ICON | 0x8bb78 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x903d8 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x92980 | 0xea8 | data | English | United States |
RT_ICON | 0x93828 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x940d0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x94638 | 0xb4 | data | English | United States |
RT_DIALOG | 0x946f0 | 0x120 | data | English | United States |
RT_DIALOG | 0x94810 | 0x158 | data | English | United States |
RT_DIALOG | 0x94968 | 0x202 | data | English | United States |
RT_DIALOG | 0x94b70 | 0xf8 | data | English | United States |
RT_DIALOG | 0x94c68 | 0xa0 | data | English | United States |
RT_DIALOG | 0x94d08 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x94df8 | 0x4c | data | English | United States |
RT_VERSION | 0x94e48 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
USER32.dll | GetClassNameA, GetPropW, LoadMenuA, GetMessageW, GetClientRect, GetUpdateRgn, DefMDIChildProcW, GetMessagePos, GetMenuItemRect, MessageBoxIndirectW, GetQueueStatus, GetScrollBarInfo, DeleteMenu |
mscms.dll | GetColorDirectoryW |
KERNEL32.dll | GetBinaryTypeA, GetModuleFileNameA, GetModuleHandleW, DebugBreak, GetStringTypeA, GlobalMemoryStatus, WriteProcessMemory, GetCommTimeouts, GetConsoleCP, EnumResourceTypesA, GlobalFlags, GetFileTime, GetThreadLocale, LocalHandle, GetLargestConsoleWindowSize, EraseTape, GetDiskFreeSpaceExA, lstrlenA |
GDI32.dll | GetCharWidthA, GetTextCharacterExtra, GetCharWidth32A, GetCharWidthFloatA, GetTextMetricsW, ExtSelectClipRgn, GetBkColor, GdiComment |
msvcrt.dll | srand, strcoll, fgetwc |
ADVAPI32.dll | RegGetValueA, GetFileSecurityA, EnumServicesStatusExW, InitiateSystemShutdownExW |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/28/22-10:35:34.699978 04/28/22-10:35:34.699978 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49750 | 80 | 192.168.2.3 | 13.107.42.16 |
04/28/22-10:35:54.821196 04/28/22-10:35:54.821196 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
04/28/22-10:35:55.836318 04/28/22-10:35:55.836318 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 28, 2022 10:35:54.744678020 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:54.813708067 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:54.815269947 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:54.821196079 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:54.888710022 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231856108 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231884003 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231899977 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231918097 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231934071 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231950998 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.231964111 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.232043028 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.232093096 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.232137918 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.232155085 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.232172012 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.232248068 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301222086 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301249981 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301264048 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301276922 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301290989 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301302910 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301369905 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301408052 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301423073 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301466942 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301475048 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301506996 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301523924 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301539898 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301564932 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301568031 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301583052 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.301594973 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.301628113 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.347423077 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347454071 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347469091 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347563982 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.347590923 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.347851992 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347893000 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347909927 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.347939968 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.347979069 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.387399912 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.387425900 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.387443066 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.387506008 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.387681961 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.387876987 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.387974977 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.425173998 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425204039 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425334930 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425332069 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.425354958 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425370932 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425385952 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.425443888 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.425509930 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.426296949 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426322937 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426338911 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426409960 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.426445007 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.426598072 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426619053 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426718950 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.426727057 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.426728010 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.427237034 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.499135017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499165058 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499181032 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499197006 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499212980 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499233007 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.499294043 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.499325991 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.501110077 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501137972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501153946 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501291037 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.501307964 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.501434088 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501451015 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501466036 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.501509905 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.508884907 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.508912086 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.508928061 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.509022951 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.514069080 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.515990019 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.559252024 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559284925 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559299946 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559484959 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.559763908 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559786081 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559802055 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.559873104 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.559897900 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.560461044 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.560484886 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.560523033 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.560569048 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.560591936 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.566504955 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.566530943 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.566546917 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.566752911 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.590692997 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.591336966 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.610363007 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610394001 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610426903 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610590935 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.610752106 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610769987 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610785961 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610868931 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.610878944 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610898972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610914946 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.610965014 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.610989094 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.617208958 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.617233992 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.617249012 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.617372990 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.659462929 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662261963 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662283897 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662300110 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662341118 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662357092 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662369967 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662389994 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662420034 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662425041 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662427902 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662756920 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662775993 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662817955 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662827015 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.662838936 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.662893057 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.663800955 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.663820982 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.663908958 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.663923025 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.665642023 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.670356035 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.670382977 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.670399904 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.670523882 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.670542002 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.708194017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708225965 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708242893 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708278894 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.708311081 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.708586931 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708606005 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708638906 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.708646059 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.708703041 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.709038019 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709073067 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709089041 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709129095 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.709153891 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.709320068 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709340096 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709356070 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.709378958 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.709414959 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.722825050 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.722848892 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.722863913 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.722898960 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.722922087 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.723834038 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.723910093 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.755362988 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755389929 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755405903 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755551100 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.755563021 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755594969 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755630970 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.755734921 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.755753994 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.755760908 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.756405115 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756424904 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756464005 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756511927 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.756536007 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.756773949 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756792068 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756822109 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.756838083 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.756885052 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.771051884 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.771081924 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.771099091 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.771203995 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.771239042 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.787358999 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.787477016 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.801305056 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801330090 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801345110 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801362991 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801379919 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801395893 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.801412106 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.801465988 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.802674055 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.802700996 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.802716017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.802732944 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.802748919 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:55.802819967 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.802860975 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.836318016 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:55.899386883 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238548040 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238581896 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238605022 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238630056 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238652945 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238656044 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238677979 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238682032 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238692999 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238694906 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238718033 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238749027 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238816023 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238843918 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238867044 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238867998 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238883972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.238894939 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.238930941 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.300447941 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300493956 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300523043 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300551891 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300550938 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.300580025 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.300581932 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300611973 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300632954 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.300632954 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.300705910 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.300713062 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.317651033 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317681074 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317699909 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317720890 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317725897 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.317744017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317754984 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.317764044 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317781925 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.317790985 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.317815065 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.317909002 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363486052 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363537073 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363571882 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363607883 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363645077 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363646984 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363679886 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363687992 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363694906 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363708019 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363713980 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363755941 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363785982 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363820076 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363858938 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363876104 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363893032 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363913059 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363919020 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.363946915 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.363972902 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431512117 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431562901 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431596994 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431631088 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431662083 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431690931 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431694984 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431710005 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431720018 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431752920 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431777000 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431786060 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431818962 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431826115 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431842089 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431863070 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431895018 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.431925058 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431958914 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.431988955 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.432013988 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.432024002 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.432125092 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498274088 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498302937 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498326063 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498349905 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498373032 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498393059 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498409033 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498433113 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498471975 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498476982 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498481035 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498696089 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498720884 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498743057 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498756886 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498764992 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498788118 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498800993 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498811007 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498830080 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.498837948 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498862028 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.498897076 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572567940 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572612047 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572642088 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572673082 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572702885 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572726965 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572731972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572755098 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572762012 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572783947 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572787046 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572788954 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572822094 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572841883 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572880983 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572881937 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572885990 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572904110 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572932959 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572936058 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572968960 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.572961092 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.572985888 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.573054075 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.573055029 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.573079109 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.573146105 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.573154926 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.703841925 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704015017 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704143047 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704207897 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704265118 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704289913 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704466105 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704562902 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704623938 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704663992 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704667091 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704720974 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704766989 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704777956 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704833984 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704870939 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704890013 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.704936981 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.704951048 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705004930 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705045938 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705046892 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705102921 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705149889 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705159903 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705218077 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705224991 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705256939 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705312014 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705327034 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705373049 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705430031 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705431938 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705507994 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705516100 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705579042 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.705583096 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.705687046 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.788817883 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788846016 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788866997 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788897038 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788916111 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.788918972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788939953 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788943052 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.788960934 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.788980961 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.788981915 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.789001942 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.789004087 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.789022923 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.789036989 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.789043903 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.789060116 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.789071083 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.789105892 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.820194006 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.820214987 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.820241928 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.820255041 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.820262909 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.820297003 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.820300102 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835042000 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835084915 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835118055 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835127115 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835138083 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835150003 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835160017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835170031 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835180998 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835192919 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835196972 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.835218906 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.835263014 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.837100983 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.837132931 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.837158918 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.837162018 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.837177992 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.837188005 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.837203979 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.837224007 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.890398026 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.890429020 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.890454054 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.890470028 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.890471935 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.890512943 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.890527964 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.908956051 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.908988953 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.909009933 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.909028053 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.909037113 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.909084082 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.909090996 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.911814928 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.911845922 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.911864996 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.911880016 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.911911964 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.911947012 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.911952019 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.950264931 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.950340033 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.950371027 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.950390100 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.950453997 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.950504065 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.950511932 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.950517893 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.957315922 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.957365036 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.957418919 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.957442999 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.957443953 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.957485914 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.957515955 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.957585096 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.971291065 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.971338034 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.971378088 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.971386909 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.971407890 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.971417904 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.971460104 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.971525908 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.972610950 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.972692966 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.972693920 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.972733974 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.972763062 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:56.972769022 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.972788095 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:56.972811937 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.009298086 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.009330988 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.009355068 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.009372950 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.009377003 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.009407997 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.009412050 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.009427071 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.026513100 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026546001 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026572943 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026590109 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026612997 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026637077 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026649952 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.026679993 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.026719093 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.026799917 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026817083 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.026932955 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.026967049 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.028388023 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.028418064 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.028440952 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.028472900 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.028484106 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.028501987 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.028533936 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.074335098 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.074366093 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.074390888 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.074405909 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.074409008 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.074445009 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.074449062 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.074451923 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.086582899 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.086617947 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.086644888 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.086659908 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.086688042 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.086736917 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.090893984 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.090950012 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.090967894 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.091000080 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.091002941 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.091016054 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.091048956 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.091065884 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.137269020 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.137303114 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.137326002 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.137342930 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.137367964 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.137402058 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.137406111 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.141597986 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.141625881 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.141649961 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.141666889 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.141689062 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.141707897 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.141735077 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.156900883 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.156928062 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.156946898 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.156963110 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.157017946 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.157088041 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.161371946 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.161396027 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.161413908 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.161459923 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.161459923 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.161505938 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.161523104 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.203655958 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.203707933 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.203793049 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.203819990 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.203864098 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.203866005 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.203874111 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.203978062 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.209512949 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.209569931 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.209675074 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.209673882 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.209733009 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.209742069 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.209748030 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.209822893 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.224351883 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.224402905 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.224431038 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.224451065 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.224502087 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.224555969 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.224562883 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.230319023 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.230356932 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.230381012 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.230406046 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.230427027 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.230499029 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.230535984 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.230542898 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.336009026 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.417376995 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.792884111 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.792939901 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:35:57.793004990 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:35:57.793056965 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
Apr 28, 2022 10:37:02.793833017 CEST | 80 | 49755 | 94.140.115.8 | 192.168.2.3 |
Apr 28, 2022 10:37:02.794017076 CEST | 49755 | 80 | 192.168.2.3 | 94.140.115.8 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49755 | 94.140.115.8 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 28, 2022 10:35:54.821196079 CEST | 1233 | OUT | |
Apr 28, 2022 10:35:55.231856108 CEST | 1234 | IN |